maybe hacking

Discussions about server security -- questions and answeres

Moderators: macek, egami, gesf

Post Reply
kc0pph
New php-forum User
New php-forum User
Posts: 86
Joined: Sat Nov 26, 2011 8:39 am
Location: Pueblo, CO
Contact:

Re: maybe hacking

Post by kc0pph » Fri Dec 02, 2011 9:48 pm

this looks like a hard coded password.

md5 is a hash technology that encrypts things. So its saying if the md5 of the password entered in = the stored value then do the code below. Im not 100% sure about what the "code below does" but it does not send any data to anyone else

TheProdigyGuy
New php-forum User
New php-forum User
Posts: 215
Joined: Wed Dec 07, 2011 5:25 pm

Re: maybe hacking

Post by TheProdigyGuy » Mon Dec 12, 2011 6:37 pm

Yes it is a probably backdoor.
eval()+base64().
And that 'scriptkiddie' evaluates his string as PHP code on your site.
So,he can wget new 'fresh' ) exploits to server+bypass servers security+can DDOS another sites +SPAM using your site.
Investigate from where and when that backdoor uploaded to your site?
Check your access and error logs.
Just do from SSH.
zgrep 'thatfilename' *.*|less
grep -r 'thatfilename' *.*|less
Then trace that IP.
I recommend to you remove all files from your site and update your software .Because it may contain backdoor.Shells like r57,c99,wso etc etc.
Also do not forget change yours mysql user name+mysql password+change your all passwords (ftp,cpanel,mysql)
your mails passwords+secret questions etc etc.
And finally make sure your hosting is correctly administering.
In some cases may be your script is not vulnerable but your hosting may be vulnerable to 'bypassing' attacks.
So, be carefull.

Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest