Al wrote:
I'm still fighting my hack problem on one of my servers. Can anyone
help me figure out what's the purpose of this code. The hack places
this file in numerous dirs on the site, I assume using a php script
because the owner is "nobody".
I can sort of figure what is doing; but, I can't figure out what the
hacker is using it for.
Incidentally, I've changed all passwords and restricted ftp to two
people. I see no sign that any code is written with by site owner,
i.e, ftp. And, I've looked carefully for suspect php files.
Hi,
If I look up the md5 digest 'aace99428c50dbe965acc93f3f275cd3', more
people on the internet have (had) problems with this kind of hack.
A quick md5 lookup comes with this:
Ox93Mdpqme8s
But that doesn't give any Google results, so nobody knows what it is for
(or related to).
Do you have any third party software installed? Like a BB or a CMS or
whatever?
When these hackers know your site/server is vulnerable they will keep on
exploiting it. Even if it just means SMTP relaying for phishing or a
HTTP directory for putting malware in.
Keep track of your HTTP-logs and see if these URL's are being requested!
Kind regards,
Aschwin Wesselius
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
