On Wed, Apr 16, 2008 at 12:13 PM, Al <news@xxxxxxxxxxxxx> wrote:
> I'm still fighting my hack problem on one of my servers. Can anyone help me
> figure out what's the purpose of this code. The hack places this file in
> numerous dirs on the site, I assume using a php script because the owner is
> "nobody".
>
> I can sort of figure what is doing; but, I can't figure out what the hacker
> is using it for.
>
> Incidentally, I've changed all passwords and restricted ftp to two people.
> I see no sign that any code is written with by site owner, i.e, ftp. And,
> I've looked carefully for suspect php files.
[snip=code]
Al,
It looks to me as though there may be a script that's allowing
writing, judging by the all-as-one-string nature of the first script
example. Check your Apache logs to see if that string appears, and if
so, to what script it's attacking. Then review the script.
If you need a hand, feel free to contact me privately and we can
discuss it further.
--
</Daniel P. Brown>
Ask me about:
Dedicated servers starting @ $59.99/mo., VPS starting @ $19.99/mo.,
and shared hosting starting @ $2.50/mo.
Unmanaged, managed, and fully-managed!
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
