Re: base64_decode

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


Hello John.

This code generates the following html:


?> </div>
<div id="footer"><a href="http://web-hosting-click.com/"; title="Web hosting">Web hosting</a> 
<!-- 27 queries. 0.561 seconds. -->
</div>
<?php wp_footer(); ?>
</body>
</html> <?

Appears that is nothing dangerous, only "unauthorized advertising".




Em 02-10-2012 14:27, John Taylor-Johnston escreveu:
Without anyone infecting their machines, can someone tell me what this is? I found a phishing site on my DreamHost server. DreamHost has been very helpful. 
We found a file containing this code.
What is it? What does it contain?
<?php eval(base64_decode('Pz4gPC9kaXY+DQo8ZGl2IGlkPSJmb290ZXIiPjxhIGhyZWY9Imh0dHA6Ly93ZWItaG9zdGluZy1jbGljay5jb20vIiB0aXRsZT0iV2ViIGhvc3RpbmciPldlYiBob3N0aW5nPC9hPg0KPCEtLSAyNyBxdWVyaWVzLiAwLjU2MSBzZWNvbmRzLiAtLT4NCjwvZGl2Pg0KPD9waHAgd3BfZm9vdGVyKCk7ID8+DQo8L2JvZHk+DQo8L2h0bWw+IDw/'));?>
[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux