mah_one Posted January 20, 2012 Report Posted January 20, 2012 Buna,Am o problema cu siteul .....in seara asta am descoperit niste fisiere incarcate cu asta:"<?php @error_reporting(0); if (!isset($eva1fYlbakBcVSir)) {$eva1fYlbakBcVSir = "7kyJ7kSKioDTWVWeRB3TiciL1UjcmR ......................."Ce virus mai e asta si ce face?Puteti sa imi dati mai multe detalii despre ce este vorba?Toate cele bune,Mah_on3 Quote
aelius Posted January 20, 2012 Report Posted January 20, 2012 (edited) De la clientul tau de ftp cel mai probabil. Ai luat oarece pe pc si parola de ftp a fost compromisa. Scaneaza cu malwarebytes.Ai aici ceva in legatura cu asta.. Este cam acelasi lucru. Edited January 20, 2012 by aelius Quote
shaggi Posted January 20, 2012 Report Posted January 20, 2012 Ar fi bine daca ne-ai da tot scriptul ca sa si intelegem:) Quote
mah_one Posted January 20, 2012 Author Report Posted January 20, 2012 (edited) Asta e tot codul: // cod sters si mutat pe pastebin. Edited January 20, 2012 by aelius adding code to pastebin Quote
shaggi Posted January 20, 2012 Report Posted January 20, 2012 E un shell. Filezilla salveaza parolele in plain si daca iei un rat sau ceva te-ai dus:) Quote
mah_one Posted January 20, 2012 Author Report Posted January 20, 2012 shell?....banuiam, probabil am un LFI.. nu neaparat parola de la FTP furata Quote
shaggi Posted January 20, 2012 Report Posted January 20, 2012 Poate ai si un lfi:), uita-te in loguri Quote
mah_one Posted January 20, 2012 Author Report Posted January 20, 2012 am in folderul de la upload photos Quote
