mah_one Posted January 20, 2012 Report Share Posted January 20, 2012 Buna,Am o problema cu siteul .....in seara asta am descoperit niste fisiere incarcate cu asta:"<?php @error_reporting(0); if (!isset($eva1fYlbakBcVSir)) {$eva1fYlbakBcVSir = "7kyJ7kSKioDTWVWeRB3TiciL1UjcmR ......................."Ce virus mai e asta si ce face?Puteti sa imi dati mai multe detalii despre ce este vorba?Toate cele bune,Mah_on3 Quote Link to comment Share on other sites More sharing options...
aelius Posted January 20, 2012 Report Share Posted January 20, 2012 (edited) De la clientul tau de ftp cel mai probabil. Ai luat oarece pe pc si parola de ftp a fost compromisa. Scaneaza cu malwarebytes.Ai aici ceva in legatura cu asta.. Este cam acelasi lucru. Edited January 20, 2012 by aelius Quote Link to comment Share on other sites More sharing options...
shaggi Posted January 20, 2012 Report Share Posted January 20, 2012 Ar fi bine daca ne-ai da tot scriptul ca sa si intelegem:) Quote Link to comment Share on other sites More sharing options...
mah_one Posted January 20, 2012 Author Report Share Posted January 20, 2012 (edited) Asta e tot codul: // cod sters si mutat pe pastebin. Edited January 20, 2012 by aelius adding code to pastebin Quote Link to comment Share on other sites More sharing options...
shaggi Posted January 20, 2012 Report Share Posted January 20, 2012 E un shell. Filezilla salveaza parolele in plain si daca iei un rat sau ceva te-ai dus:) Quote Link to comment Share on other sites More sharing options...
mah_one Posted January 20, 2012 Author Report Share Posted January 20, 2012 shell?....banuiam, probabil am un LFI.. nu neaparat parola de la FTP furata Quote Link to comment Share on other sites More sharing options...
shaggi Posted January 20, 2012 Report Share Posted January 20, 2012 Poate ai si un lfi:), uita-te in loguri Quote Link to comment Share on other sites More sharing options...
mah_one Posted January 20, 2012 Author Report Share Posted January 20, 2012 am in folderul de la upload photos Quote Link to comment Share on other sites More sharing options...