Site hacked (config.php), how come?

blast2007 · Post by **blast2007** » Wed Mar 19, 2008 11:35 pm

LeisureLarry wrote: @blast2007:
Did the decode class work for you on the image one? I would like to know what this file does, in order to use this informations for my german cmsms security guide.
- LeisureLarry

Hi Larry,
yep, that class works decoding the malicious script "image".

Here following how to proceed.

- Save the class file as "decode.php"

- Remove first rows in image.txt and leave only the row starting with "eval...."

- Go to bottom of decode.php and replace "test.php" with image.txt

- Call in your bash shell:

Code: Select all

php decode.php > malicious_script_decoded.txt

and you can see all the 2500 rows of script in malicious_script_decoded.txt

Regards
blast

P.S. if you need file already decoded I can send you by pm or mail

HeinzVoerbakje · Post by **HeinzVoerbakje** » Thu Mar 20, 2008 8:44 am

The stupid thing is I need the upload folder to be executable as the stylesheet I use is located there (/uploads/images/templates). So I just made the upload folder read-execute, so no-one can drop any-stuff there. The down-side of that is that I need to change permission everytime I upload a picture.....

LeisureLarry · Post by **LeisureLarry** » Thu Mar 20, 2008 9:48 am

It´s added to the wiki. This change doesn´t prevent anybody from uploading malicous files to your uploads directory, but it prevents them from executing php-files in this folder.

Greats from Germany
LeisureLarry

Pierre M. · Post by **Pierre M.** » Fri Mar 21, 2008 5:43 pm

LeisureLarry wrote: It´s added to the wiki.

Thank you LeisureLarry

Pierre

CMS Made Simple Forums

Site hacked (config.php), how come?

Re: Site hacked (config.php), how come?

Re: Site hacked (config.php), how come?

Re: Site hacked (config.php), how come?

Re: Site hacked (config.php), how come?