Can someone tell me what this HACK file do? I need to find other files corrupt like this on my server what should i look for and what does code do? Can i search for something on my hard drive if i download all files? Sorry for the zip but the file is over 48 k and could not upload it to DP. http://www.ziddu.com/download/3436926/code.zip.html
The file is basically shell files as I call for ease. Yes, PHP-Shell file which you can run command, create new files, create new directory ..etc Malicious attackers use it for uploading to hacked servers and perform other evil actions. There are thousands of shells like this.
you can do it easily for each shell, the most famous php shell is C99 right now you can find all C99 web-shells on your server with running this command ( you can find them with this even they are encrypted to be undetected by anti viruses ) find / -name "*.php" -exec grep -i "(c99shell)|(rst\.void\.ru)|(service.pwd files)|(lGODlhBwAHAIAAAAAA)" {} \; -print Code (markup): as you see, this is gonna use ' find ' and and then using ' Grep ' to fine a String in *.php files => (' c99shell)|(rst\.void\.ru)|(service.pwd files) ') AND (' lGODlhBwAHAIAAAAAA '), the last string has been used in encrypted versions of c99.php then you can delete them if you want to delete another kind of web-shells, you need write a command like this for your own ... i suggest after deleting c99, then find r57 web-shells, they are famous too i can help if you want
I can not do that i use servage. But i can search on my computer i download all of the files from my server. How do i search on my computer?
Are you kidding, Yellowberry ? How can I answer you for your question ? >> How do i search on my computer?
oki i can not search like this on my server. So i download the files to my computer. How can i do THAT search you told me in the post befor on local aka my computer.
Ok, I assume you use *nix box. Here are two lines of commands for deleting such yayang PHP Shell files: Disclaimer: I am not responsible for your actions in accidentally deleting useful files. Be sure to back up. Be sure to check all your files (as zipped) with virustotal.com. http://www.virustotal.com/metodos.html
ok is there any program i can use to search all my files on my computer. Zipping 10 000 files will not do it.