NYCPHP Meetup

NYPHP.org

[nycphp-talk] I've been hit with an eval(base64_decode("....")) injection attack

Sasa Rakic - Gmail rakics at gmail.com
Mon Apr 2 11:35:40 EDT 2012


Hi Peter,

 

>Newbie question: Does find-virus.php go in a separate file and is called from your main PHP file? How would you do that?

 

Normally it should go to root of ftp site. Than when called from browser:

 

http:://www.mysite.com/find-virus.php it will scan all files recursively over all ftp site files.

 

Script will not check all files but only:

 

Main.html

Main.php

Index.html

Index.php

Login.html

Login.php

Default.html

Default.php

Home.html

Home.php

 

It will show to browser all files, I am trying to find file where it cleans also infected files. Clean should

Be very simple, infected file should be loaded into memory, used string replace “base64…” with string “”

And save file.

 

Best regards,

Sasa

 

From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Peter Lehrer
Sent: Monday, April 02, 2012 5:00 PM
To: NYPHP Talk
Subject: Re: [nycphp-talk] I've been hit with an eval(base64_decode("....")) injection attack

 

Newbie question: Does find-virus.php go in a separate file and is called from your main PHP file? How would you do that?

 

Peter

Sent from my iPod


On Apr 2, 2012, at 9:51 AM, "Sasa Rakic - Gmail" <rakics at gmail.com> wrote:

Hi,

 

I am sending find-virus script, that should be run over the browser.

 

It find hidden iframes, possisble some JavaScript virus

 

"<script type=\"text/javascript\">var"

 

and it can be easy added code to find base64 JavaScript code.

 

Best regards,

Sasa

 

From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of David Mintz
Sent: Tuesday, March 27, 2012 9:55 PM
To: NYPHP Talk
Subject: Re: [nycphp-talk] I've been hit with an eval(base64_decode("....")) injection attack

 

 

On Tue, Mar 27, 2012 at 12:30 PM, Matthew Kaufman <mkfmncom at gmail.com> wrote:

Yeah SoftLayer is a good host.  What was the other dedicated host also, that was owned by ex-RackSpace, for dedicated?

 

 

you're probably thinking of Slicehost.

 

-- 

David Mintz

http://davidmintz.org/

It ain't over:

http://www.healthcare-now.org/ 

 

<find-virus.php>

_______________________________________________
New York PHP User Group Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk

http://www.nyphp.org/show-participation

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20120402/4886d64f/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: find-virus.php
Type: application/octet-stream
Size: 1662 bytes
Desc: not available
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20120402/4886d64f/attachment.obj>


More information about the talk mailing list