/    Sign up×
Community /Pin to ProfileBookmark

php decode hacked my site

Copy linkTweet thisAlerts:
Oct 20.2009

i found a problem on my site and when i compare the files on the server with my local files i found that every page (*.js or *.php) has this line on it
[B]<?php /**/eval(base64_decode(‘aWYoZnVuY3Rpb25fZXhpc3RzKC
or a javascript line
[/B]

[SIZE=”5″][COLOR=”red”]so i knew that my site has been hacked..[/COLOR][/SIZE]
so
1 – [COLOR=”Red”]i want to know how to prevent anyone to hack my site?[/COLOR]
i made on every textfield or textarea on posting or getting it the htmlspecialcharacter($_POST[‘name’])

[B]is this true? and can it help me?[/B]

2- [COLOR=”Red”]how did anyone hack my site??[/COLOR]

3- [COLOR=”Red”]how i can know what does this code mean???[/COLOR]

thanks in advance and have a nice day

to post a comment
PHP

2 Comments(s)

Copy linkTweet thisAlerts:
@donatelloOct 20.2009 — What is the code in its entirety... post it in a code box. We can decode it.

You can try yourself here:

http://www.motobit.com/util/base64-decoder-encoder.asp

If your site is wordpress and you downloaded a theme from a rogue site like worpressthemesbase.com (the first entry on the first Google SERP - still, even after I complained and turned these fiends in to Google...)

IF it is Wordpress, these rogue themes install a hyperlink in your footer and it's designed to be invisible if you are logged in.

It also makes changes to your wp-includes/general-template.php file.

If this is what happened to you, it's an easy fix.

1.) Upgrade to Wordpress 2.8.4

2.) Delete all rogue themes and don't try to fix them.

3.) Replace the file: wp-includes/general-template.php

That's it if this was your problem.

Post more information and/or your solution if you found one or if this was the solution.

?
Copy linkTweet thisAlerts:
@NogDogOct 20.2009 — What is the code in its entirety... post it in a code box. We can decode it....
[/QUOTE]

While it might be interesting to do so, knowing what the inserted code is does not really help you prevent it from being inserted into your site again, other than, I suppose, using any info in it as something to search on to find out if there's a specific security hole.

As far as preventing:

Only use 3rd-party code that you trust, and make sure you use the latest versions.

Use strong passwords on your web host: login, FTP, and database. If you share them with anyone for some reason, change them as soon as that someone no longer needs them. Since you've been hacked, be sure to change all of them now.

Ensure all directories/files that do not have to have write permission for anyone other than the owner only allow writing by the owner. This is mainly important for shared hosts.

If this is an "important" site to you and you are on a shared host, consider moving to a dedicated host or at least a virtual dedicated host.

Get yourself a copy of [i]Essential PHP Security[/i] by Shiflett and read it a couple times (it's short).
×

Success!

Help @john_zakaria spread the word by sharing this article on Twitter...

Tweet This
Sign in
Forgot password?
Sign in with TwitchSign in with GithubCreate Account
about: ({
version: 0.1.9 BETA 4.29,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});
changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...
recent_tips: (
tipper: @Yussuf4331,
tipped: article
amount: 1000 SATS,

tipper: @darkwebsites540,
tipped: article
amount: 10 SATS,

tipper: @Samric24,
tipped: article
amount: 1000 SATS,
)...