NYCPHP Meetup

NYPHP.org

[nycphp-talk] I've been hit with an eval(base64_decode("....")) injection attack

Peter Lehrer plehrer at gmail.com
Mon Apr 2 11:47:35 EDT 2012 

OK Thanks.

Peter

Sent from my iPod

On Apr 2, 2012, at 11:35 AM, "Sasa Rakic - Gmail" <rakics at gmail.com> wrote:

> Hi Peter,
>  
> >Newbie question: Does find-virus.php go in a separate file and is called from your main PHP file? How would you do that?
>  
> Normally it should go to root of ftp site. Than when called from browser:
>  
> http:://www.mysite.com/find-virus.php it will scan all files recursively over all ftp site files.
>  
> Script will not check all files but only:
>  
> Main.html
> Main.php
> Index.html
> Index.php
> Login.html
> Login.php
> Default.html
> Default.php
> Home.html
> Home.php
>  
> It will show to browser all files, I am trying to find file where it cleans also infected files. Clean should
> Be very simple, infected file should be loaded into memory, used string replace “base64…” with string “”
> And save file.
>  
> Best regards,
> Sasa
>  
> From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Peter Lehrer
> Sent: Monday, April 02, 2012 5:00 PM
> To: NYPHP Talk
> Subject: Re: [nycphp-talk] I've been hit with an eval(base64_decode("....")) injection attack
>  
> Newbie question: Does find-virus.php go in a separate file and is called from your main PHP file? How would you do that?
>  
> Peter
> 
> Sent from my iPod
> 
> On Apr 2, 2012, at 9:51 AM, "Sasa Rakic - Gmail" <rakics at gmail.com> wrote:
> 
> Hi,
>  
> I am sending find-virus script, that should be run over the browser.
>  
> It find hidden iframes, possisble some JavaScript virus
>  
> "<script type=\"text/javascript\">var"
>  
> and it can be easy added code to find base64 JavaScript code.
>  
> Best regards,
> Sasa
>  
> From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of David Mintz
> Sent: Tuesday, March 27, 2012 9:55 PM
> To: NYPHP Talk
> Subject: Re: [nycphp-talk] I've been hit with an eval(base64_decode("....")) injection attack
>  
>  
> 
> On Tue, Mar 27, 2012 at 12:30 PM, Matthew Kaufman <mkfmncom at gmail.com> wrote:
> Yeah SoftLayer is a good host.  What was the other dedicated host also, that was owned by ex-RackSpace, for dedicated?
>  
> 
>  
> you're probably thinking of Slicehost.
>  
> --
> David Mintz
> http://davidmintz.org/
> It ain't over:
> http://www.healthcare-now.org/ 
>  
> 
> <find-virus.php>
> _______________________________________________
> New York PHP User Group Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
> 
> http://www.nyphp.org/show-participation
> <find-virus.php>
> _______________________________________________
> New York PHP User Group Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
> 
> http://www.nyphp.org/show-participation
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20120402/c072a219/attachment.html>

More information about the talk mailing list