Results 1 to 3 of 3

Thread: php decode hacked my site

  1. #1
    Join Date
    Sep 2008

    php decode hacked my site

    i found a problem on my site and when i compare the files on the server with my local files i found that every page (*.js or *.php) has this line on it
    <?php /**/eval(base64_decode('aWYoZnVuY3Rpb25fZXhpc3RzKC
    or a javascript line

    so i knew that my site has been hacked..
    1 - i want to know how to prevent anyone to hack my site?
    i made on every textfield or textarea on posting or getting it the htmlspecialcharacter($_POST['name'])

    is this true? and can it help me?

    2- how did anyone hack my site??

    3- how i can know what does this code mean???

    thanks in advance and have a nice day

  2. #2
    Join Date
    Jun 2008
    What is the code in its entirety... post it in a code box. We can decode it.

    You can try yourself here:

    If your site is wordpress and you downloaded a theme from a rogue site like worpressthemesbase.com (the first entry on the first Google SERP - still, even after I complained and turned these fiends in to Google...)

    IF it is Wordpress, these rogue themes install a hyperlink in your footer and it's designed to be invisible if you are logged in.
    It also makes changes to your wp-includes/general-template.php file.

    If this is what happened to you, it's an easy fix.
    1.) Upgrade to Wordpress 2.8.4
    2.) Delete all rogue themes and don't try to fix them.
    3.) Replace the file: wp-includes/general-template.php

    That's it if this was your problem.

    Post more information and/or your solution if you found one or if this was the solution.

  3. #3
    Join Date
    Aug 2004
    Quote Originally Posted by donatello View Post
    What is the code in its entirety... post it in a code box. We can decode it....
    While it might be interesting to do so, knowing what the inserted code is does not really help you prevent it from being inserted into your site again, other than, I suppose, using any info in it as something to search on to find out if there's a specific security hole.

    As far as preventing:

    Only use 3rd-party code that you trust, and make sure you use the latest versions.

    Use strong passwords on your web host: login, FTP, and database. If you share them with anyone for some reason, change them as soon as that someone no longer needs them. Since you've been hacked, be sure to change all of them now.

    Ensure all directories/files that do not have to have write permission for anyone other than the owner only allow writing by the owner. This is mainly important for shared hosts.

    If this is an "important" site to you and you are on a shared host, consider moving to a dedicated host or at least a virtual dedicated host.

    Get yourself a copy of Essential PHP Security by Shiflett and read it a couple times (it's short).
    "Well done....Consciousness to sarcasm in five seconds!" ~ Terry Pratchett, Night Watch

    How to Ask Questions the Smart Way (not affiliated with this site, but well worth reading)

    My Blog
    cwrBlog: simple, no-database PHP blogging framework

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
HTML5 Development Center



X vBulletin 4.2.2 Debug Information

  • Page Generation 0.12709 seconds
  • Memory Usage 2,858KB
  • Queries Executed 15 (?)
More Information
Template Usage (33):
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_global_above_footer
  • (1)ad_global_below_navbar
  • (1)ad_global_header1
  • (1)ad_global_header2
  • (1)ad_navbar_below
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)ad_thread_first_post_content
  • (1)ad_thread_last_post_content
  • (1)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)headinclude_bottom
  • (3)memberaction_dropdown
  • (1)navbar
  • (4)navbar_link
  • (1)navbar_moderation
  • (1)navbar_noticebit
  • (1)navbar_tabs
  • (2)option
  • (3)postbit
  • (3)postbit_onlinestatus
  • (3)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available (6):
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files (26):
  • ./showthread.php
  • ./global.php
  • ./includes/class_bootstrap.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/functions_navigation.php
  • ./includes/class_friendly_url.php
  • ./includes/class_hook.php
  • ./includes/class_bootstrap_framework.php
  • ./vb/vb.php
  • ./vb/phrase.php
  • ./includes/functions_facebook.php
  • ./includes/functions_calendar.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_notice.php
  • ./packages/vbattach/attach.php
  • ./vb/types.php
  • ./vb/cache.php
  • ./vb/cache/db.php
  • ./vb/cache/observer/db.php
  • ./vb/cache/observer.php 

Hooks Called (70):
  • init_startup
  • friendlyurl_resolve_class
  • init_startup_session_setup_start
  • database_pre_fetch_array
  • database_post_fetch_array
  • init_startup_session_setup_complete
  • global_bootstrap_init_start
  • global_bootstrap_init_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • load_show_variables
  • load_forum_show_variables
  • global_state_check
  • global_bootstrap_complete
  • global_start
  • style_fetch
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • strip_bbcode
  • friendlyurl_clean_fragment
  • friendlyurl_geturl
  • forumjump
  • cache_templates
  • cache_templates_process
  • template_register_var
  • template_render_output
  • fetch_template_start
  • fetch_template_complete
  • parse_templates
  • fetch_musername
  • notices_check_start
  • notices_noticebit
  • process_templates_complete
  • friendlyurl_redirect_canonical
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • memberaction_dropdown
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • build_navigation_data
  • build_navigation_array
  • check_navigation_permission
  • process_navigation_links_start
  • process_navigation_links_complete
  • set_navigation_menu_element
  • build_navigation_menudata
  • build_navigation_listdata
  • build_navigation_list
  • set_navigation_tab_main
  • set_navigation_tab_fallback
  • navigation_tab_complete
  • fb_like_button
  • showthread_complete
  • page_templates