picture home | pixelblog | qt_tools

omino code blog

We need code. Lots of code.
David Van Brink // Sun 2012.03.11 09:55 // {Uncategorized}

Site hacked.
A compromised user on tobias.dreamhose.com (which hosts omino) looks for world-writable directories and adds in a PHP shell tool. Then access that tool from the web, runs as me, and puts eval(base64_decode(‘hack’)) on every php file.

Removed with:

find . -name '*.php' | xargs sed -i -e 's/eval(base64_decode("[^"]*"));/\/\*hack gone\*\//'
oh, i dont know. what do you think?

(c) 2003-2011 omino.com / contact poly@omino.com