One of my sites allows users to upload images and I had this file uploaded. I don't think it was able to run since it was saved a jpg. How can I tell if the hack was sucessful?
Filename - It's just a php file with a jpg extension
Here is the file in a zip. You might need to turn off your antivirus. Mine keeps catching it. If you don't want to download it, I understand. The main concern for me is figuring out if I was compromised.
The file is really interesting though.
Best Answer Medfordite , 09 December 2013 - 23:55
Certainly looks like an injection script.
You really should make sure that your directory permissions are proper as well as the publicly accessible files. What should be written to and what is read only type of thing.
I have seen this type of hack attempt all to often with various CMS systems having incorrect permissions and vulnerabilities. I'm guessing your site isn't a CMS based one though, so this goes back to permissions and if you coded it yourself, you might want to look at any potential security holes they can exploit in your code that you may have overlooked. Also, if you haven't done so already - make sure your PHP is up to date and Apache is as well.
You can always view the access and/error logs to see if this file is accessed a lot, (Botnet or Spammer type of thing), or analyze them for when the POST request was put on your site for the affected file.
The hacker(s) that messed with your site embedded base 64 code in the script to make it non-readable by humans, but you can pretty much decode it online if you want.
Go to the full post
Edited by Barney T., 10 December 2013 - 00:52. Reason: We do not want our members downloading infected files.