eval(base64_decode Help

spartanpixel

Hey guys, I'm new here and found this site through google while searching for php decrypting, this site is great and full of knowledgeable people 🙂

My issue is that 2 days ago I found out that my antivirus was detecting a trojan virus in my homepage and I freaked out big time, opened the page up and in fact noticed that somehow there was a script on the top of the page. Either I got hacked or my host added it there but I sure as hell didnt.

Here is the code:

<?php /**/ eval(base64_decode("aWYoZnVuY3Rpb25fZXhpc3RzKCdvYl9");
// MOD EDIT: (possibly) malicious code removed
?>

And that's as far as I can get 🙁 can anyone help me, this code spread to all of my php files on my site.

halojoy

Probably not your host. They do want customers to stay!
More probably your site is not secure,
so some hacker has planted a trojan/virus.

My virus program ( Avast! ) gives this Warning
from me looking in my browser at your base64_decode:

filename: bibzopl.com/in.php
virus name: HTML:Iframe-inf
virus type: Virus/Worm

There are few hits on bibzopl.com/in.php
Here a topic in phpbb.com forum:
http://www.phpbb.com/community/viewtopic.php?f=46&t=1979715&start=0

What can you do?
1. remove those base64 codes in your pages
2. make your website more secure against hackers
3. scan your PC to remove any virus

spartanpixel

Thanks halojoy, how can I make my site more secure from hackers?
Already removed the base64 scripts from the pages, thanks again 🙂

halojoy

How to make secure site?

There are many small things.
File permissions and Folder permissions are important.
By this you can set files/folders impossible to WRITE to.

Use good safety within your php code.
Any <form> submitted data should be specially checked
so they do not have anything bad in their values.

.htaccess
Such a file can put restrictions and Limit access for Unauthorized visitors.

spartanpixel

oh boy .htaccess now you just opened another question lol
What can i put on my htacecss?

halojoy

There are plenty of information and examples
what we can do with Apache .htaccess file.
It is too much to tell!

First you need to know if your webhost supports the use of .htaccess
Most hostings do. But not all of them.

Try this and see if you find any good tutorial:
http://www.google.se/#hl=en&q=.htaccess+tutorial

spartanpixel

Thank you very much halojoy Im glad you helped me, I already notify my host (godaddy) but they just told me to change my password lol silly I know

halojoy

The first thing I should do
is using my FTPprogram/ControlPanel filemanager
and checkout filepermissions.
I hope you know how to do this.
Having 777 on a file is to allow WRITE for anybody.

About your GoDaddy account.
Changing your account password to some really safe password is not such a bad idea.
It is very probable that somebody could crack your password
and has been into your ControlPanel and used your Filemanager to do the hacking.

Here is a 16 chars password.
It is so safe that it is totally impossible to remember.
Typical for a safe password is:
1. Not too short. At least 8-10 characters.
2. Using a mix of allsort of chars, alfabet+numbers+other chars

From my own random password generator:

$password = "R53,\c%+|!k(s7tF"; // 16 chars - totally impossible to remember!

laserlight

halojoy wrote:
It is so safe that it is totally impossible to remember.

Some would consider this unsafe since you would have to write down the password if you really are unable to memorise it 🙂

That said, if you are able to keep that record of the password safe, whether electronic or on paper, then it should still be safe.

Weedpacket

My own password-generation scheme is one that I can run safely inside my own head, without having to commit any of it to anywhere that someone else can see it. It still has a few bugs, however: for some sites it has a hard time generating passwords that are simple enough to be acceptable.

Regarding site security and what issues are involved, check out the OWASP Top Ten:
http://www.owasp.org/index.php/Category😮WASP_Top_Ten_Project

spartanpixel

Thank you very much guys, on to change my password then lol