Top

Tag Archives | decode

sql_dump.php – Bot network

Today we looked server’s logs and we found very active Bot network that trying use old malware and upload more PHP code files to servers. Malware files If we look access logs, we found many files which tried access, but they not are normal WordPress, Joomla etc. files. /Abbrevsprl.php /administrator/administrator.php /administrator/dbconfig.php /administrator/includes/readmy.php /administrator/webconfig.txt.php /al277.php /authenticating.php […]

Continue Reading

php fwrite base64 decode

An attacker trying hide malware, before it’s uploaded, fwrite to server and executed. This attacks type uses Cross-Site Request Forgery & Remote Content Execution vulnerability together (CSRF & RCE vulnerability) It’s also base64 encoded content, so it’s more difficult find with scanners. Example – fwrite & base64_encoded malware base64_decode malware When malware uploaded to server […]

Continue Reading