DDoS PHP-Script

Just recently the BSI warned about an ongoing attack to US Banks.
The php-script involved showed a “404” Error when called without any

A closer looks shows a “404 Not Foun derror” WITH the typo in it.
Now we have a neat string to search for in google or wherever..
and bingo: some other victom already posted the source code
of the infected webserver:


Here we can see that a POST action “stop” makes the DDoS go away..

function stoped()
cmdexec("killall ping;");
print "Stop & Clean";

And here is where the typo sits:

if(md5(md5(md5($_REQUEST['pass'])))!=$pass_up and $_SESSION['LoGiN']!=true)
print "404 Not Found

Not Found

The requested URL ".$_SERVER['PHP_SELF']." was not found on this server

Additionally, a 404 Not Foun derror was encountered while trying to use an Error Document to handle the request




Tags: ,

One Response to “DDoS PHP-Script”

  1. SimpleMn says:


    DDoS PHP-Script « spamversand

Leave a Reply

You must be logged in to post a comment.