I didn’t know where to post this. I’m surprised with what happen at my host server! Yesterday I couldn’t open my wordpress site:
500 Internal Server Error
As I was investigating the logs I noticed something very strange at a line saying some type of error at the .htaccess. Then when I go and open the .htaccess file there is a 3000 line php script. These are the top lines:
//FaTaLisTiCz_Fx c99Shell v1 03.2008
//Re-coded and modified By FaTaLisTiCz_Fx #CyBeRz@irc.Allnetwork.org
$sh_id = “RmFUYUxpc1RpQ3pfRnggYzk5U2hlbGwgdg==”;
$sh_ver = “1.1 03.2008”;
$sh_name = base64_decode($sh_id).$sh_ver;
$html_start = ”.
‘<!DOCTYPE HTML PUBLIC “-//W3C//DTD HTML 4.0 Transitional//EN”>
<meta http-equiv=”Content-Type” content=”text/html; charset=windows-1251″>
content=”en-us”><title>’.getenv(“HTTP_HOST”).’ – ‘.$sh_name.'</title>
My security skills are limited, has anyone seen this before? In google I found this guy from romania because at some of the lines there is his/her website which downloads some file to my server. So, should I delete wordpress and re-install it again? I have a backup. thanks
- The topic ‘security: .htaccess exploit? php script inside? how?’ is closed to new replies.