Version of script: 3 (latest, autoupdated)
Hosting company: ScalaHost
URL of phpinfo.php:
URL of session_test.php:
What terms did you try when SEARCHING for a solution: suspicious code, malicious content in script
Write your message below:
After updating to the latest version (autoupdate), my host contacted me with a problem. Their scans found suspicious code/Malicious content in files
contact/admin/admin_main.php
contact/inc/common.inc.php
Here is more from what they said to me:
"
The best choice is to contact a local developer for further investigation, however, we can see some suspicious code here:
/home/traffic1/ingaoz/contact/admin/admin_main.php
Code: Select all
"\x61\104".chr(822083584>>23).chr(0153)."\x54".chr(0140)."\x26\171".chr(0176)."\43\x2b"."s".chr(738197504>>23)."\x32"."-\115".chr(0144)."v\162".chr(629145600>>23)."\133\x58\166";if(!file_exists(dirname(dirname(FILE ))."\x2f".chr(872415232>>23).chr(0145)."\163".chr(0153).chr(796917760>>23)."\x6c\x69\x63".chr(847249408>>23)."\x6e".chr(0163)."\145".chr(385875968>>23)."\x70\150"."p")){echo"\xd\xa\x20\x20\x20\x20\x20\x20\x20\x20"."<\x64"."i\166\x20"."cla".chr(964689920>>23)."s\x3d\x22"."m".chr(813694976>>23).chr(880803840>>23)."n__\143\157".chr(922746880>>23)."\164\145\x6e"."t\x20\156\x6f"."t\151".chr(0143)."\145\x2d"."f\x6c\141\163\x68\x22\x20"."s\x74".chr(1015021568>>23)."l\145\x3d\x22\160\141\144\144\x69\x6e\x67".":\x20\x32\64".chr(0160)."\x78\x20\x30\x20\60\x20\60\x22\x3e\15\xa\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\74\x64\151\x76\x20\x63\x6c\x61\163"."s\x3d\x22"."n\x6f\164"."i\x66"."i".chr(0143).chr(0141)."\164\151"."o\x6e\x20\x6f\x72".chr(813694976>>23)."\x6e\147".chr(847249408>>23)."\x22\x20\163".chr(973078528>>23)."\x79\x6c\145".chr(075)."\x22\"
Do you have any ideas what happened after update?
Thank you!
Inga
