Godaddy Hosted Website Attacked – PHP Files In Directories

We have a static HTML site built in 2013 that we maintain. We got a notification from Godaddy that there were malicious files in the website. I started to remove them, but wanted to see what was in them. When I opened one of the files that was 3 level into the website it was extremely complicated. It looks like part of many arrays and just pulling parts of multiple arrays. I believe the end goal is to assemble the final script. It looks like this.

Another interesting thing about this attack is the date of the file. It is from 2013. I had made a complete back of the site on 2/15/2016, but the bad files were from 2013. None of the bad files were in my back in 2016.

Nothing was solved. I removed the old files and updated the .htaccess file. I found it interesting how the date could be manipulated.

I hope this helps someone one else out there….

 

0 Comments

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>