Any one know what this is?

lorenw · January 6, 2010, 3:44pm

I went to make some changes in an included page and found this code in only one of the many included files. Any one have any idea what this is?


<?php echo "<?ã¼¼æµ¸â¬æ•¶ç²æ½©ãµ®ã„¢ã€®â€¢æ¹¥æ½£æ¥¤æ®âˆ½ç‘µâµ¦âˆ¸ã¸¿?".">"; ?>

viewing source shows a series of squares and a copy and paste is what is below.


<?&#16188;&#28024;&#8300;&#25974;&#29554;&#28521;&#15726;&#12578;&#12334;•&#28261;&#28515;&#26980;&#26478;&#8765;&#29813;&#11622;&#8760;&#15935;?>

Perms on this file are 644 and owned by root. It is on a dedicated server. It is the only file changed on 11-12-09. The includes are hardwired.

It looks to me like some kind of XML feed (echo "<? . . .).

If it was a hack, wouldn’t it be more defacing than just an echo, which by the way is not visible in the rendered include page because of my charset. I realise it is a char encoding thing but what is it doing?

As always, Thanks for your input and speculation.
Loren.

Mittineague · January 6, 2010, 7:12pm

The “squares” are because you don’t have the font installed. I’m guessing it’s Chinese? Google translate (for Chinese to English) gives this:
Baptist ⁬ by Yi Zhen 㵮ㄢ〮 • Tuminsongfei ∽ Zhao

lorenw · January 6, 2010, 8:48pm

I googled both of the phrases, Tuminsongfei only retuns this thread.

I do have 2 other people that occasionaly edit these pages but they only use DW because they don’t know HTML, much less PHP.

The code is harmless so this one gets chalked up to gremlins.

Thank you.