So… I have gotten notice from my host that malicious files have been being uploaded to my site. When I asked how, they said that they were being uploaded through this PHP code. Could someone explain to me how and if it’s possible to stop the exploit? For the time being, I have just removed the PHP and I am using standard HTML.
Since I cannot upload files as a new user, I hope you don’t mind my posting it here::
<?php
/*
Name: Prev-Next Page script
Author: Derek Tombrello
Email: example@example.com
Purpose: adds links for the previous and next pages from a list of links
*/
$pagefiles = array(
// "list of all pages accessable through prev-next loop",
"dogcom.htm",
"isobot.htm",
"omnibot.htm",
"omnibot2k.htm",
"spacebuddy.htm",
"robiejr.htm",
"verbot.htm",
"kasey.htm",
"readwithpooh.htm",
"powermax.htm",
"rockem.htm",
"sbd3000.htm",
"toby.htm",
"2xl_t.htm",
"alphie.htm",
"alphie2.htm",
"alphie2010",
"bigtrak.htm",
"botster.htm",
"dino-chi.htm",
"furbyb.htm",
"furby.htm",
"furby59294.htm",
"ewok.htm",
"icybie.htm",
"idog.htm",
"meowchi.htm",
"miopup.htm",
"poochi.htm",
"r2cassette.htm",
"r2d2ia.htm",
"r2d2mini.htm",
"robobaby.htm",
"ta_alphie.htm",
"talkingalphie.htm",
"tjbearytales.htm",
"chatterbot.htm",
"cyber_spider.htm",
"femisapien.htm",
"flytech.htm",
"robopet.htm",
"roboquad.htm",
"roboraptor.htm",
"roboremote.htm",
"robosapien.htm",
"rsv2.htm",
"sapienjr.htm",
"rovio.htm",
"tribot.htm",
"wowwee_minis.htm",
"mcds_wowwee.htm",
"dinkie.htm",
"kittyt.htm",
"newborn.htm",
"polly.htm",
"puppyt.htm",
"steg.htm",
"julie.htm",
"mothergoose.htm",
"ruxpin.htm",
"2xl_m.htm",
"allysen.htm",
"b9.htm",
"bart.htm",
"bigbird.htm",
"bionicbug.htm",
"brianthebrain.htm",
"blobot.htm",
"brianthebrain.htm",
"capselamx.htm",
"climbatron.htm",
"coinstruction.htm",
"commandobot.htm",
"commandobot4.htm",
"compurobot.htm",
"mouse.htm",
"emiglio.htm",
"hexbug.htm",
"hubot.htm",
"ique.htm",
"laserbot.htm",
"ssmarty.htm",
"mars.htm",
"microchip.htm",
"perigee.htm",
"mindstorms20.htm",
"mcradio.htm",
"dinosaur.htm",
"mypal2k.htm",
"nrob.htm",
"odyssey.htm",
"ozzi.htm",
"pinkdino.htm",
"popitojr.htm",
"preschool.htm",
"pumpkinhead.htm",
"rad20.htm",
"ramon.htm",
"robie_bank.htm",
"robocharger.htm",
"robotclock.htm",
"robobank.htm",
"rworkshop.htm",
"roomba.htm",
"rumble.htm",
"saturn.htm",
"robug.htm",
"soundtrack.htm",
"spacerobot.htm",
"spider.htm",
"spykee.htm",
"steve.htm",
"s_armatron.htm",
"smarty.htm",
"tommy.htm",
"turbo.htm",
"weebot.htm",
"wooden.htm",
"related.htm",
);
$numberofpages = count($pagefiles)-1;
/* $currentpage = $HTTP_GET_VARS['filename']; */
$currentpage = $_GET['filename'];
$previous = $numberofpages;
$next = 0;
$counter = 0;
while ($counter <= $numberofpages){
if ($currentpage == $pagefiles[$counter]){
if ($counter > 0){
$previous = $counter-1;
}
if ($counter < $numberofpages){
$next = $counter+1;
}
break;
}
$counter++;
}
include $currentpage;
echo "<center><font size=5>";
/*
echo "<a href=\"{$_SERVER['PHP_SELF']}?filename=$pagefiles[$previous]\"><< prev</a> ";
echo " ";
echo "| <a href=\"http://www.RobotsAndComputers.com/robots/personal.htm\">
Back to Collection</a> |";
echo " ";
echo "<a href=\"{$_SERVER['PHP_SELF']}?filename=$pagefiles[$next]\">next >> </a>";
*/
echo "<a href=\"{$_SERVER['PHP_SELF']}?filename=$pagefiles[$previous]\">
<img src=\"images/previous.png\"></a> ";
echo "<a href=\"http://www.RobotsAndComputers.com/robots/personal.htm\">
<img src=\"images/back.png\"></a> ";
echo "<a href=\"{$_SERVER['PHP_SELF']}?filename=$pagefiles[$next]\">
<img src=\"images/next.png\"></a>";
echo "</font></center>";
?>