SA-MP Forums Archive
PHP Code [TROJAN?] Where? - Printable Version

+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: Other (https://sampforum.blast.hk/forumdisplay.php?fid=7)
+--- Forum: Everything and Nothing (https://sampforum.blast.hk/forumdisplay.php?fid=23)
+--- Thread: PHP Code [TROJAN?] Where? (/showthread.php?tid=110503)


PHP Code [TROJAN?] Where? - Eazy_Efolife - 26.11.2009

I'm getting complaints from people who went to http://ucp.south-westrp.com/UCP.php and they said there received Trojan warning from AVAST, Can someone look at this code and see where the problem is at?

Код:
<html>
<head>
<?php
  
  $sql = mysql_connect("BLOCKED", "BLOCKED", "BLOCKED");
  mysql_select_db(BLOCKED, $sql);
  if($_POST["fname"] && $_POST["ppassword"]) 
  {
    if(!isset($_POST['fname']) || !trim($_POST['fname'])) die('Please enter a name.');
    //foreach($_POST as $name=>$val) 
    // {
    //  $_POST[$name] = mysql_real_escape_string($val);
    //}
    $fname = $_POST["fname"];
    $ppassword = $_POST["ppassword"];
    $sql = mysql_query("SELECT * FROM players WHERE Name = '$fname' AND Password = '$ppassword' LIMIT 1");
    if(mysql_num_rows($sql)>0) 
    {
      echo("You are logged in!");
    }
    else 
    {
      echo("Password does not match, or there is no account!");
      return 0;
    }
  }
  else
  {
    echo("Password does not match, or there is no account!");
    return 0;
  }
?>

<?php
      $sql = mysql_connect("BLOCKED", "BLOCKED", "BLOCKED");
      $select = "SELECT * FROM players WHERE Name = '".mysql_real_escape_string($_POST['fname'])."'";
      $query = mysql_query($select) or die('MySQL error: '.mysql_error());
      mysql_select_db(BLOCKED, $sql);
      while($list = mysql_fetch_array($query)) {
      	?>
      	<div style="color: #FFFFFF;">
          Name: <?=$list['Name']?><br />
      		Level: <?=$list['PlayerLevel']?><br />
      		Admin Level: <?=$list['AdminLevel']?><br />
      		Moderator: <?=$list['Moderator']?><br />
      		Helper: <?=$list['Helper']?><br />
      		Money: <?=$list['Cash']?><br />
      		Skin: <?=$list['Skin']?><br />
      		Faction ID: <?=$list['Faction']?><br />
      		Faction Rank ID: <?=$list['Rank']?><br />
      		House Key: <?=$list['HouseKey']?><br />
      		Rent House Key: <?=$list['RHouseKey']?>
      	</div><br />
      	<?php
      }
      ?>
      
</head>
<body>
<p><center><b>_</center></p>
<body background="/imageshack/img43/7428/hometu.jpg">
</body>
</html>
edit: Someone told me it was Iframe, How do I remove it? ( The IFrame?)

Re: PHP Code [TROJAN?] Where? - J.W. - 26.11.2009

Hm, I get this warning usually if the Site has some popups with wierd content, do you have any popups, advertisements on your site?

Re: PHP Code [TROJAN?] Where? - Eazy_Efolife - 26.11.2009

Quote:
Originally Posted by WwW
Hm, I get this warning usually if the Site has some popups with wierd content, do you have any popups, advertisements on your site?
No

Re: PHP Code [TROJAN?] Where? - KevKo95 - 26.11.2009

Also recieved a warning from AVG and McAfee SiteAdvisor actually pulled me away from the site, because it breaches security. The trojan is coming from this page:

Код:
jl.chura.pl/rc
Any idea what that is?

Edit: The problem does not appear to be from the page, I can't find anything to do with iFrames in there. It might be coming from your SQL database.

Re: PHP Code [TROJAN?] Where? - Eazy_Efolife - 26.11.2009

Quote:
Originally Posted by Kevin Fallow / KevKo
Also recieved a warning from AVG and McAfee SiteAdvisor actually pulled me away from the site, because it breaches security. The trojan is coming from this page:

Код:
jl.chura.pl/rc
Any idea what that is?
How can i get that page away from me?

Re: PHP Code [TROJAN?] Where? - J.W. - 26.11.2009

I found this, maybe it helps you.

http://www.110mb.com/forum/virus-ifr...-t44038.0.html

Re: PHP Code [TROJAN?] Where? - Eazy_Efolife - 26.11.2009

Quote:
Originally Posted by WwW
I used 110MB before, maybe i caught it from there?

Re: PHP Code [TROJAN?] Where? - J.W. - 27.11.2009

Quote:
Originally Posted by [SOMM
Compton's Eazy E ]
Quote:
Originally Posted by WwW
I used 110MB before, maybe i caught it from there?
I don't know but from what I've read on different boards, it's a virus which injects hmtl, php or even java scripts on your computer, I guess you created the UCP yourself, the virus is probably on your computer.


Re: PHP Code [TROJAN?] Where? - Eazy_Efolife - 27.11.2009

Quote:
Originally Posted by WwW
Quote:
Originally Posted by [SOMM
Compton's Eazy E ]
Quote:
Originally Posted by WwW
I used 110MB before, maybe i caught it from there?
I don't know but from what I've read on different boards, it's a virus which injects hmtl, php or even java scripts on your computer, I guess you created the UCP yourself, the virus is probably on your computer.
damn =/ Well Whenever i upload one to my website hoster, I just edit the code on the website hoster and delete the code and it works I'm going to scam my computer in a sec and see if this virus goes away

Re: PHP Code [TROJAN?] Where? - iLinx - 27.11.2009

try a different webhost - 110mb sucks ass, infact all free web hosting sucks imho.
http://justhost.com
http://bluehost.com
^2 of the best rated cheap webhosts on the internet, ive used jh for around 6 months, never had any downtime or lag, if you need a cheap host you should go to them