Malware Signatures

  1. Home
  2. Malware Signatures
  3. php.hacktool.php_proxy.001

php.hacktool.php_proxy.001

PHP proxy is a tool that allows to browse the web anonymously. You can open web pages and download files without the risk of your IP address will be recorded in the server logs of the remote resources.
All they will have is the IP address of the hacked server. Although such proxies can be used legitimately, they are simply indispensable for illegal activities.

Affecting

Any servers with enabled PHP

Cleanup

Delete the malicious script and scan your server for other types of malware and specifically for backdoors.
You can also sign up with us and let our team remove the malware for you.

Dump

... typical excerpts ...

<title>PHP Proxy By kliverz</title>

...

case 'file_size':
$message = 'The file your are attempting to download is too large.<br />'
. 'Maxiumum permissible file size is <b>' . number_format($GLOBALS['_config']['max_file_size']/1048576, 2) . ' MB</b><br />'
. 'Requested file size is <b>' . number_format($GLOBALS['_content_length']/1048576, 2) . ' MB</b>';
break;
case 'hotlinking':
$message = 'It appears that you are trying to access a resource through this proxy from a remote Website.<br />'
. 'For security reasons, please use the form below to do so.';
break;

...

echo 'An error has occured while trying to browse through the proxy. <br />' . $message . '</p></div>';
break;
}
?>
<form method="post" action="<?php echo $_SERVER['PHP_SELF'] ?>">
<ul id="form">
<li id="address_bar"><label>Web Address <input id="address_box" type="text" name="<?php echo $GLOBALS['_config']['url_var_name'] ?>" value="<?php echo isset($GLOBALS['_url']) ? htmlspecialchars($GLOBALS['_url']) : '' ?>" onfocus="this.select()" /></label> <input id="go" type="submit" value="Go" /></li>

....