From: yasenpetrov at gmail dot com Operating system: Linux PHP version: 4.4.8 PHP Bug Type: *General Issues Bug description: Injection By Executing of External Scripts
Description: ------------ Hello, I'm having a similar problem like the one this guy is describing. My website gets infected somehow. I've tried to delete .htaccess file that causes the redirection, the directory with the malicious files, change the FTP password. It is ok for a day or two but then these files get recreated somehow. I'm going to try the steps described in this article and the link within. Just thought you may want to know (if you do not know already) this case. I am sure a lot of websites are affected by this "virus" or whatever is called. The main point is that when a user clicks on a link from Google (or other search engine) results on a certain infected website they see some blog page and get redirected to AdultFriendFinder in a few seconds instead of visiting the real website. It is quite hard to get rid of this virus and also hard to find info in internet about this issue. I've been trying to solve this problem for over a month now. The hosting provider just told me: "Examine the log files". It is a real pain in the but for nub cakes like me ^^ Thank you. Yasen PS. I know my English sucks but hope you understood me. Reproduce code: --------------- http://groups.google.com/group/Google_Web_Search_Help-UsingWS/browse_thread/thread/7ac29a38008c4d81 -- Edit bug report at http://bugs.php.net/?id=44831&edit=1 -- Try a CVS snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=44831&r=trysnapshot52 Try a CVS snapshot (PHP 5.3): http://bugs.php.net/fix.php?id=44831&r=trysnapshot53 Try a CVS snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=44831&r=trysnapshot60 Fixed in CVS: http://bugs.php.net/fix.php?id=44831&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=44831&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=44831&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=44831&r=needscript Try newer version: http://bugs.php.net/fix.php?id=44831&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=44831&r=support Expected behavior: http://bugs.php.net/fix.php?id=44831&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=44831&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=44831&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=44831&r=globals PHP 4 support discontinued: http://bugs.php.net/fix.php?id=44831&r=php4 Daylight Savings: http://bugs.php.net/fix.php?id=44831&r=dst IIS Stability: http://bugs.php.net/fix.php?id=44831&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=44831&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=44831&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=44831&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=44831&r=mysqlcfg
