gelöschter Benutzer
Guest
G
Hallo Leute,
Ich bin etwas erbost im Moment. Es ist schon das zweite Mal vorgekommen, dass eine Seite von einem meiner Kunden "gehackt" wurde und PHP-Scripts in den Docroot geladen wurden. Das passierte mittels fopen() und fput() und allen anderen Funktionen, die man bei PHP normalerweise deaktiviert.
Beim ersten Mal dachte ich, es läge am CMS (concrete5, www.concrete5.org), aber zum Zeitpunkt des vermuteten Angriffs konnte ich keinerlei schwere Lücken finden. Einen 0day für eine kleine Handwerkerseite zu kaufen halte ich auch für etwas übertrieben, von daher schließe ich das jetzt mal aus.
Strato hat natürlich Logs, gibt das aber laut dem Hotline-Mitarbeiter nur an die Staatsanwaltschaft raus.
Google zeigt mir sicher auch demnächst den Vogel, wenn ich alle 2-4 Monate ankomme und die Seite neu überprüfen lassen muss, weil da Malware gefunden wird.
Drei Fragen: Was mache ich jetzt? Ist das seitens Strato legal? Hat jemand ähnliche Erfahrungen gemacht?
EDIT: WTF? http://www.google.com/safebrowsing/diagnostic?site=AS:6724
[src=php]
PHP Logo
PHP Version 5.3.29
System SunOS localhost 5.10 Generic_142901-13 i86pc
Build Date Aug 20 2014 15:47:14
Configure Command './configure' '--prefix=/opt/RZphp5' '--with-gd' '--with-jpeg-dir=../local' '--with-png-dir=../local' '--with-freetype-dir=../local' '--with-libexpat-dir=../local' '--with-iconv-dir=../local' '--with-iconv=../local' '--with-mysql=../local' '--with-mysqli=../local/bin/mysql_config' '--with-libxml-dir=../local' '--with-zlib=../local' '--with-zlib-dir=../local' '--with-db2=../local' '--with-ndbm' '--with-gdbm=../local' '--with-mhash=../local' '--with-mcrypt=../local' '--with-bz2=../local' '--with-xsl=../local' '--with-ming=../local' '--with-idn=../local' '--with-gettext=../local' '--with-imap=../local/c-client' '--with-imap-ssl=../local' '--with-tidy=../local' '--with-mssql=../local' '--with-pdo-mysql=../local' '--with-sqlite' '--with-curl=../local' '--with-openssl=../local' '--enable-mailparse' '--enable-mbstring' '--disable-rpath' '--enable-hash' '--enable-zip' '--enable-yats' '--enable-dba' '--enable-discard-path' '--enable-sysvshm=yes' '--enable-sysvsem=yes' '--enable-debug=no' '--enable-bcmath=yes' '--enable-safe-mode=yes' '--enable-cgi' '--enable-fastcgi' '--with-exec-dir=/opt/RZphp5/exec' '--with-config-file-path=/opt/RZphp5/etc' '--with-pear=/opt/RZphp5/includes' '--enable-pcntl' '--enable-calendar' '--enable-dbase' '--enable-wddx' '--enable-ftp' '--enable-exif' '--enable-id3' '--enable-lzf' '--enable-apc' '--enable-soap' '--enable-sockets' '--disable-force-cgi-redirect'
Server API CGI/FastCGI
Virtual Directory Support disabled
Configuration File (php.ini) Path /opt/RZphp5/etc
Loaded Configuration File /opt/RZphp5/etc/php.ini
Scan this dir for additional .ini files (none)
Additional .ini files parsed (none)
PHP API 20090626
PHP Extension 20090626
Zend Extension 220090626
Zend Extension Build API220090626,NTS
PHP Extension Build API20090626,NTS
Debug Build no
Thread Safety disabled
Zend Memory Manager enabled
Zend Multibyte Support disabled
IPv6 Support enabled
Registered PHP Streams https, ftps, compress.zlib, compress.bzip2, php, file, glob, data, http, ftp, phar, zip
Registered Stream Socket Transports tcp, udp, unix, udg, ssl, sslv3, sslv2, tls
Registered Stream Filters zlib.*, bzip2.*, convert.iconv.*, mcrypt.*, mdecrypt.*, string.rot13, string.toupper, string.tolower, string.strip_tags, convert.*, consumed, dechunk
Zend logo This program makes use of the Zend Scripting Language Engine:
Zend Engine v2.3.0, Copyright (c) 1998-2014 Zend Technologies
PHP Credits
Configuration
apc
APC Support disabled
Version 3.1.9
APC Debugging Disabled
MMAP Support Enabled
MMAP File Mask no value
Locking type pthread mutex Locks
Serialization Support broken
Revision $Revision: 308812 $
Build Date Aug 20 2014 15:33:54
Directive Local Value Master Value
apc.cache_by_default On On
apc.canonicalize On On
apc.coredump_unmap Off Off
apc.enable_cli Off Off
apc.enabled Off Off
apc.file_md5 Off Off
apc.file_update_protection 2 2
apc.filters no value no value
apc.gc_ttl 3600 3600
apc.include_once_override Off Off
apc.lazy_classes Off Off
apc.lazy_functions Off Off
apc.max_file_size 1M 1M
apc.mmap_file_mask no value no value
apc.num_files_hint 1000 1000
apc.preload_path no value no value
apc.report_autofilter Off Off
apc.rfc1867 Off Off
apc.rfc1867_freq 0 0
apc.rfc1867_name APC_UPLOAD_PROGRESS APC_UPLOAD_PROGRESS
apc.rfc1867_prefix upload_ upload_
apc.rfc1867_ttl 3600 3600
apc.serializer default default
apc.shm_segments 1 1
apc.shm_size 56M 56M
apc.slam_defense On On
apc.stat On On
apc.stat_ctime Off Off
apc.ttl 0 0
apc.use_request_time On On
apc.user_entries_hint 4096 4096
apc.user_ttl 0 0
apc.write_lock On On
bcmath
BCMath support enabled
Directive Local Value Master Value
bcmath.scale 0 0
bz2
BZip2 Support Enabled
Stream Wrapper support compress.bzip2://
Stream Filter support bzip2.decompress, bzip2.compress
BZip2 Version 1.0.6, 6-Sept-2010
calendar
Calendar support enabled
cgi-fcgi
Directive Local Value Master Value
cgi.check_shebang_line 1 1
cgi.discard_path 0 0
cgi.fix_pathinfo 1 1
cgi.force_redirect 0 0
cgi.ignore_repeated_errors 1 1
cgi.nph 0 0
cgi.redirect_status_env no value no value
cgi.rfc2616_headers 0 0
fastcgi.logging 1 1
Core
PHP Version 5.3.29
Directive Local Value Master Value
allow_call_time_pass_reference Off Off
allow_url_fopen On On
allow_url_include Off Off
always_populate_raw_post_data Off Off
arg_separator.input & &
arg_separator.output & &
asp_tags Off Off
auto_append_file no value no value
auto_globals_jit On On
auto_prepend_file no value no value
browscap no value no value
default_charset no value no value
default_mimetype text/html text/html
define_syslog_variables Off Off
disable_classes no value no value
disable_functions no value no value
display_errors Off Off
display_startup_errors Off Off
doc_root no value no value
docref_ext no value no value
docref_root no value no value
enable_dl On On
error_append_string no value no value
error_log no value no value
error_prepend_string no value no value
error_reporting 22519 22519
exit_on_timeout Off Off
expose_php On On
extension_dir ./ ./
file_uploads On On
highlight.bg #FFFFFF #FFFFFF
highlight.comment #FF8000 #FF8000
highlight.default #0000BB #0000BB
highlight.html #000000 #000000
highlight.keyword #007700 #007700
highlight.string #DD0000 #DD0000
html_errors Off Off
ignore_repeated_errors On On
ignore_repeated_source Off Off
ignore_user_abort Off Off
implicit_flush Off Off
include_path .:/opt/RZphp5/includes .:/opt/RZphp5/includes
log_errors On On
log_errors_max_len 1024 1024
magic_quotes_gpc Off Off
magic_quotes_runtime Off Off
magic_quotes_sybase Off Off
mail.add_x_header Off Off
mail.force_extra_parameters no value no value
mail.log no value no value
max_execution_time 0 0
max_file_uploads 20 20
max_input_nesting_level 64 64
max_input_time 60 60
max_input_vars 4000 4000
memory_limit 128M 128M
open_basedir no value no value
output_buffering no value no value
output_handler no value no value
post_max_size 48M 48M
precision 14 14
realpath_cache_size 16K 16K
realpath_cache_ttl 120 120
register_argc_argv On On
register_globals Off Off
register_long_arrays Off Off
report_memleaks On On
report_zend_debug On On
request_order no value no value
safe_mode Off Off
safe_mode_exec_dir no value no value
safe_mode_extra_uid 0 0
safe_mode_gid Off Off
safe_mode_include_dir /opt/RZphp5/includes /opt/RZphp5/includes
sendmail_from no value no value
sendmail_path /usr/sbin/sendmail -t -i /usr/sbin/sendmail -t -i
serialize_precision 100 100
short_open_tag On On
SMTP localhost localhost
smtp_port 25 25
sql.safe_mode Off Off
track_errors Off Off
unserialize_callback_func no value no value
upload_max_filesize 32M 32M
upload_tmp_dir no value no value
user_dir no value no value
user_ini.cache_ttl 300 300
user_ini.filename .user.ini .user.ini
variables_order EGPCS EGPCS
xmlrpc_error_number 0 0
xmlrpc_errors Off Off
y2k_compliance On On
zend.enable_gc On On
ctype
ctype functions enabled
curl
cURL support enabled
cURL Information 7.35.0
Age 3
Features
AsynchDNS No
Debug No
GSS-Negotiate No
IDN Yes
IPv6 Yes
Largefile Yes
NTLM Yes
SPNEGO No
SSL Yes
SSPI No
krb4 No
libz Yes
CharConv No
Protocols dict, file, ftp, ftps, gopher, http, https, imap, imaps, pop3, pop3s, rtsp, smtp, smtps, telnet, tftp
Host i386-pc-solaris2.10
SSL Version OpenSSL/1.0.1h
ZLib Version 1.2.8
date
date/time support enabled
"Olson" Timezone Database Version 2013.3
Timezone Database internal
Default timezone MET
Directive Local Value Master Value
date.default_latitude 31.7667 31.7667
date.default_longitude 35.2333 35.2333
date.sunrise_zenith 90.583333 90.583333
date.sunset_zenith 90.583333 90.583333
date.timezone no value no value
dba
DBA support enabled
Supported handlers gdbm ndbm cdb cdb_make db2 inifile flatfile
Directive Local Value Master Value
dba.default_handler flatfile flatfile
dbase
Version 5.1.0
dom
DOM/XML enabled
DOM/XML API Version 20031129
libxml Version 2.7.8
HTML Support enabled
XPath Support enabled
XPointer Support enabled
Schema Support enabled
RelaxNG Support enabled
ereg
Regex Library Bundled library enabled
exif
EXIF Support enabled
EXIF Version 1.4 $Id$
Supported EXIF Version 0220
Supported filetypes JPEG,TIFF
Directive Local Value Master Value
exif.decode_jis_intel JIS JIS
exif.decode_jis_motorola JIS JIS
exif.decode_unicode_intel UCS-2LE UCS-2LE
exif.decode_unicode_motorola UCS-2BE UCS-2BE
exif.encode_jis no value no value
exif.encode_unicode ISO-8859-15 ISO-8859-15
fileinfo
fileinfo support enabled
version 1.0.5-dev
filter
Input Validation and Filtering enabled
Revision $Id: 209a1c3c98c04a5474846e7bbe8ca72054ccfd4f $
Directive Local Value Master Value
filter.default unsafe_raw unsafe_raw
filter.default_flags no value no value
ftp
FTP support enabled
gd
GD Support enabled
GD Version bundled (2.1.0 compatible)
FreeType Support enabled
FreeType Linkage with freetype
FreeType Version 2.5.2
GIF Read Support enabled
GIF Create Support enabled
JPEG Support enabled
libJPEG Version 9a
PNG Support enabled
libPNG Version 1.6.8
WBMP Support enabled
XBM Support enabled
Directive Local Value Master Value
gd.jpeg_ignore_warning 0 0
gettext
GetText Support enabled
hash
hash support enabled
Hashing Engines md2 md4 md5 sha1 sha224 sha256 sha384 sha512 ripemd128 ripemd160 ripemd256 ripemd320 whirlpool tiger128,3 tiger160,3 tiger192,3 tiger128,4 tiger160,4 tiger192,4 snefru snefru256 gost adler32 crc32 crc32b salsa10 salsa20 haval128,3 haval160,3 haval192,3 haval224,3 haval256,3 haval128,4 haval160,4 haval192,4 haval224,4 haval256,4 haval128,5 haval160,5 haval192,5 haval224,5 haval256,5
iconv
iconv support enabled
iconv implementation libiconv
iconv library version 1.14
Directive Local Value Master Value
iconv.input_encoding ISO-8859-1 ISO-8859-1
iconv.internal_encoding ISO-8859-1 ISO-8859-1
iconv.output_encoding ISO-8859-1 ISO-8859-1
id3
id3 support enabled
Supported versions v1.0, v1.1, v2.2+ (partly)
idn
GNU libidn support enabled
GNU libidn version 1.14
imap
IMAP c-Client Version 2007f
SSL Support enabled
json
json support enabled
json version 1.2.1
libxml
libXML support active
libXML Compiled Version 2.7.8
libXML Loaded Version 20708
libXML streams enabled
lzf
lzf support enabled
version 1.5.2
optimized for speed
mailparse
mailparse support enabled
Extension Version 2.1.5
Revision $Revision: 1.64 $
Directive Local Value Master Value
mailparse.def_charset us-ascii us-ascii
mbstring
Multibyte Support enabled
Multibyte string engine libmbfl
HTTP input encoding translation disabled
mbstring extension makes use of "streamable kanji code filter and converter", which is distributed under the GNU Lesser General Public License version 2.1.
Multibyte (japanese) regex support enabled
Multibyte regex (oniguruma) backtrack check On
Multibyte regex (oniguruma) version 4.7.1
Directive Local Value Master Value
mbstring.detect_order no value no value
mbstring.encoding_translation Off Off
mbstring.func_overload 0 0
mbstring.http_input pass pass
mbstring.http_output pass pass
mbstring.http_output_conv_mimetypes ^(text/|application/xhtml\+xml) ^(text/|application/xhtml\+xml)
mbstring.internal_encoding no value no value
mbstring.language neutral neutral
mbstring.strict_detection Off Off
mbstring.substitute_character no value no value
mcrypt
mcrypt support enabled
mcrypt_filter support enabled
Version 2.5.8
Api No 20021217
Supported ciphers cast-128 gost rijndael-128 twofish arcfour cast-256 loki97 rijndael-192 saferplus wake blowfish-compat des rijndael-256 serpent xtea blowfish enigma rc2 tripledes
Supported modes cbc cfb ctr ecb ncfb nofb ofb stream
Directive Local Value Master Value
mcrypt.algorithms_dir no value no value
mcrypt.modes_dir no value no value
mhash
MHASH support Enabled
MHASH API Version Emulated Support
ming
Ming SWF output library enabled
Version 0.3beta1
mssql
MSSQL Support enabled
Active Persistent Links 0
Active Links 0
Library version FreeTDS
Directive Local Value Master Value
mssql.allow_persistent On On
mssql.batchsize 0 0
mssql.charset no value no value
mssql.compatability_mode Off Off
mssql.connect_timeout 5 5
mssql.datetimeconvert On On
mssql.max_links Unlimited Unlimited
mssql.max_persistent Unlimited Unlimited
mssql.max_procs Unlimited Unlimited
mssql.min_error_severity 10 10
mssql.min_message_severity 10 10
mssql.secure_connection Off Off
mssql.textlimit Server default Server default
mssql.textsize Server default Server default
mssql.timeout 60 60
mysql
MySQL Support enabled
Active Persistent Links 0
Active Links 0
Client API version 5.0.96
MYSQL_MODULE_TYPE external
MYSQL_SOCKET /tmp/mysql.sock
MYSQL_INCLUDE -I../local/include/mysql
MYSQL_LIBS -L../local/lib -lmysqlclient
Directive Local Value Master Value
mysql.allow_local_infile On On
mysql.allow_persistent On On
mysql.connect_timeout 60 60
mysql.default_host no value no value
mysql.default_password no value no value
mysql.default_port no value no value
mysql.default_socket /tmp/mysql.sock /tmp/mysql.sock
mysql.default_user no value no value
mysql.max_links Unlimited Unlimited
mysql.max_persistent Unlimited Unlimited
mysql.trace_mode Off Off
mysqli
MysqlI Support enabled
Client API library version 5.0.96
Active Persistent Links 0
Inactive Persistent Links 0
Active Links 0
Client API header version 5.0.96
MYSQLI_SOCKET /tmp/mysql.sock
Directive Local Value Master Value
mysqli.allow_local_infile On On
mysqli.allow_persistent On On
mysqli.default_host no value no value
mysqli.default_port 3306 3306
mysqli.default_pw no value no value
mysqli.default_socket no value no value
mysqli.default_user no value no value
mysqli.max_links Unlimited Unlimited
mysqli.max_persistent Unlimited Unlimited
mysqli.reconnect Off Off
openssl
OpenSSL support enabled
OpenSSL Library Version OpenSSL 1.0.1h 5 Jun 2014
OpenSSL Header Version OpenSSL 1.0.1h 5 Jun 2014
pcntl
pcntl support enabled
pcre
PCRE (Perl Compatible Regular Expressions) Support enabled
PCRE Library Version 8.32 2012-11-30
Directive Local Value Master Value
pcre.backtrack_limit 1000000 1000000
pcre.recursion_limit 100000 100000
PDO
PDO support enabled
PDO drivers mysql, sqlite, sqlite2
pdo_mysql
PDO Driver for MySQL enabled
Client API version 5.0.96
Directive Local Value Master Value
pdo_mysql.default_socket /tmp/mysql.sock /tmp/mysql.sock
pdo_sqlite
PDO Driver for SQLite 3.x enabled
SQLite Library 3.7.7.1
Phar
Phar: PHP Archive support enabled
Phar EXT version 2.0.1
Phar API version 1.1.1
SVN revision $Id: 21d763042eb5769ae0a09dc1118df2b5aae6fb33 $
Phar-based phar archives enabled
Tar-based phar archives enabled
ZIP-based phar archives enabled
gzip compression enabled
bzip2 compression enabled
OpenSSL support enabled
Phar based on pear/PHP_Archive, original concept by Davey Shafik.
Phar fully realized by Gregory Beaver and Marcus Boerger.
Portions of tar implementation Copyright (c) 2003-2009 Tim Kientzle.
Directive Local Value Master Value
phar.cache_list no value no value
phar.readonly On On
phar.require_hash On On
posix
Revision $Id: 5a2da3946b96c5afbf3aff8db8a8681f8bedee85 $
Reflection
Reflection enabled
Version $Id: 4af6c4c676864b1c0bfa693845af0688645c37cf $
session
Session Support enabled
Registered save handlers files user sqlite
Registered serializer handlers php php_binary wddx
Directive Local Value Master Value
session.auto_start Off Off
session.bug_compat_42 Off Off
session.bug_compat_warn Off Off
session.cache_expire 180 180
session.cache_limiter nocache nocache
session.cookie_domain no value no value
session.cookie_httponly Off Off
session.cookie_lifetime 0 0
session.cookie_path / /
session.cookie_secure Off Off
session.entropy_file no value no value
session.entropy_length 0 0
session.gc_divisor 1000 1000
session.gc_maxlifetime 1440 1440
session.gc_probability 1 1
session.hash_bits_per_character 5 5
session.hash_function 0 0
session.name PHPSESSID PHPSESSID
session.referer_check no value no value
session.save_handler files files
session.save_path 2;/var/tmp 2;/var/tmp
session.serialize_handler php php
session.use_cookies On On
session.use_only_cookies On On
session.use_trans_sid 0 0
SimpleXML
Simplexml support enabled
Revision $Id: 02ab7893b36d51e9c59da77d7e287eb3b35e1e32 $
Schema support enabled
soap
Soap Client enabled
Soap Server enabled
Directive Local Value Master Value
soap.wsdl_cache 1 1
soap.wsdl_cache_dir /var/tmp /var/tmp
soap.wsdl_cache_enabled 1 1
soap.wsdl_cache_limit 5 5
soap.wsdl_cache_ttl 86400 86400
sockets
Sockets Support enabled
SPL
SPL support enabled
Interfaces Countable, OuterIterator, RecursiveIterator, SeekableIterator, SplObserver, SplSubject
Classes AppendIterator, ArrayIterator, ArrayObject, BadFunctionCallException, BadMethodCallException, CachingIterator, DirectoryIterator, DomainException, EmptyIterator, FilesystemIterator, FilterIterator, GlobIterator, InfiniteIterator, InvalidArgumentException, IteratorIterator, LengthException, LimitIterator, LogicException, MultipleIterator, NoRewindIterator, OutOfBoundsException, OutOfRangeException, OverflowException, ParentIterator, RangeException, RecursiveArrayIterator, RecursiveCachingIterator, RecursiveDirectoryIterator, RecursiveFilterIterator, RecursiveIteratorIterator, RecursiveRegexIterator, RecursiveTreeIterator, RegexIterator, RuntimeException, SplDoublyLinkedList, SplFileInfo, SplFileObject, SplFixedArray, SplHeap, SplMinHeap, SplMaxHeap, SplObjectStorage, SplPriorityQueue, SplQueue, SplStack, SplTempFileObject, UnderflowException, UnexpectedValueException
SQLite
SQLite support enabled
PECL Module version 2.0-dev $Id$
SQLite Library 2.8.17
SQLite Encoding iso8859
Directive Local Value Master Value
sqlite.assoc_case 0 0
sqlite3
SQLite3 support enabled
SQLite3 module version 0.7-dev
SQLite Library 3.7.7.1
Directive Local Value Master Value
sqlite3.extension_dir no value no value
standard
Dynamic Library Support enabled
Path to sendmail /usr/sbin/sendmail -t -i
Directive Local Value Master Value
assert.active 1 1
assert.bail 0 0
assert.callback no value no value
assert.quiet_eval 0 0
assert.warning 1 1
auto_detect_line_endings 0 0
default_socket_timeout 60 60
from no value no value
safe_mode_allowed_env_vars PHP_ PHP_
safe_mode_protected_env_vars LD_LIBRARY_PATH LD_LIBRARY_PATH
url_rewriter.tags a=href,area=href,frame=src,input=src,form=fakeentry a=href,area=href,frame=src,input=src,form=fakeentry
user_agent no value no value
tidy
Tidy support enabled
libTidy Release 1st August 2004
Extension Version 2.0 ($Id$)
Directive Local Value Master Value
tidy.clean_output no value no value
tidy.default_config no value no value
tokenizer
Tokenizer Support enabled
wddx
WDDX Support enabled
WDDX Session Serializer enabled
xml
XML Support active
XML Namespace Support active
EXPAT Version expat_2.1.0
xmlreader
XMLReader enabled
xmlwriter
XMLWriter enabled
xsl
XSL enabled
libxslt Version 1.1.26
libxslt compiled against libxml Version 2.7.8
EXSLT enabled
libexslt Version 1.1.26
yats
YATS -- Yet Another Template System
version 0.97
author Dan Libby
homepage http://yats.sourceforge.net
open sourced by Epinions.com
Directive Local Value Master Value
yats_cache 0 0
zip
Zip enabled
Extension Version $Id: b1a1a3628c4ed0ad78fb0cc4a99b06a56aa281c4 $
Zip version 1.11.0
Libzip version 0.10.1
zlib
ZLib Support enabled
Stream Wrapper support compress.zlib://
Stream Filter support zlib.inflate, zlib.deflate
Compiled Version 1.2.8
Linked Version 1.2.8
Directive Local Value Master Value
zlib.output_compression Off Off
zlib.output_compression_level -1 -1
zlib.output_handler no value no value
Additional Modules
Module Name
sysvsem
sysvshm
Array
(
)[/src]
Danke für eure Antworten,
phre4k
Ich bin etwas erbost im Moment. Es ist schon das zweite Mal vorgekommen, dass eine Seite von einem meiner Kunden "gehackt" wurde und PHP-Scripts in den Docroot geladen wurden. Das passierte mittels fopen() und fput() und allen anderen Funktionen, die man bei PHP normalerweise deaktiviert.
Beim ersten Mal dachte ich, es läge am CMS (concrete5, www.concrete5.org), aber zum Zeitpunkt des vermuteten Angriffs konnte ich keinerlei schwere Lücken finden. Einen 0day für eine kleine Handwerkerseite zu kaufen halte ich auch für etwas übertrieben, von daher schließe ich das jetzt mal aus.
Strato hat natürlich Logs, gibt das aber laut dem Hotline-Mitarbeiter nur an die Staatsanwaltschaft raus.
Google zeigt mir sicher auch demnächst den Vogel, wenn ich alle 2-4 Monate ankomme und die Seite neu überprüfen lassen muss, weil da Malware gefunden wird.
Drei Fragen: Was mache ich jetzt? Ist das seitens Strato legal? Hat jemand ähnliche Erfahrungen gemacht?
EDIT: WTF? http://www.google.com/safebrowsing/diagnostic?site=AS:6724
Und das ist nur eines der Netzwerke. Also ich glaube langsam an eine krasse Fehlkonfiguration, nicht nur der PHP-Parameter. fopen() ist an und safemode aus, was ich jetzt nicht unbedingt so machen würde:Diagnoseseite für AS6724 (STRATO)
Was ist passiert, als Google die Website dieses Netzwerks aufgerufen hat?
In den letzten 90 Tagen haben wir 137248 Website(s) dieses Netzwerks überprüft. Dabei haben wir auf 3314 Website(s) (z. B. michaelwuehle.de/, auto-das.com/, hansafone.com/) Content gefunden, durch den Malware ohne Einwilligung des Nutzers heruntergeladen und installiert wurde.
Google hat zuletzt am 2014-12-09 eine in diesem Netzwerk gehostete Website überprüft. Verdächtiger Content wurde zuletzt am 2014-12-09 gefunden.
Hat dieses Netzwerk Websites gehostet, die als Überträger für die Weiterverbreitung von Malware fungiert haben?
In den letzten 90 Tagen haben wir in diesem Netzwerk 591 Website(s) gefunden (z. B. safari-maps.com/, hms-onlineshop.com/, see-frucht.com/), die scheinbar als Überträger für die Infizierung von 1073 anderen Website(s) fungiert haben (z. B. astra-inn.gr/, allemotocykle.pl/, wipe.de/).
[src=php]
PHP Logo
PHP Version 5.3.29
System SunOS localhost 5.10 Generic_142901-13 i86pc
Build Date Aug 20 2014 15:47:14
Configure Command './configure' '--prefix=/opt/RZphp5' '--with-gd' '--with-jpeg-dir=../local' '--with-png-dir=../local' '--with-freetype-dir=../local' '--with-libexpat-dir=../local' '--with-iconv-dir=../local' '--with-iconv=../local' '--with-mysql=../local' '--with-mysqli=../local/bin/mysql_config' '--with-libxml-dir=../local' '--with-zlib=../local' '--with-zlib-dir=../local' '--with-db2=../local' '--with-ndbm' '--with-gdbm=../local' '--with-mhash=../local' '--with-mcrypt=../local' '--with-bz2=../local' '--with-xsl=../local' '--with-ming=../local' '--with-idn=../local' '--with-gettext=../local' '--with-imap=../local/c-client' '--with-imap-ssl=../local' '--with-tidy=../local' '--with-mssql=../local' '--with-pdo-mysql=../local' '--with-sqlite' '--with-curl=../local' '--with-openssl=../local' '--enable-mailparse' '--enable-mbstring' '--disable-rpath' '--enable-hash' '--enable-zip' '--enable-yats' '--enable-dba' '--enable-discard-path' '--enable-sysvshm=yes' '--enable-sysvsem=yes' '--enable-debug=no' '--enable-bcmath=yes' '--enable-safe-mode=yes' '--enable-cgi' '--enable-fastcgi' '--with-exec-dir=/opt/RZphp5/exec' '--with-config-file-path=/opt/RZphp5/etc' '--with-pear=/opt/RZphp5/includes' '--enable-pcntl' '--enable-calendar' '--enable-dbase' '--enable-wddx' '--enable-ftp' '--enable-exif' '--enable-id3' '--enable-lzf' '--enable-apc' '--enable-soap' '--enable-sockets' '--disable-force-cgi-redirect'
Server API CGI/FastCGI
Virtual Directory Support disabled
Configuration File (php.ini) Path /opt/RZphp5/etc
Loaded Configuration File /opt/RZphp5/etc/php.ini
Scan this dir for additional .ini files (none)
Additional .ini files parsed (none)
PHP API 20090626
PHP Extension 20090626
Zend Extension 220090626
Zend Extension Build API220090626,NTS
PHP Extension Build API20090626,NTS
Debug Build no
Thread Safety disabled
Zend Memory Manager enabled
Zend Multibyte Support disabled
IPv6 Support enabled
Registered PHP Streams https, ftps, compress.zlib, compress.bzip2, php, file, glob, data, http, ftp, phar, zip
Registered Stream Socket Transports tcp, udp, unix, udg, ssl, sslv3, sslv2, tls
Registered Stream Filters zlib.*, bzip2.*, convert.iconv.*, mcrypt.*, mdecrypt.*, string.rot13, string.toupper, string.tolower, string.strip_tags, convert.*, consumed, dechunk
Zend logo This program makes use of the Zend Scripting Language Engine:
Zend Engine v2.3.0, Copyright (c) 1998-2014 Zend Technologies
PHP Credits
Configuration
apc
APC Support disabled
Version 3.1.9
APC Debugging Disabled
MMAP Support Enabled
MMAP File Mask no value
Locking type pthread mutex Locks
Serialization Support broken
Revision $Revision: 308812 $
Build Date Aug 20 2014 15:33:54
Directive Local Value Master Value
apc.cache_by_default On On
apc.canonicalize On On
apc.coredump_unmap Off Off
apc.enable_cli Off Off
apc.enabled Off Off
apc.file_md5 Off Off
apc.file_update_protection 2 2
apc.filters no value no value
apc.gc_ttl 3600 3600
apc.include_once_override Off Off
apc.lazy_classes Off Off
apc.lazy_functions Off Off
apc.max_file_size 1M 1M
apc.mmap_file_mask no value no value
apc.num_files_hint 1000 1000
apc.preload_path no value no value
apc.report_autofilter Off Off
apc.rfc1867 Off Off
apc.rfc1867_freq 0 0
apc.rfc1867_name APC_UPLOAD_PROGRESS APC_UPLOAD_PROGRESS
apc.rfc1867_prefix upload_ upload_
apc.rfc1867_ttl 3600 3600
apc.serializer default default
apc.shm_segments 1 1
apc.shm_size 56M 56M
apc.slam_defense On On
apc.stat On On
apc.stat_ctime Off Off
apc.ttl 0 0
apc.use_request_time On On
apc.user_entries_hint 4096 4096
apc.user_ttl 0 0
apc.write_lock On On
bcmath
BCMath support enabled
Directive Local Value Master Value
bcmath.scale 0 0
bz2
BZip2 Support Enabled
Stream Wrapper support compress.bzip2://
Stream Filter support bzip2.decompress, bzip2.compress
BZip2 Version 1.0.6, 6-Sept-2010
calendar
Calendar support enabled
cgi-fcgi
Directive Local Value Master Value
cgi.check_shebang_line 1 1
cgi.discard_path 0 0
cgi.fix_pathinfo 1 1
cgi.force_redirect 0 0
cgi.ignore_repeated_errors 1 1
cgi.nph 0 0
cgi.redirect_status_env no value no value
cgi.rfc2616_headers 0 0
fastcgi.logging 1 1
Core
PHP Version 5.3.29
Directive Local Value Master Value
allow_call_time_pass_reference Off Off
allow_url_fopen On On
allow_url_include Off Off
always_populate_raw_post_data Off Off
arg_separator.input & &
arg_separator.output & &
asp_tags Off Off
auto_append_file no value no value
auto_globals_jit On On
auto_prepend_file no value no value
browscap no value no value
default_charset no value no value
default_mimetype text/html text/html
define_syslog_variables Off Off
disable_classes no value no value
disable_functions no value no value
display_errors Off Off
display_startup_errors Off Off
doc_root no value no value
docref_ext no value no value
docref_root no value no value
enable_dl On On
error_append_string no value no value
error_log no value no value
error_prepend_string no value no value
error_reporting 22519 22519
exit_on_timeout Off Off
expose_php On On
extension_dir ./ ./
file_uploads On On
highlight.bg #FFFFFF #FFFFFF
highlight.comment #FF8000 #FF8000
highlight.default #0000BB #0000BB
highlight.html #000000 #000000
highlight.keyword #007700 #007700
highlight.string #DD0000 #DD0000
html_errors Off Off
ignore_repeated_errors On On
ignore_repeated_source Off Off
ignore_user_abort Off Off
implicit_flush Off Off
include_path .:/opt/RZphp5/includes .:/opt/RZphp5/includes
log_errors On On
log_errors_max_len 1024 1024
magic_quotes_gpc Off Off
magic_quotes_runtime Off Off
magic_quotes_sybase Off Off
mail.add_x_header Off Off
mail.force_extra_parameters no value no value
mail.log no value no value
max_execution_time 0 0
max_file_uploads 20 20
max_input_nesting_level 64 64
max_input_time 60 60
max_input_vars 4000 4000
memory_limit 128M 128M
open_basedir no value no value
output_buffering no value no value
output_handler no value no value
post_max_size 48M 48M
precision 14 14
realpath_cache_size 16K 16K
realpath_cache_ttl 120 120
register_argc_argv On On
register_globals Off Off
register_long_arrays Off Off
report_memleaks On On
report_zend_debug On On
request_order no value no value
safe_mode Off Off
safe_mode_exec_dir no value no value
safe_mode_extra_uid 0 0
safe_mode_gid Off Off
safe_mode_include_dir /opt/RZphp5/includes /opt/RZphp5/includes
sendmail_from no value no value
sendmail_path /usr/sbin/sendmail -t -i /usr/sbin/sendmail -t -i
serialize_precision 100 100
short_open_tag On On
SMTP localhost localhost
smtp_port 25 25
sql.safe_mode Off Off
track_errors Off Off
unserialize_callback_func no value no value
upload_max_filesize 32M 32M
upload_tmp_dir no value no value
user_dir no value no value
user_ini.cache_ttl 300 300
user_ini.filename .user.ini .user.ini
variables_order EGPCS EGPCS
xmlrpc_error_number 0 0
xmlrpc_errors Off Off
y2k_compliance On On
zend.enable_gc On On
ctype
ctype functions enabled
curl
cURL support enabled
cURL Information 7.35.0
Age 3
Features
AsynchDNS No
Debug No
GSS-Negotiate No
IDN Yes
IPv6 Yes
Largefile Yes
NTLM Yes
SPNEGO No
SSL Yes
SSPI No
krb4 No
libz Yes
CharConv No
Protocols dict, file, ftp, ftps, gopher, http, https, imap, imaps, pop3, pop3s, rtsp, smtp, smtps, telnet, tftp
Host i386-pc-solaris2.10
SSL Version OpenSSL/1.0.1h
ZLib Version 1.2.8
date
date/time support enabled
"Olson" Timezone Database Version 2013.3
Timezone Database internal
Default timezone MET
Directive Local Value Master Value
date.default_latitude 31.7667 31.7667
date.default_longitude 35.2333 35.2333
date.sunrise_zenith 90.583333 90.583333
date.sunset_zenith 90.583333 90.583333
date.timezone no value no value
dba
DBA support enabled
Supported handlers gdbm ndbm cdb cdb_make db2 inifile flatfile
Directive Local Value Master Value
dba.default_handler flatfile flatfile
dbase
Version 5.1.0
dom
DOM/XML enabled
DOM/XML API Version 20031129
libxml Version 2.7.8
HTML Support enabled
XPath Support enabled
XPointer Support enabled
Schema Support enabled
RelaxNG Support enabled
ereg
Regex Library Bundled library enabled
exif
EXIF Support enabled
EXIF Version 1.4 $Id$
Supported EXIF Version 0220
Supported filetypes JPEG,TIFF
Directive Local Value Master Value
exif.decode_jis_intel JIS JIS
exif.decode_jis_motorola JIS JIS
exif.decode_unicode_intel UCS-2LE UCS-2LE
exif.decode_unicode_motorola UCS-2BE UCS-2BE
exif.encode_jis no value no value
exif.encode_unicode ISO-8859-15 ISO-8859-15
fileinfo
fileinfo support enabled
version 1.0.5-dev
filter
Input Validation and Filtering enabled
Revision $Id: 209a1c3c98c04a5474846e7bbe8ca72054ccfd4f $
Directive Local Value Master Value
filter.default unsafe_raw unsafe_raw
filter.default_flags no value no value
ftp
FTP support enabled
gd
GD Support enabled
GD Version bundled (2.1.0 compatible)
FreeType Support enabled
FreeType Linkage with freetype
FreeType Version 2.5.2
GIF Read Support enabled
GIF Create Support enabled
JPEG Support enabled
libJPEG Version 9a
PNG Support enabled
libPNG Version 1.6.8
WBMP Support enabled
XBM Support enabled
Directive Local Value Master Value
gd.jpeg_ignore_warning 0 0
gettext
GetText Support enabled
hash
hash support enabled
Hashing Engines md2 md4 md5 sha1 sha224 sha256 sha384 sha512 ripemd128 ripemd160 ripemd256 ripemd320 whirlpool tiger128,3 tiger160,3 tiger192,3 tiger128,4 tiger160,4 tiger192,4 snefru snefru256 gost adler32 crc32 crc32b salsa10 salsa20 haval128,3 haval160,3 haval192,3 haval224,3 haval256,3 haval128,4 haval160,4 haval192,4 haval224,4 haval256,4 haval128,5 haval160,5 haval192,5 haval224,5 haval256,5
iconv
iconv support enabled
iconv implementation libiconv
iconv library version 1.14
Directive Local Value Master Value
iconv.input_encoding ISO-8859-1 ISO-8859-1
iconv.internal_encoding ISO-8859-1 ISO-8859-1
iconv.output_encoding ISO-8859-1 ISO-8859-1
id3
id3 support enabled
Supported versions v1.0, v1.1, v2.2+ (partly)
idn
GNU libidn support enabled
GNU libidn version 1.14
imap
IMAP c-Client Version 2007f
SSL Support enabled
json
json support enabled
json version 1.2.1
libxml
libXML support active
libXML Compiled Version 2.7.8
libXML Loaded Version 20708
libXML streams enabled
lzf
lzf support enabled
version 1.5.2
optimized for speed
mailparse
mailparse support enabled
Extension Version 2.1.5
Revision $Revision: 1.64 $
Directive Local Value Master Value
mailparse.def_charset us-ascii us-ascii
mbstring
Multibyte Support enabled
Multibyte string engine libmbfl
HTTP input encoding translation disabled
mbstring extension makes use of "streamable kanji code filter and converter", which is distributed under the GNU Lesser General Public License version 2.1.
Multibyte (japanese) regex support enabled
Multibyte regex (oniguruma) backtrack check On
Multibyte regex (oniguruma) version 4.7.1
Directive Local Value Master Value
mbstring.detect_order no value no value
mbstring.encoding_translation Off Off
mbstring.func_overload 0 0
mbstring.http_input pass pass
mbstring.http_output pass pass
mbstring.http_output_conv_mimetypes ^(text/|application/xhtml\+xml) ^(text/|application/xhtml\+xml)
mbstring.internal_encoding no value no value
mbstring.language neutral neutral
mbstring.strict_detection Off Off
mbstring.substitute_character no value no value
mcrypt
mcrypt support enabled
mcrypt_filter support enabled
Version 2.5.8
Api No 20021217
Supported ciphers cast-128 gost rijndael-128 twofish arcfour cast-256 loki97 rijndael-192 saferplus wake blowfish-compat des rijndael-256 serpent xtea blowfish enigma rc2 tripledes
Supported modes cbc cfb ctr ecb ncfb nofb ofb stream
Directive Local Value Master Value
mcrypt.algorithms_dir no value no value
mcrypt.modes_dir no value no value
mhash
MHASH support Enabled
MHASH API Version Emulated Support
ming
Ming SWF output library enabled
Version 0.3beta1
mssql
MSSQL Support enabled
Active Persistent Links 0
Active Links 0
Library version FreeTDS
Directive Local Value Master Value
mssql.allow_persistent On On
mssql.batchsize 0 0
mssql.charset no value no value
mssql.compatability_mode Off Off
mssql.connect_timeout 5 5
mssql.datetimeconvert On On
mssql.max_links Unlimited Unlimited
mssql.max_persistent Unlimited Unlimited
mssql.max_procs Unlimited Unlimited
mssql.min_error_severity 10 10
mssql.min_message_severity 10 10
mssql.secure_connection Off Off
mssql.textlimit Server default Server default
mssql.textsize Server default Server default
mssql.timeout 60 60
mysql
MySQL Support enabled
Active Persistent Links 0
Active Links 0
Client API version 5.0.96
MYSQL_MODULE_TYPE external
MYSQL_SOCKET /tmp/mysql.sock
MYSQL_INCLUDE -I../local/include/mysql
MYSQL_LIBS -L../local/lib -lmysqlclient
Directive Local Value Master Value
mysql.allow_local_infile On On
mysql.allow_persistent On On
mysql.connect_timeout 60 60
mysql.default_host no value no value
mysql.default_password no value no value
mysql.default_port no value no value
mysql.default_socket /tmp/mysql.sock /tmp/mysql.sock
mysql.default_user no value no value
mysql.max_links Unlimited Unlimited
mysql.max_persistent Unlimited Unlimited
mysql.trace_mode Off Off
mysqli
MysqlI Support enabled
Client API library version 5.0.96
Active Persistent Links 0
Inactive Persistent Links 0
Active Links 0
Client API header version 5.0.96
MYSQLI_SOCKET /tmp/mysql.sock
Directive Local Value Master Value
mysqli.allow_local_infile On On
mysqli.allow_persistent On On
mysqli.default_host no value no value
mysqli.default_port 3306 3306
mysqli.default_pw no value no value
mysqli.default_socket no value no value
mysqli.default_user no value no value
mysqli.max_links Unlimited Unlimited
mysqli.max_persistent Unlimited Unlimited
mysqli.reconnect Off Off
openssl
OpenSSL support enabled
OpenSSL Library Version OpenSSL 1.0.1h 5 Jun 2014
OpenSSL Header Version OpenSSL 1.0.1h 5 Jun 2014
pcntl
pcntl support enabled
pcre
PCRE (Perl Compatible Regular Expressions) Support enabled
PCRE Library Version 8.32 2012-11-30
Directive Local Value Master Value
pcre.backtrack_limit 1000000 1000000
pcre.recursion_limit 100000 100000
PDO
PDO support enabled
PDO drivers mysql, sqlite, sqlite2
pdo_mysql
PDO Driver for MySQL enabled
Client API version 5.0.96
Directive Local Value Master Value
pdo_mysql.default_socket /tmp/mysql.sock /tmp/mysql.sock
pdo_sqlite
PDO Driver for SQLite 3.x enabled
SQLite Library 3.7.7.1
Phar
Phar: PHP Archive support enabled
Phar EXT version 2.0.1
Phar API version 1.1.1
SVN revision $Id: 21d763042eb5769ae0a09dc1118df2b5aae6fb33 $
Phar-based phar archives enabled
Tar-based phar archives enabled
ZIP-based phar archives enabled
gzip compression enabled
bzip2 compression enabled
OpenSSL support enabled
Phar based on pear/PHP_Archive, original concept by Davey Shafik.
Phar fully realized by Gregory Beaver and Marcus Boerger.
Portions of tar implementation Copyright (c) 2003-2009 Tim Kientzle.
Directive Local Value Master Value
phar.cache_list no value no value
phar.readonly On On
phar.require_hash On On
posix
Revision $Id: 5a2da3946b96c5afbf3aff8db8a8681f8bedee85 $
Reflection
Reflection enabled
Version $Id: 4af6c4c676864b1c0bfa693845af0688645c37cf $
session
Session Support enabled
Registered save handlers files user sqlite
Registered serializer handlers php php_binary wddx
Directive Local Value Master Value
session.auto_start Off Off
session.bug_compat_42 Off Off
session.bug_compat_warn Off Off
session.cache_expire 180 180
session.cache_limiter nocache nocache
session.cookie_domain no value no value
session.cookie_httponly Off Off
session.cookie_lifetime 0 0
session.cookie_path / /
session.cookie_secure Off Off
session.entropy_file no value no value
session.entropy_length 0 0
session.gc_divisor 1000 1000
session.gc_maxlifetime 1440 1440
session.gc_probability 1 1
session.hash_bits_per_character 5 5
session.hash_function 0 0
session.name PHPSESSID PHPSESSID
session.referer_check no value no value
session.save_handler files files
session.save_path 2;/var/tmp 2;/var/tmp
session.serialize_handler php php
session.use_cookies On On
session.use_only_cookies On On
session.use_trans_sid 0 0
SimpleXML
Simplexml support enabled
Revision $Id: 02ab7893b36d51e9c59da77d7e287eb3b35e1e32 $
Schema support enabled
soap
Soap Client enabled
Soap Server enabled
Directive Local Value Master Value
soap.wsdl_cache 1 1
soap.wsdl_cache_dir /var/tmp /var/tmp
soap.wsdl_cache_enabled 1 1
soap.wsdl_cache_limit 5 5
soap.wsdl_cache_ttl 86400 86400
sockets
Sockets Support enabled
SPL
SPL support enabled
Interfaces Countable, OuterIterator, RecursiveIterator, SeekableIterator, SplObserver, SplSubject
Classes AppendIterator, ArrayIterator, ArrayObject, BadFunctionCallException, BadMethodCallException, CachingIterator, DirectoryIterator, DomainException, EmptyIterator, FilesystemIterator, FilterIterator, GlobIterator, InfiniteIterator, InvalidArgumentException, IteratorIterator, LengthException, LimitIterator, LogicException, MultipleIterator, NoRewindIterator, OutOfBoundsException, OutOfRangeException, OverflowException, ParentIterator, RangeException, RecursiveArrayIterator, RecursiveCachingIterator, RecursiveDirectoryIterator, RecursiveFilterIterator, RecursiveIteratorIterator, RecursiveRegexIterator, RecursiveTreeIterator, RegexIterator, RuntimeException, SplDoublyLinkedList, SplFileInfo, SplFileObject, SplFixedArray, SplHeap, SplMinHeap, SplMaxHeap, SplObjectStorage, SplPriorityQueue, SplQueue, SplStack, SplTempFileObject, UnderflowException, UnexpectedValueException
SQLite
SQLite support enabled
PECL Module version 2.0-dev $Id$
SQLite Library 2.8.17
SQLite Encoding iso8859
Directive Local Value Master Value
sqlite.assoc_case 0 0
sqlite3
SQLite3 support enabled
SQLite3 module version 0.7-dev
SQLite Library 3.7.7.1
Directive Local Value Master Value
sqlite3.extension_dir no value no value
standard
Dynamic Library Support enabled
Path to sendmail /usr/sbin/sendmail -t -i
Directive Local Value Master Value
assert.active 1 1
assert.bail 0 0
assert.callback no value no value
assert.quiet_eval 0 0
assert.warning 1 1
auto_detect_line_endings 0 0
default_socket_timeout 60 60
from no value no value
safe_mode_allowed_env_vars PHP_ PHP_
safe_mode_protected_env_vars LD_LIBRARY_PATH LD_LIBRARY_PATH
url_rewriter.tags a=href,area=href,frame=src,input=src,form=fakeentry a=href,area=href,frame=src,input=src,form=fakeentry
user_agent no value no value
tidy
Tidy support enabled
libTidy Release 1st August 2004
Extension Version 2.0 ($Id$)
Directive Local Value Master Value
tidy.clean_output no value no value
tidy.default_config no value no value
tokenizer
Tokenizer Support enabled
wddx
WDDX Support enabled
WDDX Session Serializer enabled
xml
XML Support active
XML Namespace Support active
EXPAT Version expat_2.1.0
xmlreader
XMLReader enabled
xmlwriter
XMLWriter enabled
xsl
XSL enabled
libxslt Version 1.1.26
libxslt compiled against libxml Version 2.7.8
EXSLT enabled
libexslt Version 1.1.26
yats
YATS -- Yet Another Template System
version 0.97
author Dan Libby
homepage http://yats.sourceforge.net
open sourced by Epinions.com
Directive Local Value Master Value
yats_cache 0 0
zip
Zip enabled
Extension Version $Id: b1a1a3628c4ed0ad78fb0cc4a99b06a56aa281c4 $
Zip version 1.11.0
Libzip version 0.10.1
zlib
ZLib Support enabled
Stream Wrapper support compress.zlib://
Stream Filter support zlib.inflate, zlib.deflate
Compiled Version 1.2.8
Linked Version 1.2.8
Directive Local Value Master Value
zlib.output_compression Off Off
zlib.output_compression_level -1 -1
zlib.output_handler no value no value
Additional Modules
Module Name
sysvsem
sysvshm
Array
(
)[/src]
Danke für eure Antworten,
phre4k
Zuletzt bearbeitet: