Back door reported by ISP

Reply·Subscribe
emdiamond
emdiamondAdvanced
11 posts
0
 

My ISP keeps locking out these two files. They say there is back door code in them.

/home/mysite/mysite.com/inc/design.inc.php

/home/mysite/mysite.com/inc/admin_design.inc.php

 

I checked the the original files from boonex and they are the same.

Any ideas if this is verification code from Boonex?

 

This is in the admin_design.inc.php file:

                                                                                                                                                                            $a = 'YmFzZTY0X2RlY29kZQ==';

                                                                                                                                                                            $b = 'ZnVuY3Rpb24gY2hlY2tEb2xwaGluTGljZW5zZSgpIHsNCglnbG9iYWwgJHNpdGU7DQoJZ2xvYmFsICRpQ29kZTsNCgkNCglpZiAoICRfUkVRVUVTVFsnbGljZW5zZV9jb2RlJ10gKSB7DQogICAgICAgICAgICAkc0xOID0gdHJpbSgkX1JFUVVFU1RbJ2xpY2Vuc2VfY29kZSddKTsNCiAgICAgICAgICAgIHNldFBhcmFtKCJsaWNlbnNlX2NvZGUiLCBwcm9jZXNzX2RiX2lucHV0KCRzTE4pKTsJCQ0KCX0gZWxzZSB7DQoJICAgICRzTE4gPSBnZXRQYXJhbSgnbGljZW5zZV9jb2RlJyk7DQogICAgICAgIH0NCg0KCSRzRG9tYWluID0gJHNpdGVbJ3VybCddOw0KICAgICAgICAkc1VybCA9IGlzc2V0KCRfUkVRVUVTVFsncHVibGlzaF9zaXRlJ10pICYmICdvbicgPT0gJF9SRVFVRVNUWydwdWJsaXNoX3NpdGUnXSA/IGJhc2U2NF9lbmNvZGUoJHNpdGVbJ3VybCddKSA6ICcnOw0KCWlmIChwcmVnX21hdGNoKCcvaHR0cHM/OlwvXC8oW2EtekEtWjAtOVwuLV0rKVs6XC9dLycsICRzRG9tYWluLCAkbSkpICRzRG9tYWluID0gc3RyX3JlcGxhY2UoJ3d3dy4nLCcnLCRtWzFdKTsNCiAgICBpbmlfc2V0KCdkZWZhdWx0X3NvY2tldF90aW1lb3V0JywgMyk7IC8vIDMgc2VjIHRpbWVvdXQNCgkkZnAgPSBAZm9wZW4oImh0dHA6Ly9saWNlbnNlLmJvb25leC5jb20/TE49JHNMTiZkPSRzRG9tYWluJnVybD0kc1VybCIsICdyJyk7DQoJJGlDb2RlID0gLTE7IC8vIDEgLSBpbnZhbGlkIGxpY2Vuc2UsIDIgLSBpbnZhbGlkIGRvbWFpbiwgMCAtIHN1Y2Nlc3MNCgkkc01zZyA9ICcnOw0KDQoJaWYgKCRmcCkgew0KCQlAc3RyZWFtX3NldF90aW1lb3V0KCRmcCwgMyk7DQoJCUBzdHJlYW1fc2V0X2Jsb2NraW5nKCRmcCwgMCk7DQoNCiAgICAgICAgJHMgPSAnJzsNCgkJd2hpbGUgKCFmZW9mKCRmcCkpIHsNCgkJICAgICRzIC49IGZyZWFkKCRmcCwgMTAyNCk7DQoJCX0NCg0KCQlpZiAocHJlZ19tYXRjaCgnLzxjb2RlPihcZCspPFwvY29kZT48bXNnPiguKik8XC9tc2c+PGV4cGlyZT4oXGQrKTxcL2V4cGlyZT4vJywgJHMsICRtKSkNCgkJew0KCQkJJGlDb2RlID0gJG1bMV07DQoJCQkkc01zZyA9ICRtWzJdOw0KICAgICAgICAgICAgJGlFeHBpcmUgPSAkbVszXTsNCiAgICAgICAgICAgIHNldFBhcmFtKCJsaWNlbnNlX2V4cGlyYXRpb24iLCAkaUV4cGlyZSk7DQoJCX0NCgkJQGZjbG9zZSgkZnApOw0KCX0NCiAgICANCiAgICAkYlJlcyA9ICgkaUNvZGUgPT0gMCk7DQogICAgDQogICAgaWYgKCRpQ29kZSA9PSAwKSB7DQogICAgICAgIGlmIChmdW5jdGlvbl9leGlzdHMoJ3NldFJheUJvb25leExpY2Vuc2UnKSkgIHNldFJheUJvb25leExpY2Vuc2UoJHNMTik7ICAgICAgICANCiAgICB9DQoNCiAgICAkcyA9IG1kNShiYXNlNjRfZW5jb2RlKHNlcmlhbGl6ZShhcnJheSgkYlJlcyA/ICcnIDogJ29uJywgJHNMTiwgJGlFeHBpcmUsICRzRG9tYWluKSkpKTsgZm9yICgkaT0wIDsgJGk8MzIgOyArKyRpKSAkc1skaV0gPSBvcmQoJHNbJGldKSArICRpOyAkcyA9IG1kNSgkcyk7IHNldFBhcmFtKCJsaWNlbnNlX2NoZWNrc3VtIiwgJHMpOw0KDQoJcmV0dXJuICRiUmVzOw0KfQ0KDQpieF9sb2dpbigkaUlkLCAoYm9vbCkkX1BPU1RbJ3JlbWVtYmVyTWUnXSk7DQoNCmlmIChkYl92YWx1ZSgic2VsZWN0IGBOYW1lYCBmcm9tIGBzeXNfb3B0aW9uc2Agd2hlcmUgYE5hbWVgID0gJ2VuYWJsZV9kb2xwaGluX2Zvb3RlciciKSAhPSAnZW5hYmxlX2RvbHBoaW5fZm9vdGVyJykNCiAgICBkYl9yZXMoImluc2VydCBpbnRvIGBzeXNfb3B0aW9uc2AgKGBOYW1lYCwgYFZBTFVFYCwgYGRlc2NgLCBgVHlwZWApIHZhbHVlcyAoJ2VuYWJsZV9kb2xwaGluX2Zvb3RlcicsICdvbicsICdlbmFibGUgYm9vbmV4IGZvb3RlcnMnLCAnY2hlY2tib3gnKSIpOw0KDQppZiAoJF9SRVFVRVNUWydsaWNlbnNlX2NvZGUnXSB8fCAoZ2V0UGFyYW0oImxpY2Vuc2VfZXhwaXJhdGlvbiIpICYmIHRpbWUoKSA+IGdldFBhcmFtKCJsaWNlbnNlX2V4cGlyYXRpb24iKSkpIHsgICAgDQogICAgJGJEb2wgPSBjaGVja0RvbHBoaW5MaWNlbnNlKCk7DQogICAgc2V0UGFyYW0oJ2VuYWJsZV9kb2xwaGluX2Zvb3RlcicsICgkYkRvbCA/ICcnIDogJ29uJykpOw0KfSBlbHNlaWYgKGdldFBhcmFtKCJsaWNlbnNlX2NvZGUiKSkgew0KCSRzRG9tYWluID0gJHNpdGVbJ3VybCddOw0KCWlmIChwcmVnX21hdGNoKCcvaHR0cHM/OlwvXC8oW2EtekEtWjAtOVwuLV0rKVs6XC9dLycsICRzRG9tYWluLCAkbSkpICRzRG9tYWluID0gc3RyX3JlcGxhY2UoJ3d3dy4nLCcnLCRtWzFdKTsgICAgDQogICAgJHMgPSBtZDUoYmFzZTY0X2VuY29kZShzZXJpYWxpemUoYXJyYXkoZ2V0UGFyYW0oImVuYWJsZV9kb2xwaGluX2Zvb3RlciIpLCBnZXRQYXJhbSgibGljZW5zZV9jb2RlIiksIGdldFBhcmFtKCJsaWNlbnNlX2V4cGlyYXRpb24iKSwgJHNEb21haW4pKSkpOyBmb3IgKCRpPTAgOyAkaTwzMiA7ICsrJGkpICRzWyRpXSA9IG9yZCgkc1skaV0pICsgJGk7ICRzID0gbWQ1KCRzKTsNCiAgICBpZiAoJHMgIT0gZ2V0UGFyYW0oImxpY2Vuc2VfY2hlY2tzdW0iKSkgew0KICAgICAgICAkYkRvbCA9IGNoZWNrRG9scGhpbkxpY2Vuc2UoKTsNCiAgICAgICAgc2V0UGFyYW0oJ2VuYWJsZV9kb2xwaGluX2Zvb3RlcicsICgkYkRvbCA/ICcnIDogJ29uJykpOw0KICAgIH0gZWxzZSB7DQogICAgICAgICRpQ29kZSA9IGdldFBhcmFtKCJlbmFibGVfZG9scGhpbl9mb290ZXIiKSA/IDEgOiAwOw0KICAgIH0NCn0gZWxzZSB7ICAgIA0KICAgIHNldFBhcmFtKCdlbmFibGVfZG9scGhpbl9mb290ZXInLCAnb24nKTsNCiAgICAkaUNvZGUgPSAxOw0KfQ==';

                                                                                                                                                                            $c = 'aWYgKDAgPT0gJGlDb2RlIHx8IC0xID09ICRpQ29kZSkgDQp7DQogICAgZWNobyBNc2dCb3goX3QoJ19QbGVhc2UgV2FpdCcpKTsgDQp9DQplbHNlDQp7DQogICAgJHNOb3RlID0gX3QoJ19hZG1fbGljZW5zZV9wb3B1cF9ub3RlJyk7DQogICAgJHNMaWNlbnNlID0gX3QoJ19hZG1fbGljZW5zZV9wb3B1cF9saWNlbnNlJyk7DQogICAgJHNSZWdpc3RlciA9IF90KCdfYWRtX2xpY2Vuc2VfcmVnaXN0ZXInKTsNCiAgICAkc0NvbnRpbnVlID0gX3QoJ19hZG1fbGljZW5zZV9jb250aW51ZScsICRzVXJsUmVsb2NhdGUpOw0KICAgIGVjaG8gPDw8RU9TDQo8ZGl2IGNsYXNzPSJhZG1pbl9saWNlbnNlX2Zvcm1fd3JwIGJ4LWRlZi1mb250LWdyYXllZCI+DQogICAgPGRpdiBjbGFzcz0iYWRtaW5fbGljZW5zZV9mb3JtIGJ4LWRlZi1wYWRkaW5nIGJ4LWRlZi1ib3JkZXIiPg0KICAgICAgICA8Zm9ybSBtZXRob2Q9InBvc3QiPg0KICAgICAgICAgICAgPGlucHV0IHR5cGU9ImhpZGRlbiIgbmFtZT0iSUQiIHZhbHVlPSIkaUlkIiAvPg0KICAgICAgICAgICAgPGlucHV0IHR5cGU9ImhpZGRlbiIgbmFtZT0iUGFzc3dvcmQiIHZhbHVlPSIkc1Bhc3N3b3JkIiAvPg0KICAgICAgICAgICAgPGRpdiBjbGFzcz0iYWRtaW5fbGljZW5zZV9tZXNzYWdlIGJ4LWRlZi1mb250LWgyIj4kc05vdGU8L2Rpdj4NCiAgICAgICAgICAgIDxkaXYgY2xhc3M9ImJ4LWRlZi1tYXJnaW4tdG9wIj4NCiAgICAgICAgICAgICAgICA8ZGl2IGNsYXNzPSJhZG1pbl9saWNlbnNlX2NlbGxfY3B0IGJ4LWRlZi1tYXJnaW4tc2VjLXJpZ2h0IGJ4LWRlZi1mb250LWxhcmdlIj4kc0xpY2Vuc2U8L2Rpdj4NCiAgICAgICAgICAgICAgICA8ZGl2IGNsYXNzPSJhZG1pbl9saWNlbnNlX2NlbGwgYngtZGVmLW1hcmdpbi1zZWMtcmlnaHQiPg0KICAgICAgICAgICAgICAgICAgICA8aW5wdXQgdHlwZT0idGV4dCIgbmFtZT0ibGljZW5zZV9jb2RlIiBpZD0iYWRtaW5fbG9naW5fbGljZW5zZSIgY2xhc3M9ImJ4LWRlZi1yb3VuZC1jb3JuZXJzLXdpdGgtYm9yZGVyIGJ4LWRlZi1mb250LWxhcmdlIiAvPg0KICAgICAgICAgICAgICAgIDwvZGl2Pg0KICAgICAgICAgICAgICAgIDxkaXYgY2xhc3M9ImFkbWluX2xpY2Vuc2VfY2VsbCI+DQogICAgICAgICAgICAgICAgICAgIDxidXR0b24gY2xhc3M9ImJ4LWJ0biIgdHlwZT0ic3VibWl0IiBpZD0iYWRtaW5fbG9naW5fZm9ybV9zdWJtaXQiPiRzUmVnaXN0ZXI8L2J1dHRvbj4NCiAgICAgICAgICAgICAgICA8L2Rpdj4NCiAgICAgICAgICAgICAgICA8ZGl2IGNsYXNzPSJjbGVhcl9ib3RoIj48L2Rpdj4NCiAgICAgICAgICAgIDwvZGl2Pg0KICAgICAgICA8L2Zvcm0+DQogICAgPC9kaXY+DQogICAgPGRpdiBjbGFzcz0iYWRtaW5fbGljZW5zZV9jb250aW51ZSBieC1kZWYtbWFyZ2luLXNlYy10b3AiPiRzQ29udGludWU8L2Rpdj4NCjwvZGl2Pg0KRU9TOw0KfQ==';

 

 

Quote · 24 Feb 2014
Nathan Paton
Nathan PatonUndefined
9604 posts
0
 

It's encrypted (base64) code for the license system. If by "back door" they mean checking the validity of an entered license, then yes, it's a back door. And Rome is home to the Eifel Tower.

BoonEx Certified Host: Zarconia.net - Fully Supported Shared and Dedicated for Dolphin
Quote · 24 Feb 2014
emdiamond
emdiamondAdvanced
11 posts
0
 

 Yea, That's what I thought.  I'll send them this info but I think I'm going to be changing permissions once a month on these files.

Thanks,

 

It's encrypted (base64) code for the license system. If by "back door" they mean checking the validity of an entered license, then yes, it's a back door. And Rome is home to the Eifel Tower.

 

Quote · 24 Feb 2014
Nathan Paton
Nathan PatonUndefined
9604 posts
0
 

 

Yea, That's what I thought.  I'll send them this info but I think I'm going to be changing permissions once a month on these files.

Thanks,

If your host can't grasp the concept of license checks, they're probably not the best host for Dolphin... or really anything more than static HTML sites. I hope they understand.

BoonEx Certified Host: Zarconia.net - Fully Supported Shared and Dedicated for Dolphin
Quote · 24 Feb 2014
deano92964
deano92964Premium
10772 posts
0
 

Those files are tripping your hosts virus scanners. Your going to need to tell your host that they have to somehow white list those files in their scanner. It's a false positive. If they keep doing that, then yea, i would recommend you find another host.

This is actually the first report i have ever seen in these forums of a host blocking for that reason.

https://www.deanbassett.com
Quote · 24 Feb 2014
Detective08
Detective08Advanced
2452 posts
0
 

Same here ... I have never seen this being reported either. I can't see why the host cannot work around it without issue.

 

This is actually the first report i have ever seen in these forums of a host blocking for that reason.

 

DedicatedServer4You.com -- BIGGEST Range of Dedicated Servers at the Lowest Price!
Quote · 24 Feb 2014
dolphin_jay
dolphin_jayPremium
2095 posts
0
 

this is the 3rd time i have seen this ....   

https://dolphin-techs.com - Skype: Dolphin Techs
Quote · 24 Feb 2014
deano92964
deano92964Premium
10772 posts
0
 

I have seen reports of home computers virus scanners like Avast or AVG picking it up. But never on a server.

Anyway. There are other ways of obfuscating php code other than base64 encoding. Perhaps dolphin should try a different method.

https://www.deanbassett.com
Quote · 24 Feb 2014
malpa
malpaAdvanced
95 posts
0
 

 Should!

My ISP also reports about viruses connected with these files.

Perhaps dolphin should try a different method.

 

Quote · 14 Apr 2015
mscott
mscottAdvanced
2088 posts
0
 

Ask them for the name of the virus or a link to some info about it, that should have them scratching their heads for a while. 

BoonEx Certified Host: Zarconia.net - Fully Supported Shared and Dedicated for Dolphin
Quote · 14 Apr 2015
Reply ›
 
 
Home
Features
Pricing
Hosting
Support
About
StartDemo
Below is the legacy version of the Boonex site, maintained for Dolphin.Pro 7.x support.
The new Dolphin solution is powered by UNA Community Management System.

Blogs

Dolphin.Pro News
BoonEx News
Our Journey
Social Software World
Community Voice

Help

Support Forums
Documentation
BoonEx at GitHub
Knowledge Base
Contact Support Team

Product

Dolphin.Pro Features
Live Demo & Sandbox
Download Packages
Pricing & Order
Contact Sales Team

Company

Contact Us
About BoonEx
Privacy Policy
Terms & Conditions
© BoonEx Pty Ltd