/
home
/
assocoweys
/
cdc93
/
tmp
/
install_6a4e08cde3ced
/
admin
/
sql
/
mysql
/
Upload File
HOME
TRUNCATE TABLE `#__rsfirewall_signatures`; INSERT IGNORE INTO `#__rsfirewall_signatures` (`signature`, `type`, `reason`) VALUES ('a2FjYWs=', 'filename', 'PHP Shell variant'), ('aDRja2VyXC50cg==', 'regex', 'PHP Shell - General variant'), ('aGFuaXhhdmlAbXNuLmNvbQ==', 'regex', 'PHP Shell - File uploader'), ('aGVhZGVyKFxzKyk/XChbInwnXShsfEwpb2NhdGlvbjooXHMrKT9odHRwOiguKj8pXCk=', 'regex', 'Possible PHP injection (redirect)'), ('aHR0cFw6Ly9mYnRcLnlhaG9vXC5jb20vY291bnRlclwucGhw', 'regex', 'PHP injection (Russian counter)'), ('aW5pXF9zZXRcKGNoclwo', 'regex', 'PHP injection'), ('aWZcKFwkX1BPU1RcWydnb2xkZW4nXF1cPVw9IkRvbmUiXCk=', 'regex', 'PHP Injection - File uploader'), ('aWZcKGZ1bmN0aW9uX2V4aXN0c1woJ29iX3N0YXJ0J1wpJiYhaXNzZXRcKFwkR0xPQkFMU1xbKC4q\nPylcXVwpXCl7XCRHTE9CQUxTXFsoLio/KVxdPQ==', 'regex', 'PHP injection'), ('b2Jfc3RhcnRcKCJjYWxsYmNrIlwp', 'regex', 'PHP injection'), ('bGl6MHppbQ==', 'filename', 'PHP Shell variant'), ('bTBydGl4', 'filename', 'Backdoor - possible hijacked server'), ('bWFpbChccyspP1woKCJ8JykoLipAKQ==', 'regex', 'Possible PHP injection (mailer)'), ('YmxwYXlsb2FkLnBocA==', 'filename', 'Astroid Framework exploit - malicious payload disguised as a plugin'), ('amNhY2hlcHJvLnBocA==', 'filename', 'Astroid Framework exploit - malicious payload disguised as a plugin'), ('c29zeWV0ZQ==', 'filename', 'PHP Shell variant'), ('c2FmZTB2ZXI=', 'filename', 'PHP Shell variant'), ('c2hcX2RlY3J5cHRcX3BoYXNl', 'regex', 'PHP Injection - Shell'), ('c2hlbGxib3Q=', 'filename', 'Backdoor - possible hijacked server'), ('c3B5bWV0YQ==', 'filename', 'Possible hijacked server'), ('c3RycmV2XCgoJ3wiKWVkb2NlZF80NmVzYWIoJ3wiKVwp', 'regex', 'Possible PHP injection (obfuscated code)'), ('c3RycmV2XChiYXNlNjRfZGVjb2RlXCgoP3MpLio/XClcKQ==', 'regex', 'Possible PHP injection (encoded code - strrev())'), ('c3RyX3JvdDEzXCgncmlueSdcKQ==', 'regex', 'PHP Injection - Obfuscated eval'), ('c3RyX3JvdDEzXChiYXNlNjRfZGVjb2RlXCgoP3MpLio/XClcKQ==', 'regex', 'Possible PHP injection (encoded code - str_rot13())'), ('cGhwc2hlbGw=', 'filename', 'PHP Shell'), ('cGhwcmVtb3Rldmlldw==', 'filename', 'PHP Shell'), ('cHJlZ19yZXBsYWNlXCgiL1wuXCovZSI=', 'regex', 'Possible PHP injection (obfuscated code using /e modifier)'), ('cHJlZ19yZXBsYWNlXChbJ3wiXS9cKFwuXCpcKVwvZQ==', 'regex', 'Possible PHP injection (obfuscated code using /e modifier)'), ('cHMgLWF1eA==', 'regex', 'PHP Shell - suspicious code'), ('cHN5Qk5D', 'filename', 'IRC Client - possible hijacked server'), ('cjBuaW4=', 'filename', 'Exploit - possible hijacked server'), ('cjU3c2hlbGw=', 'filename', 'PHP Shell'), ('cjU3c2hlbGw=', 'regex', 'PHP Shell variant'), ('cjU3XC5nZW5cLnRy', 'regex', 'PHP Shell - General variant'), ('cmFzbGFuNTg=', 'filename', 'Possible hijacked server'), ('dHJ5YWc=', 'filename', 'PHP Shell variant'), ('dm9pZFwucnU=', 'filename', 'Possible hijacked server'), ('dnVsbnNjYW4=', 'filename', 'Vulnerability Scanner - possible hijacked server'), ('dW5kZXJuZXQ=', 'filename', 'IRC Client - possible hijacked server'), ('dzAwdA==', 'filename', 'Exploit - possible hijacked server'), ('emVoaXI0', 'filename', 'PHP Shell variant'), ('J2InLidhcycuJ2U2Jy4nNF8nLidlbicuJ2NvJy4nZGUn', 'regex', 'PHP Injection - base64_decode() obfuscated function call'), ('J2JhcycuJ2U2NF9kJy4nZWNvJy4nZGUn', 'regex', 'PHP Injection - base64_decode() obfuscated function call'), ('J2NyZScuJ2F0ZScuJ19mdW4nLidjdCcuJ2lvJy4nbic=', 'regex', 'PHP Injection - create_function() obfuscated function call'), ('KEAoXCRbYS16MC05XStcKCl7NCx9KQ==', 'regexis', 'PHP Injection - Obfuscated function call'), ('KFthLXowLTlfXStcL1wqKC4qPylcKlwvXCgp', 'regex', 'PHP Injection - Obfuscated function call'), ('KFwkc1xfZnVuYz0oIlthLXpfXSsiW1wuXSl7NCx9KQ==', 'regexis', 'PHP Injection - Obfuscated function name'), ('KFwkW2EtejAtOV0rXHM/XCgpezMsfQ==', 'regexi', 'PHP Injection - Obfuscated function name'), ('KFwkW2EtejAtOV0rXHtbMC05XStcfVxzP1wuP1xzPyl7MTAsfQ==', 'regexis', 'PHP Injection - Obfuscated function name'), ('KFwkW2Etel0rKVwoIlthLXpdIixccz8iIixccz8iW2EtejAtOV9dKyJcKQ==', 'regexis', 'PHP Injection - Obfuscated function name'), ('KFwkZnVuYz0oIlthLXpfXSsiW1wuXSl7NCx9KQ==', 'regexis', 'PHP Injection - Obfuscated function name'), ('KGluY2x1ZGVcX29uY2V8cmVxdWlyZVxfb25jZXxpbmNsdWRlfHJlcXVpcmUpKFxzKyk/KFwoKT9b\nJ3wiXSguKikoXC5wbmd8XC5naWZ8XC5qcGd8XC5qcGVnfFwuaW5pKVsnfCJdKFwpKT8=', 'regex', 'Highly suspicious inclusion (possible CryptoPHP)'), ('KGNoclwoKFswLTldKyl7Myx9XClcLmNoclwoKFswLTldKylcKVwuY2hyXCgoWzAtOV0rKVwpXC5j\naHJcKChbMC05XSspXCkpXC5jaHJcKChbMC05XSspXClcLmNoclwoKFswLTldKylcKQ==', 'regex', 'Possible PHP injection (obfuscated code)'), ('KGpzL2pxdWVyeVwubWluXC5waHAuKj8iXD9kZWZhdWx0X2tleXdvcmRcPSIgXCsgZGVmYXVsdF9r\nZXl3b3JkKQ==', 'regex', 'Search engine referrer hijacking'), ('KHdnZXR8bHlueHxsaW5rc3xjdXJsKSBodHRwcz86XC9cLy4qPzsgcGVybCAuKj8=', 'regex', 'Possible PHP injection (file download and execution)'), ('KHdnZXR8bHlueHxsaW5rc3xjdXJsKSBodHRwcz86XC9cLy4qPzsgY2htb2QgLio/OyBcLlwv', 'regex', 'Possible PHP injection (file download and execution)'), ('KHJlYWxzdGF0aXN0aWNzXC4oaW5mb3xwcm8pfHJlYWxhbmFseXRpY3NcLnByb3xzaXRlYW5hbHl0\naWNzXC5wcm98d2Vic3RhdGlzdGljc1wucHJvfGFkb2Jlc2VjdXJ1cGRhdGVcLmNvbXxtaWNyb3Nv\nZnQtc2VjdXJldHlcLmNvbSk=', 'regexis', 'Realstatistics Malware'), ('KHNoZWxsX2V4ZWN8cGFzc3RocnV8c3lzdGVtfGV4ZWN8cG9wZW4pW1xzK10/XChbXHMrXT9cJChH\nTE9CQUxTfF9TRVJWRVJ8X0dFVHxfUE9TVHxfRklMRVN8X0NPT0tJRXxfU0VTU0lPTnxfUkVRVUVT\nVHxfRU5WKQ==', 'regex', 'Possible PHP injection (binary executed from superglobal variable)'), ('KHNoZWxsX2V4ZWN8cGFzc3RocnV8c3lzdGVtfGV4ZWN8cG9wZW4pXHM/XCgoJ3wiKSh3Z2V0fGx5\nbnh8bGlua3N8Y3VybCk=', 'regex', 'Possible PHP injection (file download)'), ('PCEtLWNoZWNrZXJfc3RhcnQ=', 'regex', 'PHP injection'), ('PFw/cGhwW1xzK117MjQwLH0oLio/KVxz', 'regex', 'Abnormally long spacing after PHP tag - could be used to hide code from view'), ('PGlucHV0IG5hbWU9Ii4qPyIgdHlwZT0iZmlsZSI+', 'regex', 'Possible PHP Shell - File uploader'), ('Q1dTaGVsbER1bXBlcg==', 'filename', 'PHP Shell variant'), ('QFwkW2EtekEtWjAtOV0rXChcJF8oUE9TVHxHRVR8UkVRVUVTVHxDT09LSUUpXFsuKg==', 'regex', 'Possible PHP Injection - obfuscated code execution from Superglobal variable.'), ('REFMbmV0', 'filename', 'IRC Client - possible hijacked server'), ('U2F1ZGkgU2gzbGw=', 'filename', 'PHP Shell variant'), ('UEhQSmlhTWlcLkNvbQ==', 'regexi', 'PHP Injection - Shell'), ('UEhQZW5jb2Rlcg==', 'regex', 'PHP Encoded file - PHPencoder variant, please review manually'), ('VXBsb2FkIEdhZ2Fs', 'regex', 'PHP Shell - File uploader'), ('X2lsX2V4ZWNcKFwp', 'regex', 'Possible risk - ionCube encrypted file'), ('XC5ydS8=', 'filename', 'Possible hijacked server'), ('XC9ldGNcL3Bhc3N3ZA==', 'regex', 'PHP Shell - suspicious code'), ('XC9qcXVlcnlcLm1pblwucGhw', 'regex', 'PHP Injection - Search engine hijacker'), ('XCgiL1thLXpBLVowLTldKy9lIiw=', 'regex', 'Possible PHP injection (obfuscated code using /e modifier)'), ('XChnemluZmxhdGVcKGJhc2U2NF9kZWNvZGVcKCg/cykuKlwp', 'regex', 'Possible PHP injection (compressed code - gzip)'), ('XCR1cGxvYWRmaWxlIFw9IFwkX1BPU1RcWyJwdCJcXVwuXCRfRklMRVNcWyJmaWxlIlxdXFsibmFt\nZSJcXQ==', 'regex', 'PHP Shell - File uploader'), ('XCR1YVw9QFwkX1NFUlZFUlxbIkhUVFBfVVNFUl9BR0VOVCJcXTtcJHJvd1w9c3BsaXRcKCJcPVw9\nXD0iLFwkdWFcKQ==', 'regex', 'PHP Injection - Shell'), ('XCR3cF9hZGRfZmlsdGVyXCg=', 'regex', 'PHP injection (obfuscated code)'), ('XCRbXiAtfl0rXCguKj9cKTs=', 'regex', 'Possible PHP Injection - Characters outside of typing range.'), ('XCRbYS16MC05XSs9XCRfQ09PS0lF', 'regex', 'Possible PHP Injection - superglobal variable obfuscation.'), ('XCRbYS16MC05XSsgPSBcJFxfUE9TVFxbJ1thLXowLTldKydcXTsuQD9wYXNzdGhydVwoXCRbYS16\nXStcKTs=', 'regexis', 'PHP Injection - Shell'), ('XCRbYS16MC05XStccz89XHM/XCRbYS16MC05XStcKCJbYS16MC05XSsiLFxzPyIiLFxzPyJbYS16\nMC05XStcX1thLXowLTldKyJcKTs=', 'regex', 'PHP Injection - Obfuscated function call'), ('XCRcXyhGSUxFU3xTRVJWRVJ8UE9TVHxHRVQpXFsiKFtBLVphLXpcX10rKT8oXFx4WzAtOUEtRmEt\nZl17MSwyfSl7MSx9KFtBLVphLXpcX10rKT9cIl0=', 'regex', 'PHP Injection - Obfuscated Superglobal variable.'), ('XCRfR0VUXFsicGluZyJcXSBcPVw9IFwoInBpbmdfaG9zdCJcKQ==', 'regex', 'PHP Mass Mailer'), ('XCRfR0VUXFsnbWFpbHpvcidcXQ==', 'regex', 'PHP Injection - Mass mailer'), ('XCRfR0VUXFsnc3dzJ1xdXD1cPSAncGhwaW5mbyc=', 'regex', 'PHP Shell variant'), ('XCRfUE9TVFxbJ2NtZCdcXVw9XD0icGhwX2V2YWwi', 'regex', 'PHP Shell variant'), ('XCRfW2EtekEtWl09X19GSUxFX187XCRfW2EtekEtWl09', 'regex', 'PHP injection (obfuscated code)'), ('XCRHTE9CQUxTXFsnKFthLXpdKyk/KFswLTldKyk/J11cKA==', 'regex', 'Possible PHP injection (code executed through superglobal variable)'), ('XCRHTE9CQUxTXFtcJEdMT0JBTFNcWydbYS16MC05XSsnXF1cW1swLTldK1xd', 'regex', 'PHP Injection'), ('XCRjdXJyZW50IFw9IGh0bWxlbnRpdGllcyBcKFwkX1NFUlZFUiBcWydQSFBfU0VMRidcXSBcLiAi\nXD9kaXJcPSIgXC4gXCRkaXJcKQ==', 'regex', 'PHP Injection'), ('XCRmcm9tX25hbWVcPXJhbmRUZXh0XChcKQ==', 'regexi', 'PHP Mass Mailer - random \"from\" address'), ('XCRRQkRCNTFFMjVCRjlBN0YzRDI0NzUwNzI4MDNEMUMzNkQ=', 'regex', 'PHP Shell variant compressed'), ('XCRyZWRfaG9zdC9cJGZha2Vfc2NyaXB0', 'regex', 'PHP Injection'), ('XF9bMC05XStcKFswLTldK1wp', 'regex', 'Possible PHP Injection - function name contains only numbers.'), ('XFx4NDdcXHg0Y1xceDRmQlxceDQxXFx4NGNcXHg1Mw==', 'regex', 'PHP Injection - GLOBALS obfuscated variable call'), ('XFx4NjJcXDE0MVxceDczXFwxNDVcXHgzNlxcNjRcXHg1ZlxcMTQ0XFx4NjVcXDE0M1xceDZmXFwx\nNDRcXHg2NQ==', 'regex', 'PHP Injection - base64_decode() obfuscated function call'), ('XkdJRjg5OyhbXlxuXSpcbispKyhcPFw/cGhwKQ==', 'regex', 'PHP injection - Hidden inside GIF file'), ('XlwjW2EtejAtOV0rXCMkKC4qPyleXCNcL1thLXowLTldK1wjJA==', 'regexms', 'PHP Injection - Page hijacker'), ('XlwkcGFzc3dvcmRcPUBcJF9SRVFVRVNUXFsncGFzc3dvcmQnXF07', 'regexm', 'Possible PHP Injection'), ('Y2hyXChcKFswLTldK1wtWzAtOV0rXClcKQ==', 'regex', 'Possible PHP Injection - Obfuscated code'), ('Y2N0ZWFtXC5ydQ==', 'regex', 'PHP Shell variant'), ('Y3dpbmdz', 'filename', 'PHP Shell'), ('Y3JlYXRlXF9mdW5jdGlvblwoXCdcJFwnKC4qKQ==', 'regex', 'Possible PHP injection (create_function() call)'), ('YmFzaF9oaXN0b3J5', 'filename', 'Possible hijacked server'), ('Yml0Y2h4', 'filename', 'IRC Client - possible hijacked server'), ('YnJ1dGUgKmZvcmNl', 'filename', 'Bruteforce'), ('YW50aWNoYXQ=', 'filename', 'PHP Shell variant'), ('YWN0PXBocGluZm8=', 'regex', 'PHP Shell variant'), ('Yzk5c2hlbGw=', 'filename', 'PHP Shell'), ('Yzk5c2hlbGw=', 'regex', 'PHP Shell variant'), ('Z3VhcmRzZXJ2aWNlcw==', 'filename', 'Possible hijacked server'), ('ZGllXChtZDVcKFwnW2EtejAtOV9dK1wnXClcKTs=', 'regexis', 'PHP Injection - Shell'), ('ZGlyZWN0bWFpbA==', 'filename', 'Mailer - possible hijacked server'), ('ZWdnZHJvcA==', 'filename', 'IRC Bot - possible hijacked server'), ('ZWtpbjB4', 'filename', 'PHP Shell variant'), ('ZXhlY1woKC4qKVwvYmluXC9zaA==', 'regex', 'Possible PHP injection (shell execution)'), ('ZXZhbFtcc10/XChbXHNdP2Jhc2U2NF9kZWNvZGVcKFtcc10/Lio/XClcKQ==', 'regex', 'Possible PHP injection (encoded code - base64)'), ('ZXZhbFwoc3RyaXBzbGFzaGVzXChcJF8oLio/KVwpXCk=', 'regex', 'Possible PHP injection (code executed from superglobal variable)'), ('ZXZhbFwoIlw/XD4iXC5iYXNlNjRfZGVjb2Rl', 'regex', 'Possible PHP injection (encoded code - base64)'), ('ZXZhbFwoW2EtekEtWjAtOV0rXChbJGEtekEtWjAtOV0r', 'regex', 'Possible PHP injection (code executed through obfuscated functions)'), ('ZXZhbFwoXCRbYS16QS1aMC05XStcKFwkW2EtekEtWjAtOV0rXChcJFthLXpBLVowLTldKw==', 'regex', 'PHP Injection - Obfuscated code'), ('ZXZhbFwoXCRcX1BPU1RcWyJbYS16XSsiXF1cKQ==', 'regex', 'PHP Injection - Code executed from $_POST request'), ('ZXZhbFwoXCRfKC4qPylcKQ==', 'regex', 'Possible PHP injection (code executed from superglobal variable)'), ('ZXZhbFwoYmFzZTY0X2RlY29kZVwoKD9zKS4qP1wpXCk=', 'regex', 'Possible PHP injection (encoded code - base64)'), ('ZXZhbFwvXCooLiopXCpcL1wo', 'regexis', 'Obfuscated eval()'), ('ZXZhbFwvXCpcKlwvXCg=', 'regex', 'Hidden eval()'), ('aGFja2xpbmtcLnB3', 'regex', 'URL call to black-market SEO platform'), ('bmFtZVw9YSB2YWx1ZVw9J0ZpbGVzV2luJw==', 'regex', 'PHP Shell'), ('XDxiXD5nYWdhbA', 'regex', 'PHP Shell'), ('XDxpbnB1dCB0eXBlXD1maWxlIG5hbWVcPWZcPg', 'regex', 'PHP Shell'), ('bWQ1XChcJF9QT1NUXFsicGFzc3dvcmQiXF1cKSA/XD1cPSA/Wyd8Il0oW2EtejAtOV0pezMyfVsnfCJd', 'regexis', 'PHP Shell'), ('W2EtejAtOV9dKzo6Z1woJ1thLXpfXC4sJyBdKydcKQ', 'regexis', 'PHP Shell'), ('YmFzZTY0X2RlY29kZVwoc3RycmV2XChzdHJfcm90MTNcKFwk', 'regexis', 'PHP base64 obfuscation'), ('aW1wbG9kZVwoJycsXHM/YXJyYXlfbWFwXCgnW0EtWl0rJyxccz9zdHJfc3BsaXRcKC4qXClcKVwp', 'regex', 'PHP variable obfuscation'), ('KGluY2x1ZGV8cmVxdWlyZSlcX29uY2Vccz9cKD8oInwnKShcXHhbMC03YS1mXXsyfSk', 'regexis', 'PHP file inclusion obfuscation'), ('ImgiXC4iZSJcLiJ4IlwuIjIiXC4iYiJcLiJpIlwuIm4i', 'regexis', 'PHP variable obfuscation'), ('KHVnZ2NmP1w6XC9cL1thLXpcLjAtOVwvXSsp', 'regexis', 'PHP str_rot13 encoded URL'), ('KG1kNVwoKXszLH0=', 'regexi', 'Possible PHP injection (multiple MD5() function calls)'), ('KGluY2x1ZGVcX29uY2VcL1wqLipcKlwvKQ==', 'regexi', 'PHP Injection - Obfuscated code');