Geek Answers Handbook

The browser has downloaded this unbroken PHP script. What is he doing?

As soon as I entered the site, my browser (chrome) downloaded this script. This is not obfuscation and not too long, and I think it is harmless, but I do not know PHP, so I'm not sure. The file was called csync.php .

Chrome had the impression that it was the only file uploaded. Is it possible that this is not so?

Can someone shed light on what this is doing?

 <?php require_once("config/config.php"); require_function("util/StaticFunctions.php"); require_function("service/ServiceFactory.php"); require_function("bo/BoFactory.php"); require_function("data/DataFactory.php"); require_function("util/UtilFactory.php"); require_function("data/AkamaiLoggingService.php"); include 'config/setup/config-setup-skenzo.php'; include 'config/skenzo_request_variables.php'; header('P3P:CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA"'); header('Content-type: text/html'); header('Cache-Control: no-cache, no-store, must-revalidate'); header('Pragma: no-cache'); header('Expires: -1'); $visitorInfo = BoFactory::getVisitorInfo(); $vsid = $visitorInfo->getVisitorId(); $dataNames = VisitorInfo::$VSID_DATA_NAMES; $mName = BoFactory::getInboundHttpRequest()->getSanitizedValueOfParam('type'); $mValue = BoFactory::getInboundHttpRequest()->getSanitizedValueOfParam('ovsid'); $vsCk = VISITOR_ID; $vsDaCk = VISITOR_DATA; $sepVal = VisitorInfo::$VALUE_SEP; $sepTime = VisitorInfo::$TIME_SEP; $vsDaTime = VisitorInfo::$VSID_DATA_TIME; echo '<html> <head></head> <body> <script type="text/javascript" >'; $vsyncConf = array ( "vsCk" => $vsCk, "vsDaCk" => $vsDaCk, "sepVal" => $sepVal, "sepTime" => $sepTime, "vsDaTime" => $vsDaTime ); echo "var vsyncConfig = " . json_encode($vsyncConf) . ";\n"; include(SKENZO_MEDIA_DIR. '/js/util/C2/modules/mnvdata.js'); echo '</script>'; echo "</body></html>"; if(AKAMAI_LOG_POSTBACK == $_SERVER['SERVER_NAME']) { define('AKAMAI_BULK_LOGGING', TRUE); define('TEST_ENGINE_FROM_SERVING', '1'); try { $akLogService = new AkamaiLoggingService(); $akLogService->handleAkamaiBulkData(); echo '<!--var logged = 1;-->'; } catch(Exception $e) { error("RTBLOG AKAMAI ERROR: " , $e , LOG_ALERT); echo '<!--var logged = 0;-->'; } } else { if(AKAMAI_LOG_ORIGIN == $_SERVER['SERVER_NAME']) { echo '<!--var logged = 1;-->'; } else { define('AKAMAI_BULK_LOGGING', TRUE); define('TEST_ENGINE_FROM_SERVING', '1'); try { $akLogService = new AkamaiLoggingService(); $akLogService->handleGetRequests(); echo '<!--var logged = 1;-->'; } catch(Exception $e) { error("RTBLOG AKAMAI ERROR: " , $e , LOG_ALERT); echo '<!--var logged = 0;-->'; } } } ?>
+8
security php malware virus
source share
3 answers

The server you are visiting is poorly configured. As a result, instead of executing PHP, the server sent it to your browser. Browsers do not run PHP, so you are safe.

If you care about the site you visited, it is best to contact support and submit it to this post.

Similarly, the csync.php file was registered in several places online over the past couple of days. This, along with a link to AKAMAI (a huge content delivery network), suggests that a misconfigured server is not the first site you actually were on, but a third-party server that the site, along with many others, relies on.

Visible Source File: http://qsearch.media.net/csync.php

Similar reports (Google): https://encrypted.google.com/search?q=csync.php+download

+6
source share

I also saw that this file got into my downloads. The source is qsearch.media.net. If you visit media.net, you will see that it is part of the online advertising ecosystem. There is probably an error in one of the scripts. Then sites using the media.net service force your computer to download this php file.

0
source share

This is absolutely not a server error on any websites, because my browser also downloads this script from several sites, one of them is from speedtest.net, I do not know what is happening in hack.

-one
source share

More articles:


All Articles