Control Web Panel

WebPanel => Backup => Topic started by: ripieces on April 19, 2016, 11:50:57 AM

Title: undefined variable in cron_backup.php (obfuscated code)
Post by: ripieces on April 19, 2016, 11:50:57 AM
Hello,


I have had this problem from the beginning, after freshly installing CWP 0.9.8.11 in Februray or so.

Here is a more recent example for the .11 version:

Code: [Select]
######################
Update Server Packages
######################
Your CWP version: 0.9.8.11

No update needed, your CWP is up to date.
85.214.143.24
Date which backup script is using: 2016-04-10 02:02:05

PHP Notice:  Undefined variable: sqe280g9LS16ak in /usr/local/cwpsrv/htdocs/resources/admin/include/cron_backup.php(1) : eval()'d code(1) : eval()'d code on line 7

Notice: Undefined variable: sqe280g9LS16ak in /usr/local/cwpsrv/htdocs/resources/admin/include/cron_backup.php(1) : eval()'d code(1) : eval()'d code on line 7
PHP Notice:  Undefined variable: sqe280g9LS16ak in /usr/local/cwpsrv/htdocs/resources/admin/include/cron_backup.php(1) : eval()'d code(1) : eval()'d code on line 7

Notice: Undefined variable: sqe280g9LS16ak in /usr/local/cwpsrv/htdocs/resources/admin/include/cron_backup.php(1) : eval()'d code(1) : eval()'d code on line 7


When it updated to .12 the error message changed a bit:

Code: [Select]
######################
Update Server Packages
######################
Your CWP version: 0.9.8.12

No update needed, your CWP is up to date.
85.214.143.24
Date which backup script is using: 2016-04-19 02:02:05

PHP Notice:  Undefined variable: VJg44cgmkBOnFH in /usr/local/cwpsrv/htdocs/resources/admin/include/cron_backup.php(1) : eval()'d code(1) : eval()'d code on line 7

Notice: Undefined variable: VJg44cgmkBOnFH in /usr/local/cwpsrv/htdocs/resources/admin/include/cron_backup.php(1) : eval()'d code(1) : eval()'d code on line 7
PHP Notice:  Undefined variable: VJg44cgmkBOnFH in /usr/local/cwpsrv/htdocs/resources/admin/include/cron_backup.php(1) : eval()'d code(1) : eval()'d code on line 7

Notice: Undefined variable: VJg44cgmkBOnFH in /usr/local/cwpsrv/htdocs/resources/admin/include/cron_backup.php(1) : eval()'d code(1) : eval()'d code on line 7

There are several forum threads about this problem, but they all hve no solution:
http://forum.centos-webpanel.com/centos-webpanel-bugs/cron-error-undefined-variable/
http://forum.centos-webpanel.com/backup/notice-undefined-variable-in-cwp-daily-backup-cron-1566/
http://forum.centos-webpanel.com/backup/backup-issue/


Now today I wanted to investigate the problem myself, but in all files I end up with obfuscated code similar to this one in cron_backup-php:
Code: [Select]
<?php /* Reverse engineering of this file is strictly prohibited. File protected by copyright law and provided under license. */ if(!function_exists("agF1gTdKEBPd6CaJ")) { function agF1gTdKEBPd6CaJ($ekV4gb3DGH29YotI) {
// [...]
} }eval(agF1gTdKEBPd6CaJ('[...]')); ?>

The last time I saw this eval obfuscation technique at use it was in a hi-jacked WordPress installation - Or is that a nice way of reminding me that CentOS WebPanel is not open source?
 :o Any ideas?



In the Backup Configuration I have these settings:

Manage Backups:
- Enable Backup: checked
- Location: /backup
- Daily, Weekly, Monthly, Mysql: checked
- Backup All users not checked

Remove Backup Settings:
- Never changed anything here, nothing is checked and only Temp Folder /tmp is set
Title: Re: undefined variable in cron_backup.php (obfuscated code)
Post by: abilicom on April 25, 2018, 01:52:50 AM
See my answer here:
http://forum.centos-webpanel.com/ssl/ssl-vhost-manager/?action=post;last_msg=16265
Regards,
Brian Brown, Ph.D.