Hello all!
Can you write me some code which let me sleep calm during the night
and what should I do to prevent some attackers from using curl function?
In Poland there is a big portal which become famous and some attackers
attacked it by using curl function and get all data about users.
Can you wirte me what should I do to prevent my portal from such attack?
Maybe id session regenerating is one of the thing which I should apply after
new login?
Thank you in advance
M. 6 5021
K. wrote:
What should I do to prevent some attackers from using curl function?
Unplug your server.
--
----------------------------------
Iván Sánchez Ortega -ivansanchez-algarroba-escomposlinux-punto-org-
Proudly running Debian Linux with 2.6.22-3-amd64 kernel, KDE 3.5.8, and PHP
5.2.5-1 generating this signature.
Uptime: 12:23:02 up 68 days, 22:38, 4 users, load average: 1.69, 1.23,
1.07
K. wrote:
Hello all!
Can you write me some code which let me sleep calm during the night
and what should I do to prevent some attackers from using curl function?
In Poland there is a big portal which become famous and some attackers
attacked it by using curl function and get all data about users.
Can you wirte me what should I do to prevent my portal from such attack?
Maybe id session regenerating is one of the thing which I should apply after
new login?
Thank you in advance
M.
Well, nothing special about curl.
It is just PHP's way of making http requests.
If the portals are hacked, they are NOT HACKED via Curl, but just USING
Curl.
The portals were unsafe to start with.
Regards,
Erwin Moller
Well, nothing special about curl.
It is just PHP's way of making http requests.
If the portals are hacked, they are NOT HACKED via Curl, but just USING
Curl.
The portals were unsafe to start with.
Regards,
Erwin Moller
Yes, I have made a mistake with saying that they are hacked via curl.
I meant that how to prevent from hacking by using curl.
What things should I apply to make my site safe and be sure that nobody
who uses curl will not hacked my site?
Please answer.
I will be very grateful for help
M.
What things should I apply to make my site safe and be sure that nobody
who uses curl will not hacked my site?
Please answer.
I will be very grateful for help
Safety is not a command-line switch. Safety is looking what needs to be
done and exclude the rest. Like regenerating the session IDs. You should
always do that upon changing the user rights.
Also, take a good look at the file settings and look if sensitive files
are accessible from outside. Look at the possibility of SQL injection if
you use a database, and command-line injection if you call external
programs, e-mail injection if you send mail, etc.
And please don't expect our crystal balls to work if you even don't tell
us what OS you are using.
Safety is details and guarding those details.
Good luck,
--
Willem Bogaerts
Application smith
Kratz B.V. http://www.kratz.nl/
On 30 Jan, 11:56, "K." <halinaciern... @poczta.onet.pl wrote:
Well, nothing special about curl.
It is just PHP's way of making http requests.
If the portals are hacked, they are NOT HACKED via Curl, but just USING
Curl.
The portals were unsafe to start with.
Regards,
Erwin Moller
Yes, I have made a mistake with saying that they are hacked via curl.
I meant that how to prevent from hacking by using curl.
The same way you prevent every other type of HTTP mediated attack.
Stop obsessing about Curl.
If you're having trouble understanding how the attack worked then tell
us where we can get more info on it.
Otherwise try google for 'PHP security'
C.
K. wrote:
>Well, nothing special about curl. It is just PHP's way of making http requests.
If the portals are hacked, they are NOT HACKED via Curl, but just USING Curl. The portals were unsafe to start with.
Regards, Erwin Moller
Yes, I have made a mistake with saying that they are hacked via curl.
I meant that how to prevent from hacking by using curl.
What things should I apply to make my site safe and be sure that nobody
who uses curl will not hacked my site?
Please answer.
I will be very grateful for help
M.
You can't. You can't even tell if the user is using cURL, unless he
tells you.
Make your site safe and no one will be able to hack it - with or without
cURL. But if it isn't safe, it can be hacked - with or without cURL.
--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp. js*******@attgl obal.net
=============== === This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: Haluk Durmus |
last post by:
Hello
I checked out openssl,mm,apr,apr-util,apache 2,curl,libxml and php
from cvs.
php couse an ERROR
I did the following steps:
|
by: Chris Fortune |
last post by:
# uname -a
Linux stargate.mxc-online.net 2.4.20-021stab022.2.777-smp #1 SMP Wed Jul 28
17:12:37
MSD 2004 i686 i686 i386 GNU/Linux
I recompiled PHP with mcrypt, openssl, and curl
phpinfo(): http://www.canadiandropshipping.com/hello.php3
Does anyone know why this ssl curl test fails?
http://www.canadiandropshipping.com...t/diag_curl.php
|
by: Hans |
last post by:
Hi everybody,
I am desperately trying to log into my account at godaddy.com with PHP
and Curl and just cannot make it happen. Has anybody written a script
for this purpose?
Here is what I tried but the result is always the login page.
$curl=curl_init();
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, FALSE);
|
by: Shutdownrunner |
last post by:
I want to store result of curl in a variable, which means to store a
webpage in a variable in order to parse it later and get our some useful
information. But unfortunately I'm not too experienced in C and I'm
making some stupid mistake. Could someone help me solve it?
#include <string.h>
#include <curl/curl.h>
size_t write_data(const char *buffer, size_t size, size_t nmemb, char
*userp)
|
by: nfhm2k |
last post by:
I've been trying to find a solution to this for quite some time now...
I even took a look at existing scripts...
Including this one...
http://groups.google.co.uk/group/comp.lang.php/browse_thread/thread/2e052386da903425/b03ec83ac55273a2?lnk=st&q=&rnum=1#b03ec83ac55273a2
Everyone on that post seems to say its to do with the cookie's, yet if
infact they had tried this script they would have found that even with
the cookies enabled this...
| |
by: zorro |
last post by:
Hello there,
I can't figure out why is it that when i use an array for my postfields
it doesn't work :
this works
curl_setopt($curl, CURLOPT_POSTFIELDS, "clown=bozo" );
this doesn't
curl_setopt($curl, CURLOPT_POSTFIELDS, array('clown'=>'bozo') );
|
by: xerc |
last post by:
I am trying to create a generic function I can call to download all files from a single remote FTP directory -- using CURL. I want to multi-thread it, but need to get the single thread functionality working first before I tackle that. Anyway, in my function I can list all the files, but the function I have, no matter how I try, will only return one file -- the last file. My for() loop seems pretty straightforward, so not sure why only the...
|
by: =?Utf-8?B?SGFyZHkgV2FuZw==?= |
last post by:
Hi all,
We know we can set up some propert firewall to do this job.
But from application's side, what do you think we can do to prevent this
type of attack?
--
Regards
Hardy
|
by: rottmanj |
last post by:
I am re-writing my rets application in perl, and I have found a few modules that will help me on my way. One of them being WWW::Curl:easy.
During my testing, I have tested both system curl and perl curl. At this point I can get the system curl to correctly connect to my server. However, I am having the hardest time trying to figure out why I cant get perl curl to connect to the server.
Every time I try to connect, I get a 401 error. I am...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
| |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |