1. Post #1521
    Gold Member
    Adzter's Avatar
    September 2009
    2,008 Posts
    It's been a while since I used Apache.

    I assume you have the same A records for each domain (@ and www). This is what I used to do IIRC:

    ServerName domain.co.uk
    ServerAlias www.domain.co.uk

    You might want to split the first domain into it's own document root like you did with the second domain as well.
    Thanks, that managed to fix it.
    Reply With Quote Edit / Delete Windows 7 United Kingdom Show Events Friendly Friendly x 1 (list)

  2. Post #1522
    Gold Member
    AMD 32's Avatar
    February 2007
    648 Posts
    A friend of mine has had his webserver compromised. A bunch of base64 encoded PHP shite was injected into the top of most PHP files, a "n3tshell" PHP shell in the vBulletin 4.1.8 /forums directory, a weird "334or0r.php" or something in another directory with more base64 crap in it. Stuff like that. Obviously the site's been compromised but I'm wondering if there's a quicker way to search for the source of the exploit without me having to audit every bit of his PHP code? The damage seems to spread across multiple directories and I'm having trouble figuring out the source. Looks like the HTTP logs have been wiped too. What would you guys do?

    I'm not actually sure that this is web development now that I've posted it, but I figure this is the forum where people might have more of a clue on how to find the point of compromise.

    Edited:

    It looks like this "god_mode_on" virus that's supposedly doing the rounds on some Wordpress sites, however he doesn't host Wordpress so I've got no clue how that's related.
    Reply With Quote Edit / Delete Mac United Kingdom Show Events

  3. Post #1523
    Gold Member
    TheDecryptor's Avatar
    September 2006
    4,153 Posts
    Is it shared hosting? Another account might have been compromised and the exploit got spread around.

    I'm having a bit of trouble with Apache and virtual hosting, I've got 2 domains and 1 web server (VPS). I've got both domains with an A record pointing to the IP of my VPS and I've setup the apache2.conf correctly (as far as I know). One domain works fine (adam-wilson.me) yet the other (xenforge.co.uk) only seems to work when I put www infront of it.

    Here's an image to describe it easier:


    Anyone have any idea what's going on?
    I'm pretty sure you don't need a separate www entry for your website unless you want visitors to have to enter it.
    Reply With Quote Edit / Delete Windows 7 Australia Show Events

  4. Post #1524
    Meow :3
    Ac!dL3ak's Avatar
    July 2005
    6,058 Posts
    A friend of mine has had his webserver compromised. A bunch of base64 encoded PHP shite was injected into the top of most PHP files, a "n3tshell" PHP shell in the vBulletin 4.1.8 /forums directory, a weird "334or0r.php" or something in another directory with more base64 crap in it. Stuff like that. Obviously the site's been compromised but I'm wondering if there's a quicker way to search for the source of the exploit without me having to audit every bit of his PHP code? The damage seems to spread across multiple directories and I'm having trouble figuring out the source. Looks like the HTTP logs have been wiped too. What would you guys do?

    I'm not actually sure that this is web development now that I've posted it, but I figure this is the forum where people might have more of a clue on how to find the point of compromise.

    Edited:

    It looks like this "god_mode_on" virus that's supposedly doing the rounds on some Wordpress sites, however he doesn't host Wordpress so I've got no clue how that's related.
    how much access does he have to the server, i.e. as the dude above me said is it shared hosting or is it a full server environment?
    Reply With Quote Edit / Delete Linux United Kingdom Show Events

  5. Post #1525
    Gold Member
    AMD 32's Avatar
    February 2007
    648 Posts
    I think it's shared hosting. Bluehost.com. He (and now I) have got FTP and SSH access to the server. I guess it's possible that it could have been another user who got compromised, but how would say, a Wordpress exploit, affect another user? Wouldn't the script only have the permissions of its owner? It looks like one of the projects he was hosting has had extra code added, and it doesn't look automated. Someone added an else clause to a mysql_num_rows==0 check, and included that 33r04.php file or whatever. I'm pretty sure there's at least one SQL injection exploit in the site, but how would you be able to use that to create/download another file (e.g. PHP shell)?
    Reply With Quote Edit / Delete Mac United Kingdom Show Events

  6. Post #1526
    Gold Member
    TheDecryptor's Avatar
    September 2006
    4,153 Posts
    A privilege escalation exploit could allow an attacker in one account to gain access to other accounts. These things are mostly automated, but once an attack works it alerts the person behind it to what's going on.

    My site was hacked through a wordpress exploit, the attacker hid the exploit code in a script I was working on that was entirely unrelated, etc.
    Reply With Quote Edit / Delete Mac Australia Show Events

  7. Post #1527
    Gold Member
    StinkyJoe's Avatar
    June 2006
    2,196 Posts
    I think it's shared hosting. Bluehost.com. He (and now I) have got FTP and SSH access to the server. I guess it's possible that it could have been another user who got compromised, but how would say, a Wordpress exploit, affect another user? Wouldn't the script only have the permissions of its owner? It looks like one of the projects he was hosting has had extra code added, and it doesn't look automated. Someone added an else clause to a mysql_num_rows==0 check, and included that 33r04.php file or whatever. I'm pretty sure there's at least one SQL injection exploit in the site, but how would you be able to use that to create/download another file (e.g. PHP shell)?
    I've managed to gain root access on a bluehost machine once, I can only assume they're a bit lax on security some times.
    Reply With Quote Edit / Delete Linux Portugal Show Events Funny Funny x 3 (list)

  8. Post #1528
    Gold Member
    Ninja Duck's Avatar
    July 2010
    11,951 Posts
    Can anyone help me out with setting up a small WampServer? I'm still in the process of learning more HTML, as I can only create basic web pages at the moment, so I'm not going to buy a domain/hosting yet. I just want something basic that I can host files on, and share it with friends.

    I used this tutorial to setup a WampServer, followed all the steps, but when I went to load my website on my browser, it said 403 Forbidden, and that I don't have access. I also tried this on my phone and another computer, with the same result. I did a quick Google search, but the only thing I found was someone who said to replace the "Deny from all" with "Allow from all" in the file 'phpmyadmin.conf'. I did that, but the problem still continued.

    Does anyone know how to fix this, or if there are any alternatives for me? Again, while I'm in my learning stage, I don't want to buy a website or turn to Webs.com or something similar.

    Thanks!

    ALSO: Once I've gotten a good amount of skill in HTML, where should I go from there? I've signed up and done a few lessons on CodeAcademy for JavaScript, but I'm not sure what I to really delve into and learn. I've seen a lot of mixed opinions on PHP, some saying it's useful, and others saying it's more harm than good.

    Edited:

    OK, the WampServer works now, but it's only a local thing. So I guess I'm back to using Webs.
    Reply With Quote Edit / Delete Windows 7 United States Show Events

  9. Post #1529
    Gold Member
    Spero78's Avatar
    August 2010
    256 Posts
    things about WAMP
    If you forward port 80(HTTP) then other people can connect to your Apache server with their browsers using your IP/Domain to see your website.

    If you just want to learn HTML/Javascript though, you dont need a server. Just make your HTML files and open them in your browser, no server needed unless you want it to actually be online
    Reply With Quote Edit / Delete Windows 7 United Kingdom Show Events Agree Agree x 1 (list)

  10. Post #1530
    Gold Member
    TheDecryptor's Avatar
    September 2006
    4,153 Posts
    If you have the space there's no reason not to use a normal web server, browsers place certain restrictions on files loaded directly off the hard drive (Which simply aren't there if you use a server)
    Reply With Quote Edit / Delete Windows 7 Australia Show Events

  11. Post #1531
    ASK ME ABOUT MY PLAYBOOK INSTEAD OF COLLEGE
    icantread49's Avatar
    April 2011
    1,616 Posts
    hey guys, i have a MySQL table full of 'games' - each game may only be played by a given user *once* - so i need to store a list of previous players per-game. when a player requests a new game, i need to select a game which the user has not played before, then add the player to this list before the game is sent to him/her.

    i'm a complete MySQL newbie, so can someone suggest the proper table layout to manage a list like this? and how would i query for a game that doesn't have a certain player in its list of previous players?
    Reply With Quote Edit / Delete Windows XP United States Show Events

  12. Post #1532
    Gold Member
    Spero78's Avatar
    August 2010
    256 Posts
    hey guys, i have a MySQL table full of 'games' - each game may only be played by a given user *once* - so i need to store a list of previous players per-game. when a player requests a new game, i need to select a game which the user has not played before, then add the player to this list before the game is sent to him/her.

    i'm a complete MySQL newbie, so can someone suggest the proper table layout to manage a list like this? and how would i query for a game that doesn't have a certain player in its list of previous players?
    Have a table called something like games_played or whatever you want like this

    Code:
    |user_id | game_id |
    +--------+---------+
    |1       | 2       |
    +--------+---------+
    |1       | 3       |
    +--------+---------+
    |2       | 1       |
    +--------+---------+
    |2       | 3       |
    +--------+---------+
    |3       | 1       |
    +--------+---------+
    then say you wanted all the players who have played game_id 3 you could do
    "SELECT 'user_id' FROM 'games_played' WHERE 'game_id' = 3"

    or say you wanted all the games a specific player has played for example user 1
    "SELECT ''game_id' FROM 'games_played' WHERE 'user_id' = 1"

    I'm no expert but this is how i would go about it, hope this helps
    Reply With Quote Edit / Delete Windows 7 United Kingdom Show Events Agree Agree x 2 (list)

  13. Post #1533
    WiP about GW2
    eternalflamez's Avatar
    November 2011
    4,763 Posts
    This is a question regarding Ruby:

    Code:
    @wattedoens.each do |wattedoen|
      test = wattedoen.naam.downcase! %>
      test = <%= test %>, <%= wattedoen.naam %>
      <br/><br/>
      <%
      if(test == $test)
        redirect
      end
    end
    Is what I have. For some reason it shows the name of the first object, and then for the second object, there is a value before I downcase it, but no value in the "test" variable after i downcase.

    Output:

    test = tussen_2_voertuigen, tussen_2_voertuigen

    test = , fietser_of_voetganger

    (Words are Dutch and so are some of the variable names, but you get the picture)

    Edited:

    I'm no expert but this is how i would go about it, hope this helps
    I've done enough mysql at my school to see this is the correct way of doing it.
    Reply With Quote Edit / Delete Windows XP Netherlands Show Events

  14. Post #1534
    ASK ME ABOUT MY PLAYBOOK INSTEAD OF COLLEGE
    icantread49's Avatar
    April 2011
    1,616 Posts
    Have a table called something like games_played or whatever you want like this

    Code:
    |user_id | game_id |
    +--------+---------+
    |1       | 2       |
    +--------+---------+
    |1       | 3       |
    +--------+---------+
    |2       | 1       |
    +--------+---------+
    |2       | 3       |
    +--------+---------+
    |3       | 1       |
    +--------+---------+
    then say you wanted all the players who have played game_id 3 you could do
    "SELECT 'user_id' FROM 'games_played' WHERE 'game_id' = 3"

    or say you wanted all the games a specific player has played for example user 1
    "SELECT ''game_id' FROM 'games_played' WHERE 'user_id' = 1"

    I'm no expert but this is how i would go about it, hope this helps
    alright cool thanks for the advice! now, how would i go about selecting a game that a certain user has not played? something like

    SELECT * FROM games WHERE something=1 AND user_has_not_played_this_game

    i don't know how to write the user_has_not_played_this_game part, any tips? how would i query from an additional table?
    Reply With Quote Edit / Delete Windows XP United States Show Events

  15. Post #1535
    Gold Member
    TheDecryptor's Avatar
    September 2006
    4,153 Posts
    You can tell what games the user hasn't played simply by seeing what games they have, by definition every game not on their list is unplayed.
    Reply With Quote Edit / Delete Windows 7 Australia Show Events Agree Agree x 2 (list)

  16. Post #1536
    ASK ME ABOUT MY PLAYBOOK INSTEAD OF COLLEGE
    icantread49's Avatar
    April 2011
    1,616 Posts
    right, i was asking more about the technical terms of implementing what i now know is called a "subquery" :)

    looks like i need something like

    SELECT * FROM games WHERE open=1 AND NOT EXISTS (SELECT * FROM users_games WHERE user='bob' AND game=???)

    how would i get the ??? - it needs to be the id of the game from 'games' (the outer query)

    Edited:

    apparently i'd need

    SELECT * FROM games WHERE open=1 AND NOT EXISTS (SELECT * FROM users_games WHERE user='bob' AND game=games.id)

    any other advice?
    Reply With Quote Edit / Delete Windows XP United States Show Events

  17. Post #1537
    WiP about GW2
    eternalflamez's Avatar
    November 2011
    4,763 Posts
    SELECT * FROM `games` WHERE `user_id`='$userid' AND `game_id`='$gameid'

    Then just check whether or not this is returns something, (given the above table)

    If it does return something, then he has the game. If it doesn't, he doesn't have it.

    Or do you really want to know exactly which games he has/doesn't have?

    Edited:

    Also, where $userid and $gameid are variables.
    Reply With Quote Edit / Delete Windows 7 Netherlands Show Events

  18. Post #1538
    jung3o's Avatar
    October 2011
    2,081 Posts
    SELECT * FROM `games` WHERE `user_id`='$userid' AND `game_id`='$gameid'

    Then just check whether or not this is returns something, (given the above table)

    If it does return something, then he has the game. If it doesn't, he doesn't have it.

    Or do you really want to know exactly which games he has/doesn't have?

    Edited:

    Also, where $userid and $gameid are variables.
    If you look at nullsquared's SQL what you're saying is totally wrong. (He has it right)
    Reply With Quote Edit / Delete Windows 7 United States Show Events

  19. Post #1539
    Gold Member
    StinkyJoe's Avatar
    June 2006
    2,196 Posts
    what are you doing
    Hey, stop talking like an ifaux and learn to build something that looks a bit more like a regular sentence.
    Reply With Quote Edit / Delete Linux Portugal Show Events

  20. Post #1540
    RUBY OVERLORD
    swift and shift's Avatar
    November 2011
    2,115 Posts
    right, i was asking more about the technical terms of implementing what i now know is called a "subquery" :)

    looks like i need something like

    SELECT * FROM games WHERE open=1 AND NOT EXISTS (SELECT * FROM users_games WHERE user='bob' AND game=???)

    how would i get the ??? - it needs to be the id of the game from 'games' (the outer query)

    Edited:

    apparently i'd need

    SELECT * FROM games WHERE open=1 AND NOT EXISTS (SELECT * FROM users_games WHERE user='bob' AND game=games.id)

    any other advice?
    subqueries are really bad for performance in mysql
    Reply With Quote Edit / Delete Australia Show Events Agree Agree x 5 (list)

  21. Post #1541
    Tuba Player Extraordinaire
    Funcoot's Avatar
    January 2006
    3,592 Posts
    Why don't I see a lot of people on FP using ASP.NET?
    Reply With Quote Edit / Delete Windows 7 United States Show Events

  22. Post #1542
    Gold Member
    Dennab
    January 2012
    1,137 Posts
    Why don't I see a lot of people on FP using ASP.NET?
    I'd assume it's because most of the members here either have shared hosting or Linux based VPS hosting (or just don't like ASP.NET). That being said, turb used to use it for some of his stuff (AnyHub being one of them)
    Reply With Quote Edit / Delete Mac United States Show Events

  23. Post #1543
    Tuba Player Extraordinaire
    Funcoot's Avatar
    January 2006
    3,592 Posts
    Any good windows hosts out there?
    Reply With Quote Edit / Delete Windows 7 United States Show Events

  24. Post #1544
    RusselG's Avatar
    February 2011
    604 Posts
    Any good windows hosts out there?
    i'd just buy a windows vps from burst.net
    Reply With Quote Edit / Delete Windows 7 Australia Show Events

  25. Post #1545
    World of Vagax
    darth-veger's Avatar
    December 2008
    21,440 Posts
    My VPS which runs windows Server '08 R2 with IIS 7 has a problem with opening the default page
    The problem is that it directs me to /index instead of index.php

    Already changed the Default Document to index.php but it still leads me to /index/
    http://butterfieldhotel.com site in question
    Reply With Quote Edit / Delete Windows 7 Netherlands Show Events Informative Informative x 1 (list)

  26. Post #1546
    Gold Member
    TheDecryptor's Avatar
    September 2006
    4,153 Posts
    Are you affiliated with Brian Butterfield?

    Also, do you have any redirect rules setup? the server is forcing a redirect to "/index", which doesn't exist. The default document should just specify what to load when "/" is encountered, not to actually perform a redirect.
    Reply With Quote Edit / Delete Windows 7 Australia Show Events

  27. Post #1547
    WiP about GW2
    eternalflamez's Avatar
    November 2011
    4,763 Posts
    This is a question regarding Ruby:

    Code:
    @wattedoens.each do |wattedoen|
      test = wattedoen.naam.downcase! %>
      test = <%= test %>, <%= wattedoen.naam %>
      <br/><br/>
      global test = <%= $test %>
      <br/><br/>
      <%
      if(test == $test)
        redirect
      end
    end
    Is what I have. For some reason it shows the name of the first object, and then for the second object, there is a value before I downcase it, but no value in the "test" variable after i downcase.

    Output:

    test = tussen_2_voertuigen, tussen_2_voertuigen

    global test = fietser_of_voetganger

    test = , fietser_of_voetganger

    global test = fietser_of_voetganger

    (Words are Dutch and so are some of the variable names, but you get the picture)
    As extra information: I iterate through an array of objects, then take the name, downcase it, and as test output the name before and after downcasing.
    Apparantly after downcasing, only the first name has a value, the others just come back as an empty string, even though they have values BEFORE i downcase. I'd like it if it were to be fixed asap.
    Reply With Quote Edit / Delete Windows XP Netherlands Show Events

  28. Post #1548
    zhed+redball.jpg
    xmariusx's Avatar
    May 2010
    1,384 Posts
    Why does the <li> tag adds spaces between eachother when they have the css display:inline-block applied on them?
    Reply With Quote Edit / Delete Windows 7 Norway Show Events

  29. Post #1549
    Why does the <li> tag adds spaces between eachother when they have the css display:inline-block applied on them?
    I had trouble with this in Chrome too. What worked for me is making sure that in the HTML there were no line breaks or spaces between <li> tags, which doesn't look great formatting wise but did fix the issue.

    For example: <li>blah</li><li>blah2<\li>
    Reply With Quote Edit / Delete United States Show Events

  30. Post #1550
    Dragon Member
    Dragory's Avatar
    January 2006
    1,312 Posts
    I had trouble with this in Chrome too. What worked for me is making sure that in the HTML there were no line breaks or spaces between <li> tags, which doesn't look great formatting wise but did fix the issue.

    For example: <li>blah</li><li>blah2<\li>
    Adding to this: it's easy to keep the formatting for editing but still have them without line breaks like this:

    <?php
    echo '<li>blah</li>'.
    '<li>blah2</li>'.
    '<li>blah3</li>';
    ?>
    Reply With Quote Edit / Delete Windows 7 Finland Show Events

  31. Post #1551
    World of Vagax
    darth-veger's Avatar
    December 2008
    21,440 Posts
    TheDecryptor took a look at my VPS and could not find a solution.
    Any other suggestions?

    (Forgot to mention, this happened after the install of ColdFusion 9)
    Reply With Quote Edit / Delete Windows 7 Netherlands Show Events

  32. Post #1552
    zhed+redball.jpg
    xmariusx's Avatar
    May 2010
    1,384 Posts
    Adding to this: it's easy to keep the formatting for editing but still have them without line breaks like this:

    <?php
    echo '<li>blah</li>'.
    '<li>blah2</li>'.
    '<li>blah3</li>';
    ?>
    So I would use PHP to make them without line breaks and still keep them organized in the code?
    Fair enough.. still strange :P

    Thanks both of you.
    Reply With Quote Edit / Delete Windows 7 Norway Show Events

  33. Post #1553
    RUBY OVERLORD
    swift and shift's Avatar
    November 2011
    2,115 Posts
    As extra information: I iterate through an array of objects, then take the name, downcase it, and as test output the name before and after downcasing.
    Apparantly after downcasing, only the first name has a value, the others just come back as an empty string, even though they have values BEFORE i downcase. I'd like it if it were to be fixed asap.
    your code is not very easy to understand

    what are you trying to achieve?
    Reply With Quote Edit / Delete Mac Australia Show Events

  34. Post #1554
    WiP about GW2
    eternalflamez's Avatar
    November 2011
    4,763 Posts
    your code is not very easy to understand

    what are you trying to achieve?
    Basically I had an array of objects. (@wattedoens)
    Each object has a variable called "Naam".
    I put the wattedoen.naam in a variable called "test".
    Then put that to lower case, so i could compare it with another variable which was also downcased.

    Yet, only for the first object, the downcased variable called "test" had a value.
    For the others it was an empty string, even though the string had a value before downcasing.

    Anyway I fixed it myself:
    Code:
    <%  
    @wattedoens.each do |wattedoen|
        test = wattedoen.naam.downcase
        if(test == $test)
          redirect :action => :show, :id => wattedoen.object
        end
      end
    %>
    Basically it was removing the ! at the end of "wattedoen.naam.downcase".
    Can you explain what the "!" was for then? I googled downcasing, and just used the function in the same way as they did it.
    Reply With Quote Edit / Delete Windows XP Netherlands Show Events

  35. Post #1555
    hzy
    Gold Member
    hzy's Avatar
    January 2009
    1,943 Posts
    isn't it best practise to write all code with english variable names (where possible)?
    Reply With Quote Edit / Delete Mac Australia Show Events Agree Agree x 2 (list)

  36. Post #1556
    RUBY OVERLORD
    swift and shift's Avatar
    November 2011
    2,115 Posts
    Basically I had an array of objects. (@wattedoens)
    Each object has a variable called "Naam".
    I put the wattedoen.naam in a variable called "test".
    Then put that to lower case, so i could compare it with another variable which was also downcased.

    Yet, only for the first object, the downcased variable called "test" had a value.
    For the others it was an empty string, even though the string had a value before downcasing.

    Anyway I fixed it myself:
    Code:
    <%  
    @wattedoens.each do |wattedoen|
        test = wattedoen.naam.downcase
        if(test == $test)
          redirect :action => :show, :id => wattedoen.object
        end
      end
    %>
    Basically it was removing the ! at the end of "wattedoen.naam.downcase".
    Can you explain what the "!" was for then? I googled downcasing, and just used the function in the same way as they did it.
    #downcase converts the string to lower case and returns it as a new string, #downcase! converts the string to lowercase in place. if the string is already lowercased, it returns nil.

    also wtf why are you using a global variable
    Reply With Quote Edit / Delete Mac Australia Show Events Informative Informative x 1 (list)

  37. Post #1557
    WiP about GW2
    eternalflamez's Avatar
    November 2011
    4,763 Posts
    True. But this is an app for insurances and I don't know how to translate most of the variable names, and I probably won't ever have to use the words in English again after this.

    And it has to be maintained (not the program itself, more like, the content, texts etc) by 2 people who don't understand Ruby so it's easier to have it in Dutch to make easier waypoints for them.
    Reply With Quote Edit / Delete Windows XP Netherlands Show Events

  38. Post #1558
    RUBY OVERLORD
    swift and shift's Avatar
    November 2011
    2,115 Posts
    also don't put parens around the condition in if statements

    Edited:

    also what the actual fuck why are you redirecting from inside a view

    Edited:

    my lord this code
    Reply With Quote Edit / Delete Mac Australia Show Events

  39. Post #1559
    WiP about GW2
    eternalflamez's Avatar
    November 2011
    4,763 Posts
    #downcase converts the string to lower case and returns it as a new string, #downcase! converts the string to lowercase in place. if the string is already lowercased, it returns nil.

    also wtf why are you using a global variable
    Because the framework. I don't fully understand it yet, maybe you can solve this for me?

    If i use this:
    Code:
    <a href="<%= url_for :action => :changeVar, :id => schadesoorten.object, :name => item %>">
      <%= schadesoorten.Naam %>
    </a>
    Name ends up to be nil every time. Id gets a value but if i change it to anything else it just flunks.
    At the other end, I have:

    Code:
    def changeVar
       name = @params['name']
       id = @params['id']
          
       redirect :controller => :WatTeDoen, :action => :index
    end
    Yet every time only @params['id'] gets a value.

    Maybe I should just pm you for these questions? Otherwise I'm spamming the thread with my Ruby illiteracy.
    Reply With Quote Edit / Delete Windows XP Netherlands Show Events

  40. Post #1560
    RUBY OVERLORD
    swift and shift's Avatar
    November 2011
    2,115 Posts
    you should probably go read a rails tutorial
    Reply With Quote Edit / Delete Mac Australia Show Events Agree Agree x 1Friendly Friendly x 1 (list)