Register
Events
Popular
More
Thanks, that managed to fix it.
-
-
A friend of mine has had his webserver compromised. A bunch of base64 encoded PHP shite was injected into the top of most PHP files, a "n3tshell" PHP shell in the vBulletin 4.1.8 /forums directory, a weird "334or0r.php" or something in another directory with more base64 crap in it. Stuff like that. Obviously the site's been compromised but I'm wondering if there's a quicker way to search for the source of the exploit without me having to audit every bit of his PHP code? The damage seems to spread across multiple directories and I'm having trouble figuring out the source. Looks like the HTTP logs have been wiped too. What would you guys do?
I'm not actually sure that this is web development now that I've posted it, but I figure this is the forum where people might have more of a clue on how to find the point of compromise.
Edited:
It looks like this "god_mode_on" virus that's supposedly doing the rounds on some Wordpress sites, however he doesn't host Wordpress so I've got no clue how that's related.
-
Is it shared hosting? Another account might have been compromised and the exploit got spread around.
I'm pretty sure you don't need a separate www entry for your website unless you want visitors to have to enter it.I'm having a bit of trouble with Apache and virtual hosting, I've got 2 domains and 1 web server (VPS). I've got both domains with an A record pointing to the IP of my VPS and I've setup the apache2.conf correctly (as far as I know). One domain works fine (adam-wilson.me) yet the other (xenforge.co.uk) only seems to work when I put www infront of it.
Here's an image to describe it easier:
Anyone have any idea what's going on?
-
how much access does he have to the server, i.e. as the dude above me said is it shared hosting or is it a full server environment?
-
I think it's shared hosting. Bluehost.com. He (and now I) have got FTP and SSH access to the server. I guess it's possible that it could have been another user who got compromised, but how would say, a Wordpress exploit, affect another user? Wouldn't the script only have the permissions of its owner? It looks like one of the projects he was hosting has had extra code added, and it doesn't look automated. Someone added an else clause to a mysql_num_rows==0 check, and included that 33r04.php file or whatever. I'm pretty sure there's at least one SQL injection exploit in the site, but how would you be able to use that to create/download another file (e.g. PHP shell)?
-
A privilege escalation exploit could allow an attacker in one account to gain access to other accounts. These things are mostly automated, but once an attack works it alerts the person behind it to what's going on.
My site was hacked through a wordpress exploit, the attacker hid the exploit code in a script I was working on that was entirely unrelated, etc.
-
I've managed to gain root access on a bluehost machine once, I can only assume they're a bit lax on security some times.
-
Can anyone help me out with setting up a small WampServer? I'm still in the process of learning more HTML, as I can only create basic web pages at the moment, so I'm not going to buy a domain/hosting yet. I just want something basic that I can host files on, and share it with friends.
I used this tutorial to setup a WampServer, followed all the steps, but when I went to load my website on my browser, it said 403 Forbidden, and that I don't have access. I also tried this on my phone and another computer, with the same result. I did a quick Google search, but the only thing I found was someone who said to replace the "Deny from all" with "Allow from all" in the file 'phpmyadmin.conf'. I did that, but the problem still continued.
Does anyone know how to fix this, or if there are any alternatives for me? Again, while I'm in my learning stage, I don't want to buy a website or turn to Webs.com or something similar.
Thanks!
ALSO: Once I've gotten a good amount of skill in HTML, where should I go from there? I've signed up and done a few lessons on CodeAcademy for JavaScript, but I'm not sure what I to really delve into and learn. I've seen a lot of mixed opinions on PHP, some saying it's useful, and others saying it's more harm than good.
Edited:
OK, the WampServer works now, but it's only a local thing. So I guess I'm back to using Webs.
-
If you forward port 80(HTTP) then other people can connect to your Apache server with their browsers using your IP/Domain to see your website.
If you just want to learn HTML/Javascript though, you dont need a server. Just make your HTML files and open them in your browser, no server needed unless you want it to actually be online
-
If you have the space there's no reason not to use a normal web server, browsers place certain restrictions on files loaded directly off the hard drive (Which simply aren't there if you use a server)
-
hey guys, i have a MySQL table full of 'games' - each game may only be played by a given user *once* - so i need to store a list of previous players per-game. when a player requests a new game, i need to select a game which the user has not played before, then add the player to this list before the game is sent to him/her.
i'm a complete MySQL newbie, so can someone suggest the proper table layout to manage a list like this? and how would i query for a game that doesn't have a certain player in its list of previous players?
-
Have a table called something like games_played or whatever you want like this
then say you wanted all the players who have played game_id 3 you could doCode:|user_id | game_id | +--------+---------+ |1 | 2 | +--------+---------+ |1 | 3 | +--------+---------+ |2 | 1 | +--------+---------+ |2 | 3 | +--------+---------+ |3 | 1 | +--------+---------+
"SELECT 'user_id' FROM 'games_played' WHERE 'game_id' = 3"
or say you wanted all the games a specific player has played for example user 1
"SELECT ''game_id' FROM 'games_played' WHERE 'user_id' = 1"
I'm no expert but this is how i would go about it, hope this helps
-
12th April 2012 Last edited by eternalflamez; 13th April 2012 at 09:49AM. (Cleaned up code a little)
Post #1533
This is a question regarding Ruby:
Is what I have. For some reason it shows the name of the first object, and then for the second object, there is a value before I downcase it, but no value in the "test" variable after i downcase.Code:@wattedoens.each do |wattedoen| test = wattedoen.naam.downcase! %> test = <%= test %>, <%= wattedoen.naam %> <br/><br/> <% if(test == $test) redirect end end
Output:
test = tussen_2_voertuigen, tussen_2_voertuigen
test = , fietser_of_voetganger
(Words are Dutch and so are some of the variable names, but you get the picture)
Edited:
I've done enough mysql at my school to see this is the correct way of doing it.
-
alright cool thanks for the advice! now, how would i go about selecting a game that a certain user has not played? something like
SELECT * FROM games WHERE something=1 AND user_has_not_played_this_game
i don't know how to write the user_has_not_played_this_game part, any tips? how would i query from an additional table?
-
You can tell what games the user hasn't played simply by seeing what games they have, by definition every game not on their list is unplayed.
-
right, i was asking more about the technical terms of implementing what i now know is called a "subquery" :)
looks like i need something like
SELECT * FROM games WHERE open=1 AND NOT EXISTS (SELECT * FROM users_games WHERE user='bob' AND game=???)
how would i get the ??? - it needs to be the id of the game from 'games' (the outer query)
Edited:
apparently i'd need
SELECT * FROM games WHERE open=1 AND NOT EXISTS (SELECT * FROM users_games WHERE user='bob' AND game=games.id)
any other advice?
-
SELECT * FROM `games` WHERE `user_id`='$userid' AND `game_id`='$gameid'
Then just check whether or not this is returns something, (given the above table)
If it does return something, then he has the game. If it doesn't, he doesn't have it.
Or do you really want to know exactly which games he has/doesn't have?
Edited:
Also, where $userid and $gameid are variables.
-
If you look at nullsquared's SQL what you're saying is totally wrong. (He has it right)
-
Hey, stop talking like an ifaux and learn to build something that looks a bit more like a regular sentence.
-
subqueries are really bad for performance in mysql
-
Why don't I see a lot of people on FP using ASP.NET?
-
I'd assume it's because most of the members here either have shared hosting or Linux based VPS hosting (or just don't like ASP.NET). That being said, turb used to use it for some of his stuff (AnyHub being one of them)
-
Any good windows hosts out there?
-
i'd just buy a windows vps from burst.net
-
My VPS which runs windows Server '08 R2 with IIS 7 has a problem with opening the default page
The problem is that it directs me to /index instead of index.php
Already changed the Default Document to index.php but it still leads me to /index/
http://butterfieldhotel.com site in question
-
Are you affiliated with Brian Butterfield?
Also, do you have any redirect rules setup? the server is forcing a redirect to "/index", which doesn't exist. The default document should just specify what to load when "/" is encountered, not to actually perform a redirect.
-
As extra information: I iterate through an array of objects, then take the name, downcase it, and as test output the name before and after downcasing.
Apparantly after downcasing, only the first name has a value, the others just come back as an empty string, even though they have values BEFORE i downcase. I'd like it if it were to be fixed asap.
-
Why does the <li> tag adds spaces between eachother when they have the css display:inline-block applied on them?
-
I had trouble with this in Chrome too. What worked for me is making sure that in the HTML there were no line breaks or spaces between <li> tags, which doesn't look great formatting wise but did fix the issue.
For example: <li>blah</li><li>blah2<\li>
-
Adding to this: it's easy to keep the formatting for editing but still have them without line breaks like this:
<?php echo '<li>blah</li>'. '<li>blah2</li>'. '<li>blah3</li>'; ?>
-
TheDecryptor took a look at my VPS and could not find a solution.
Any other suggestions?
(Forgot to mention, this happened after the install of ColdFusion 9)
-
13th April 2012 Last edited by xmariusx; 13th April 2012 at 12:21PM. (grammar n' thank msg ;))
Post #1552
So I would use PHP to make them without line breaks and still keep them organized in the code?
Fair enough.. still strange :P
Thanks both of you.
-
your code is not very easy to understand
what are you trying to achieve?
-
Basically I had an array of objects. (@wattedoens)
Each object has a variable called "Naam".
I put the wattedoen.naam in a variable called "test".
Then put that to lower case, so i could compare it with another variable which was also downcased.
Yet, only for the first object, the downcased variable called "test" had a value.
For the others it was an empty string, even though the string had a value before downcasing.
Anyway I fixed it myself:
Basically it was removing the ! at the end of "wattedoen.naam.downcase".Code:<% @wattedoens.each do |wattedoen| test = wattedoen.naam.downcase if(test == $test) redirect :action => :show, :id => wattedoen.object end end %>
Can you explain what the "!" was for then? I googled downcasing, and just used the function in the same way as they did it.
-
isn't it best practise to write all code with english variable names (where possible)?
-
#downcase converts the string to lower case and returns it as a new string, #downcase! converts the string to lowercase in place. if the string is already lowercased, it returns nil.
also wtf why are you using a global variable
-
True. But this is an app for insurances and I don't know how to translate most of the variable names, and I probably won't ever have to use the words in English again after this.
And it has to be maintained (not the program itself, more like, the content, texts etc) by 2 people who don't understand Ruby so it's easier to have it in Dutch to make easier waypoints for them.
-
also don't put parens around the condition in if statements
Edited:
also what the actual fuck why are you redirecting from inside a view
Edited:
my lord this code
-
Because the framework. I don't fully understand it yet, maybe you can solve this for me?
If i use this:
Name ends up to be nil every time. Id gets a value but if i change it to anything else it just flunks.Code:<a href="<%= url_for :action => :changeVar, :id => schadesoorten.object, :name => item %>"> <%= schadesoorten.Naam %> </a>
At the other end, I have:
Yet every time only @params['id'] gets a value.Code:def changeVar name = @params['name'] id = @params['id'] redirect :controller => :WatTeDoen, :action => :index end
Maybe I should just pm you for these questions? Otherwise I'm spamming the thread with my Ruby illiteracy.
-
you should probably go read a rails tutorial
Friendly x 1
Funny x 3
Agree x 1
Informative x 1
