Dark Hedgehog
Aug 4 2004, 02:53 AM
I got the email about my directory suspension, but, I don't get it.
I don't know what a backdoor is, webmaster terms that is, and I don't know what to do.
I would appreciate help, thank you.
Vanya
Aug 4 2004, 04:26 AM
Your scripts was use by hackers for uploading dangerous soft to the server. Such a soft can be used to hack the server.
You should update or/and re-write your scripts. Be careful with "include" and "require" php functions.
Dark Hedgehog
Aug 4 2004, 04:44 AM
Then what should I use instead?
Include and require are the only php functions I know.
Well, not really.
I know a lot more but including, I only know that method off the tip of my tongue.
But how would I even be able to do such a thing?
My directory was suspended.
I can't upload or anything.
Alec
Aug 4 2004, 07:27 AM
You need to include or require pre-defined variables.
It is inacceptable to include http vars in your script. For example, you have script
http://yourdomain.com/script.php:CODE
<?
...
include( $some_var );
...
?>
and
hacker has script
http://hackdomain.com/inc.php:CODE
<?
echo 'It is hacked';
?>
And when I open
http://yourdomain.com/script.php?$som...ain.com/inc.phpIn other words, if you use such instruction in your code anyone visitor can run any code through your site. On this reason your scripts and folders are suspended now.
Dark Hedgehog
Aug 4 2004, 04:23 PM
Can someone PLEASE show me an example on how to include predefined variables?
I just want to know an example because I have a learning disability which I hate X_X
It makes me take forever on learning something.
After taking some time, will this work?
"
<?php
print "<br>Document Root: " .$HTTP_REFERER; // The folder location the file is in
print "<br>Document Location: " . $PHP_SELF; // The actual location of the file
?>
"
But how do I include my page with it?
phobos
Aug 4 2004, 04:58 PM
You need to define include files as constants:
For sample:
CODE
define("variable", "libs/html.php");
include variable;
Dark Hedgehog
Aug 4 2004, 05:03 PM
So would this work?:
"define("variable", "folder/thispage.php");
include variable;"
I think I got it now!
I'll edit my pages right now and let you know, that is if you are able to enable the directory again.
Okay, I have tested things and now it works great.
Here is sample of what I have, and yes, i'll delete the "animation.php" as well as similar files:
<?php define("variable", "/home/*/public_html/*news/show_news.(php)"; $number = 3; include variable; ?>
That is what I have for include, and I tested it out before anything and it works.
Can I have my directory enabled now?
And I censored out some coding due to a hacking attempt that hackers may want to hack it.
Vanya
Aug 4 2004, 06:08 PM
Are you sure you've closed all possible weak places in code?
Dark Hedgehog
Aug 4 2004, 06:15 PM
I'll double check.
I was just doing my main ones.
I think I got just about all of them.
MartinB
Aug 4 2004, 07:24 PM
"define("variable", "folder/thispage.php");
include variable;"
??
why not directly
include("folder/thispage.php"); ?
Dark Hedgehog
Aug 4 2004, 07:28 PM
Because there are security issues.
And can I have the directory un-suspended now?
MartinB
Aug 4 2004, 07:34 PM
i think there are security issues doing an include($var);
but not with include("dir/file.php");
i'm right?
Dark Hedgehog
Aug 4 2004, 08:06 PM
Include($var) is what I previously had and almost got me hacked.
Vanya
Aug 4 2004, 08:12 PM
It's un-suspended now.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please
click here.