suess0r

mx209 - who are you hosting with? Marcus, we're thinking that we were exploited through a Joomla 1.0 site that we were hosting that had some 777 directories open. We're in the process of eliminating, securing, and running various test cases on our file trees. Unfortunately, we don't have SSH access to our server to make it easier on securing these directories. Does anyone have any suggestions for running a Massive search for all directories that are set to 777 without SSH?

Thanks typdeaf, We've found a similar conclusion and have been investigating this based on the attack on atleast 2 fronts (and it sounds like 3 from what you've informed me) 1.) The bot embeds itself onto various files (such as index.php, footer.php, etc) that include <body> or </body> tags into it. The bot ads the following snippet of code before the <b1></b1> with a random string between that we can only presume is our FTP credentials or some other login details 2.) The controller file, we've found that the file (php that actually makes use of the <b1> tags) is buried randomly and discretely within various directories. We've found 3 x of these dir's and each one was different. The common thread on the controller files is that they embed themselves within sub-directories of ones that have 777 privileges (such as an image dir, etc). The directories also appear to share the same Owner and Owner Group that we are researching further. I have seen a misc file called 'data' that I'll have to look out for also and get rid of. Type, have you seen this on other websites or encountered this yourself? Have you had any luck decrypting any of the encoded strings?

Interesting.. I've contacted our hosting provider and they swear up and down they wouldn't have inserted that into the code. Oddly enough we've been hosting these sites for 2+ years on this particular server and haven't noticed this until now. I would like to assume it's not anything dangerous, but the way it has spread itself onto the websites with the same FTP login credentials leads me to believe otherwise. Oddly enough I haven't found anything on google about a <b1> HTML tag, so perhaps I'll dig around for XML to see. Any additional comments / suggestions would be great. Thanks!

I recently noticed some odd HTML appear in some of the websites I host. Not all of them are run on a CMS but the majority (but not all) are running through the same FTP account. I've searched everywhere for documentation, forums, notes on this particular exploit but haven't been able to find anything. Essentially, there is a small HTML snippet (see below) that appears right before the </html> tag. It's really odd and the characters inside the <b1> are all different strings. Here's the code that's appearing: <b1><!--6FY8rhRLeNoNyVsOwiAQBdAdca0PXE5DYVKngSkZrsG4ej2/B80UJt+FlytuMcbnHbmqHEcoMnS3r9aaRshnw5QN+TT+F7NMUFqviTLgXCnuyei6vU3WY3lArcgn9Ff/AVyxJcZ=--></b1> It's evident that the code is some type of exploit but I'm not sure how deep this goes. Anyone heard of anything like this, or have any idea of what the potential issues that could occur? Thanks for your help! -suess0r

I know.. I know... probably wrong thread, but i didn't know where else to turn. I need to run a basic GET statement to see what category i'm in. The only problem is - I have to do it in ASP I've tried to review some concepts to compare the two but I just can't find it anywhere, can anyone help? Basically to convert this: <?php $category = $_GET['category_id']; ?>

Excellent! Thanks so much, works perfectly monkey and mariner. You can see it in action here: http://www.commercialinkonline.com/2007/upload/custom.php much <3

Hello there, I'm dynamically calling an image from the server in which the user has uploaded from the form before. I want to display a dashed border approximately 1/2" or 37px INSIDE the image (to show bleed space) Here's how I was trying to do this The only thing is that it adds the dashed border around the OUTSIDE of the image - Is there anyway of keeping this within the image? I know that it's kinda sloppy to add the CSS in the img src tag, and if you don't speak php this is what it means in html <img src="/files/new/filename.jpg" width="450" height="300" style="border: dashed; padding: -37px -37px -37px -37px;"> Appreciate the help!!!

I understand - sorry for so much code... Here's the cliff notes version ;x Upload_Class puts all the fields in a string to echo out "success, or fail, error testing, etc" when the user tries to upload.. -During Success, In that string it echo's out the new file name: $str = "File name: ".basename($name)."\n"; -example: File name: Joe_Shmo.jpg <- it displays the new file name AND the extension I want to save that new (filename and the extension) as a seperate variable that I can post to my final page.. In my upload.php how can I access the .basename($name) that's in the $str in the Upload_Class? Right now I do $newname = $_POST['file_copy']; - And I get the new filename WITHOUT the extension. I'm not that familiar with using classes so that's what I'm having difficulties with right now.. Let me know if I can elaborate more..

sorry, I posted this when all the madness was happening on the site. can anyone shed some light on this??

I'm still confused - which variable is the $object and which is the var?

The actual full new file name is displayed in the Upload_class here: $str = "File name: ".basename($name)."\n"; I just don't know how to call that variable when i'm out of the class and i'm getting ready to post

Hello, This is a semi-thorough question so bare with me please... I have an upload page where a user selects the file from his/her computer and a text field to rename the file ex: "JoeSmith". Everything works fine, but on the next page where I post the data to I would like to know the new file name AND the extension that follows. The problem: Since I am renaming the filename it receives the same extension (.gif, .jpg, etc) as the original file type. The only problem is that I can post the filename but I can't figure out how to get the extension along with it. Here's my Code for the Upload page Here is my Form that submits to itself and then once it's complete presents the next-step button where I post the $newname And lastly the Upload_Class So... With this all said and done - I would like to POST the new file name + the extension so "JoeSmith.gif" is the URL i would like to post so I can display it on the next page. Sorry for the long post but it was necessary for me to explain it in full. Thank you!!! <3 me

Hiya, Alright here's the schematics of what i'm trying to do.. 1. I wrote an upload script which only allows certain file types and has a maxsize on it. -- They are being stored in /files/new/ 2. My next page I want to display the image in a thumbnail. But a fairly larger one where I can specify my own dimensions (ie: 50% x 50%) depending on the type of print it is. When the image is displayed I'm looking to add a CSS dotted border around it. --Here's the key with the dotted border - I would like to print the border INSIDE the image 1/2" from the outside of the border. Showing the bleed space that would be if you printed the design from a printshop. Here's how i'm displaying the image now As you can see I'm assuming that it's a .gif extension - when in reality it could be .gif, .jpg, or .png. Is there anyway that I can make a call to the server to pull the file with the file named $filename without the extension? This is currently my problem so far that I would like to address and would appreciate any input on how to work-around this!! Thanks

OK - I know this is probably sloppy coding.. but here's the gist of what i'm trying to do. I want to print $total according to which 2 values were chosen from $size and $quantity. But the $total always stays the value of each If validation section.. So if the $size = postcard4-6 then the $total is always 324.95 instead of 39.95 I've tried swapping the '=' with '==' in the if statement.. ex: if ($size == "postcard6-11" && $quantity == 1000){ $total = 349.95; that didn't help. I echo'd my $size and $quantity and i'm getting all the right values - like in the above example i get $size = postcard6-11 and $quantity = 1000.. i'm sure i'm just doing something stupid (my PHP is a bit rusty)..

OK - I know this is probably sloppy coding.. but here's the gist of what i'm trying to do. The $total is staying at the bottom value of each If validation section.. So if the $size = postcard4-6 then the $total is always 324.95 I've tried swapping the '=' with '==' in the if statement.. ex: if ($size == "postcard6-11" && $quantity == 1000){ $total = 349.95; that didn't help. I echo'd my $size and $quantity and i'm getting all the right values - like in the above example i get $size = postcard6-11 and $quantity = 1000.. i'm sure i'm just doing something stupid (my PHP is a bit rusty)..

That portion works but the calculation isn't working anymore... are you sure that the if statement doesn't call for one "=" if it's dealing with numerics?? if ($x = 100) vs if ($x == "one hundred")

Hi, I'm trying to make the selected dropdown match the original choice after the page submits to itself... While doing so I some how managed to make $quantity always = 5000. Can I get a second pair of eyes on this or am i just going crazy? ;x This first part works fine... and an example of what i'm trying to do with the second portion This is the part that's giving me trouble - I echo'd $quantity and it's always 5000 no matter what choice they make. I thought it might have something to do with the 2nd set of values being all numbers like <option value=5000 instead of "5000" and that didn't help - I also changed it to echo 'selected: "selected"'; but that didn't help either. Appreciate all the help.

Any thoughts? :-\

Hi, So i'm doing some form validation and have no problem validating certain fields and their requirements but I need some help with this 1 part. if you go to: http://www.realloanpro.com/signup.html - if they click Yes to the first question "Are you a licensed real estate professional" it's supposed to then validate the fields below. This works also with the 3rd portion below if they click to that Yes on the same question. Is there anyway of adapting this javascript to run an if/then to work around this problem? Would appreciate any help anyone can give. thanks so much! This is currently only validating the top portion of the page. Thanks for any help!!

Hello, I'm trying to design a basic Gallery - So when someone clicks on a thumbnail of the image (on the right column) I want the Big image on the body to be the larger image of that image. Here's my page so you can get a visual of what I mean.. http://www.classiccustomflooring.com/gallery.html I'm not that big in JS so this might sound pretty n00bish ;x thanks for any help you can provide! Let me know if u need any more info thank you..

WAMP = for windows MAMP = for mac

dbillings, thanks so much... clear and well explained explanation. Everything's working great, thanks again!

anyone have any ideas about printing the blob images in the database?

Hi there, So i have the setup on the format I want to print all my result sets out, but I still don't know how to print the BLOB image?! I have a mediumblob setup and uploaded the images but i'm just not sure how to print them out. Here's what I gotz so far.. *Note: Where the "images/2_p4.jpg" is where I want to print the image! And it should be stored in $img Appreciate any help!

perfect, thanks!