GamingWarrior

All fixed(i think/hope) bar the the 3 above. I have no clue how to stop this. Could some one link me to some info on how to block the above.

Lucky for me /blog/article.php is not need anymore so i can just delete it and there go half my problems.

Thx guys. I have my work cut out for the next couple of days patching these i'll get back to you once i'm done. just a question how did someone manage to upload nothing and have the upload script let you? it should check, did you add it to the tables manually?

Ok, I think i have patched all the above. Tell me if I'm wrong.

Yea, there easy fixes, thanks for the heads up..... How can i avoid this?

Hey Guys I'm hoping to open my site to public beta shortly but don't want a bunch of no lifers to bring it down with sql exploits and what ever other exploits exist. So basic what I'm asking from you guys is to try and find anything that may be used against me after release. Try not to brake anything but i do have a back-up just trying to avoid having to use it. The url is http://themespot.info/ Now go wild -Gaming Warrior

yours gave me a folder not found error but this did the job mkdir($base_img_dir); chmod($base_img_dir,0777); didn't think of doing them separate

When i crate a folder using mkdir($foldername, 0777); it makes the folder chmod 0755 and unable to delete the folder or the contents of it, this is a huge problem. So my question is how do i make a folder chmod 0777 so that i can delete it over ftp.

Thanks, and will read now.

Ok i think i must be doing a stupid mistake. basically $number is and Array echo $number (prints "Array") print_r($number) (prints "Array ( [COUNT(theme_id)] => 4 )") but this is the part the i cant work out echo $number[COUNT(theme_id)] (prints nothing) why would it not print 4 ?

Here is the trick, rename it to index.php and put in a folder called wateva.png

Be aware that proxy's can easily get pass this.

http://1337gamerz.recoding.net/IPLocations.csv Right Click, Save As that file. Then Use this function ip2loc($ip) { list($ip1,$ip2,$ip3,$ip4) = explode('.',$ip); $ipn = $ip4+$ip3*1000+$ip2*1000000+$ip1*1000000000; $list = file('IPLocations.csv'); foreach($list as $line) { $line = str_replace('"','',$line); $line = explode(',',$line); $lineip = $line[0]; list($lineip1,$lineip2,$lineip3,$lineip4) = explode('.',$lineip); $lineipn = $lineip4+$lineip3*1000+$lineip2*1000000+$lineip1*1000000000; $lineip2 = $line[1]; list($lineip1,$lineip2,$lineip3,$lineip4) = explode('.',$lineip2); $lineipn2 = $lineip4+$lineip3*1000+$lineip2*1000000+$lineip1*1000000000; if ($ipn >= $lineipn && $ipn <= $lineipn2) { //for the full name: //$loc = $line[5]; //for the two letter code: $loc = $line[4]; break; } } if(empty($loc)) { $loc = 'default_here'; } return $loc; } $ip = $_SERVER['REMOTE_ADDR']; echo $loc That should work, unless i messed up somewhere, if it doesn't let me know

Thanks A heap, works perfect I was looking at it as being a hard and long process when its quite the opposite.

I got just what you need but i'm at school atm, i will post when i get home.