Jump to content


Photo

A php SPY program from software writers??


  • Please log in to reply
11 replies to this topic

#1 another-freak

another-freak
  • New Members
  • Pip
  • Newbie
  • 4 posts

Posted 22 September 2006 - 12:47 PM

Hey people!

I have got this strange php script (part of it) which seemed to report back
to the originator of the program with its license key!
Am I wrong?



$isSent = getSqlField("SELECT * FROM probid_gen_setts","addr_val");
if ($isSent != 1) {
$refsite=getenv("HTTP_REFERER");
$lkey = getSqlNumber("SELECT * FROM probid_gen_setts","lkey");
mail ("admin@abc.com","New Installation - ".date("M. j, Y",time()),
"A new installation was reported on:

License Key: $lkey
Admin Email Address: $setts[adminemail]
Server IP: $_SERVER[SERVER_ADDR]
Site URL: $_SERVER[SERVER_NAME]
Request URI: $_SERVER[REQUEST_URI]","From: noreply@abc.com <noreply@abc.com>");

$updAddr = mysql_query("UPDATE probid_gen_setts SET addr_val=1");
}


#2 .josh

.josh
  • Staff Alumni
  • .josh
  • 14,871 posts

Posted 22 September 2006 - 12:51 PM

well, yeah, at face value, with what you've shown, that'd be my guess too.
Did I help you? Feeling generous? Buy me lunch! 
Please, take the time and do some research and find out how much it would have cost you to get your help from a decent paid-for source. A "roll-of-the-dice" freelancer will charge you $5-$15/hr. A decent entry level freelancer will charge you around $15-30/hr. A professional will charge you anywhere from $50-$100/hr. An agency will charge anywhere from $100-$250/hr. Think about all this when soliciting for help here. Think about how much money you are making from the work you are asking for help on. No, we do not expect you to pay for the help given here, but donating a few bucks is a fraction of the cost of what you would have paid, shows your appreciation, helps motivate people to keep offering help without the pricetag, and helps make this a higher quality free-help community :)

#3 another-freak

another-freak
  • New Members
  • Pip
  • Newbie
  • 4 posts

Posted 22 September 2006 - 12:58 PM

well, yeah, at face value, with what you've shown, that'd be my guess too.


Is it safe to remove that?

#4 ober

ober
  • Staff Alumni
  • Advanced Member
  • 5,337 posts
  • LocationEast Coast, USA

Posted 22 September 2006 - 01:02 PM

You can remove it and see if it works... if it doesn't, stick it back in.

Info: PHP Manual


#5 .josh

.josh
  • Staff Alumni
  • .josh
  • 14,871 posts

Posted 22 September 2006 - 01:03 PM

how about...changing the target email to your own email.
Did I help you? Feeling generous? Buy me lunch! 
Please, take the time and do some research and find out how much it would have cost you to get your help from a decent paid-for source. A "roll-of-the-dice" freelancer will charge you $5-$15/hr. A decent entry level freelancer will charge you around $15-30/hr. A professional will charge you anywhere from $50-$100/hr. An agency will charge anywhere from $100-$250/hr. Think about all this when soliciting for help here. Think about how much money you are making from the work you are asking for help on. No, we do not expect you to pay for the help given here, but donating a few bucks is a fraction of the cost of what you would have paid, shows your appreciation, helps motivate people to keep offering help without the pricetag, and helps make this a higher quality free-help community :)

#6 another-freak

another-freak
  • New Members
  • Pip
  • Newbie
  • 4 posts

Posted 22 September 2006 - 01:05 PM

how about...changing the target email to your own email.


Yes SIR! I will try! Many thanks!  ;D

#7 another-freak

another-freak
  • New Members
  • Pip
  • Newbie
  • 4 posts

Posted 27 September 2006 - 06:27 AM

Hello brothers!

I have not tried altering the program as it was installed by the software writer;
just worried about infringing their "copyright".

I accidentally discovered this little script and now I wonder how many of those *.php
files are embeded with this little spy program. So, naturally my question will be
how to search them out since there are hundreds of files the folders.
Any client program that can do the job?

Next I am wondering is this script illegal? I am a license holder.
Is my privacy infringed in this case?

Thanks.


#8 .josh

.josh
  • Staff Alumni
  • .josh
  • 14,871 posts

Posted 27 September 2006 - 04:29 PM

there is no way we can even begin to tell anything about this script unless we see code (please don't go posting hundreds of files). 

i suppose you could write a script that searches for things like everywhere a global is used, things like the mail function is used, url addresses, etc.. but when it comes right down to it, your going to have to look at it and determine for yourself whether it's a "spy" thing. 
Did I help you? Feeling generous? Buy me lunch! 
Please, take the time and do some research and find out how much it would have cost you to get your help from a decent paid-for source. A "roll-of-the-dice" freelancer will charge you $5-$15/hr. A decent entry level freelancer will charge you around $15-30/hr. A professional will charge you anywhere from $50-$100/hr. An agency will charge anywhere from $100-$250/hr. Think about all this when soliciting for help here. Think about how much money you are making from the work you are asking for help on. No, we do not expect you to pay for the help given here, but donating a few bucks is a fraction of the cost of what you would have paid, shows your appreciation, helps motivate people to keep offering help without the pricetag, and helps make this a higher quality free-help community :)

#9 kenrbnsn

kenrbnsn
  • Staff Alumni
  • Advanced Member
  • 8,235 posts
  • LocationHillsborough, NJ, USA

Posted 27 September 2006 - 04:52 PM

If you are concerned about the information that is being returned to the seller of the product, why don't you contact them to find out what they do with the information collected.

Reading the code, the information is sent back once the first time the script is run after a new installation. My guess is that the information is being used to track installations of the product and to make sure noone is selling copies which all use the same license code.

Did you find the code before or after you ran the script?

Ken

#10 onlyican

onlyican
  • Members
  • PipPipPip
  • Advanced Member
  • 921 posts
  • LocationHants - UK

Posted 27 September 2006 - 08:04 PM

If you use DreamWeaver, you can search strings in folders

SO navigate to the root of this script
Then search a unique string like
"A new installation was reported on:
Tell me the problem, I will try tell you the solution

#11 Caesar

Caesar
  • Members
  • PipPipPip
  • Advanced Member
  • 1,025 posts

Posted 27 September 2006 - 08:20 PM

Doesn't look like a "spy" program but, more like a way to keep track of installations. If it's licensed software, then I imagine they would like to know who is installing it. I do think it is quite dumb to do, if that code is not in an encrypted file somewhere. The fact it can be removed.....
PHP Ninja

#12 onlyican

onlyican
  • Members
  • PipPipPip
  • Advanced Member
  • 921 posts
  • LocationHants - UK

Posted 27 September 2006 - 08:22 PM

The best tracker I saw was one that required a class from a third party site
So you did not have the code in there, there was a weird protected, that it could be used, but the code could not be shown from it

For all we know, inside that class could be a function TrackThis
Tell me the problem, I will try tell you the solution




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users