Hello mikesz,
Tuesday, December 9, 2008, 12:10:12 PM, you wrote:
> Hello and Greetings, NYPHP,
>I have a potential project that requires the ability to do file
>transfers from one website to another using FTP, i.e. the files and
>folders are on an ftp server an
SET Smart Security, version of virus
> signature database 3674 (20081209) __
> The message was checked by ESET Smart Security.
> http://www.eset.com
Thanks, actually, I just found them on my second pass at
the manual.
--
Best regards,
mikeszmailto:[EMAIL PR
ters very much apprecated. TIA.
--
Best regards,
mikesz mailto:[EMAIL PROTECTED]
___
New York PHP User Group Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
http://www.nyphp.org/show_participation.php
capability and is quite effective at using OCR to crack Captcha
codes including the ones used by Google and Hotmail.
Any comments on possible ways to detect and/or redirect and/or prevent automated
hacker tools like this from hijacking your site?
--
Best regards,
mikeszmailto
at what point pattern matching gets unmanageable or impractical. This
script looks a lot like .htaccess using mod rewrite to block badguys.
I would appreciates some feedback on this, what is the rest of the
world using to block or intercept bad guy injection attacks?
--
Best regards,
mikesz
matter. I am
reasonably certain that my site isn't the only one that has been
hijacked by porno peddlers but I can only find references to my site
when I do searches for keywords the badguys are using.
I do think it might have been a URL manipulation in spite of the fact
that I don't ha
has been gone for a week.
--
Best regards,
mikeszmailto:[EMAIL PROTECTED]
___
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com
id
that exactly. The ISP claims they took advantage of an exploit in the
php code but has no data to support that claim thus far. So, I can't
say that the site authorization was compromised with any certainty.
--
Best regards,
mikesz
res your password is never sent or
stored anywhere in clear or decypherable text.
I would really appreciate an eye opener on this one. It looks like
more flim flam to me.
--
Best regards,
mikesz mailto:[EMAIL PROTECTED]
_
Hello mikesz,
Friday, October 17, 2008, 7:14:00 PM, you wrote:
> Hello NYPHP,
> I know I am going to get some heat for this one but here goes...
> Let me preface this by definitively stating that I am categorically
> NOT making a request for information on how to hack into a syste
Hello mikesz,
Wednesday, October 15, 2008, 12:25:01 AM, you wrote:
>
Hello Brian,
Tuesday, October 14, 2008, 11:58:55 PM, you wrote:
>
if it has only started happening with the latest version i would check the vBulletin forums and see if there is a fix for the bug, or t
e was checked by ESET Smart Security.
> http://www.eset.com
Update: I just discovered that the "robot" that is accessing and
spamming my sites it XRumer. It hacks into gmail, gets a valid gmail
account then it registers and spams as many Forum sites as it can find
t
___
> The message was checked by ESET Smart Security.
> http://www.eset.com
thanks for the reply.
That works "after" you have done the first login but if the browser
cache get cleared for what ever reason you still have to pass the
username and password somehow. I ag
r any help.
--
Best regards,
mikesz mailto:[EMAIL PROTECTED]
___
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com
Show Your Participat
ndeed using $_POST, sorry for the miscommunication.
--
Best regards,
mikesz mailto:[EMAIL PROTECTED]
___
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
NYPHPCon 2006 Presentations O
_POST, sorry for the miscommunication.
--
Best regards,
mikesz mailto:[EMAIL PROTECTED]
___
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
NYPHPCon 2006 Presentations Online
http://www.nyp
ere else I
need to be looking to trap the data that is being passed?
TIA for any pointers.
--
Best regards,
mikesz mailto:[EMAIL PROTECTED]
___
New York PHP Community Talk Mailing List
http://lists.nyphp.org/ma
t;
>> I am using this query inside the foreach loop:
>>
>> $res = ("SELECT * FROM `table` WHERE `email` = '$email2Chk'");
>> $numRows = mysql_num_rows($res);
>> if ( !empty($numRows ))
>>
>>
>> It processes ab
( !empty($numRows ))
>>
>>
>> It processes about 12000 addresses in the array and the script
>> times out.
>>
>> Anyone have a better idea for doing this task?
>>
>> TIA for any help.
>>
>> --
>> Best regards,
>> mikesz
It processes about 12000 addresses in the array and the script times out.
Anyone have a better idea for doing this task?
TIA for any help.
--
Best regards,
mikesz mailto:[EMAIL PROTECTED]
___
New York PHP Community Ta
mention my error log filling up with 304s and 403s
"Results 11 - 20 of about 27,600 for /xml/odg/."
They are all referencing warning messages/conditions from trying to
access the junk that was but no longer on my site.
--
Best regards,
mikeszmailto:[EMAIL PROTE
hat decided I didn't need write access to anything, unbelievable!
LOL ... its been an adventure, that's for sure...
Thanks again.
--
Best regards,
mikesz mailto:[EMAIL PROTECTED]
___
New York PHP Community
t compile instructions.
I think your first point, and the one made by a few other people who replied to me is the most relevant now, need to go hunting for a host again clearly.
Thanks again.
--
Best regards,
mikesz mailto:[EMAIL PROTECTED]
_
I have a good deal of info now that didn't have a couple of hours ago.
Thanks very much.
--
Best regards,
mikesz mailto:[EMAIL PROTECTED]
___
New York PHP Community Talk Mailing List
http://lists.nyphp.org/m
without ever checking their log files... Unbelievable! I
thought it was a nobrainer to track such a blatant intrusion
especially when the time frame of when the breach occurred is known
almost to the second.
--
Best regards,
mikeszmailto:[EMAIL PROTECTED]
__
ing back to the /xml, why would I be
getting the bizarre behavior from it?
TIA
--
Best regards,
mikesz mailto:[EMAIL PROTECTED]
___
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
NYPHPCo
this would be enormously
appreciated.
--
Best regards,
mikesz mailto:[EMAIL PROTECTED]
___
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
NYPHPCon 2006 Presentations Online
http
t; The message was checked by ESET Smart Security.
> http://www.eset.com
If memory serves me, WorldPay has horrendous setup fees for a small
site operation. Correct me if I am wrong but...
http://www.worldpay.com/business/content.php?page=pricing2&c=UK
--
Best regards,
mikesz
ootprint I haven't seen before, for example. All of
my conditionals are in the "I know you are doing something bad"
category.
Thanks again for the reply.
--
Best regards,
mikeszmailto:[EMAIL PROTECTED]
___
New
ing.
TIA
--
Best regards,
mikesz mailto:[EMAIL PROTECTED]
___
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com
Show Your Parti
Hello Brent,
> What if someone submitted:
> Mode=last" OR 1=1
Thanks for the input, I get the same database error submitting your
suggestion that I got when I submitted the hack, btw.
--
Best regards,
mikeszmailto:[EMAI
the page comes back it contains the thumbnails for the new request.
Frankly, I didn't know the script did that until I started to analyze
the badguy's submission and discovered what 'Mode' did by doing a
print_r of $_REQUEST in a test.
--
Best regards,
mi
ll"
which tells the script to do a select for the latest members, both
male and female. This will display a block containing thumbnails of
members who meet the selection criteria.
--
Best regards,
mikeszmailto:[EMAIL PROTECTED]
___
h trapping this and sending the
results of the trap back to me so I can track and ban IP addresses
etc.
I have a procedure that I hacked for previous exploits but am
interested now in other options that I may not have used previously.
--
Best regards,
mikesz mailto:[
or my development work, I do development stuff on XP, transfer
it to my Linux server and it just works, maybe other stuff that I don't care
about is different?), though the php.ini in WAMP5 is located in the
Apache/bin folder as are many of the PHP dlls ( I has a huge RTFM
issue with that one when
Hello Kristina,
What about using the IP address instead of localhost?
--
Best regards,
mikeszmailto:[EMAIL PROTECTED]
___
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
NYPHPCon
gt;> > My current client's app is a PHP 4 site running on a Windows box
>> >> (don't
>> >>> > ask...I have no idea why). I'm trying to use the mail()
> function
>> >> and
>> >>> > the mail isn't cooperating.
>
_
>> New York PHP Community Talk Mailing List
>> http://lists.nyphp.org/mailman/listinfo/talk
>>
>> NYPHPCon 2006 Presentations Online
>> http://www.nyphpcon.com
>>
>> Show Your Participation in New York PHP
>> h
_participation.php
> __ NOD32 3050 (20080423) Information __
> This message was checked by NOD32 antivirus system.
> http://www.eset.com
Forgot, I was using the mail.mysite.com and the IP address for same
with similar results and it worked beautifully until they blocked the
SM
ant to take a look at that to "fix" the php
mail problem on the windows box. Unfortunately, no elegant solutions
there for windows.
--
Best regards,
mikeszmailto:[EMAIL PROTECTED]
___
New York PHP Community Talk Maili
Hello Kristina,
> Unfortunately, there are few geniuses in HR :)
HA! I'll second, third and fourth that one! I have seen many who
thought they were ... LOL
--
Best regards,
mikeszmailto:[EMAIL PROTECTED]
___
sure based on other historical factors.
--
Best regards,
mikeszmailto:[EMAIL PROTECTED]
___
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
NYPHPCon 2006 Presentations Online
http://www
ink they do. They have the yearly
meetings and put on their conferences etc. but its the Corporation
roadmap that decides the directions for where the products go, not the user
groups.
--
Best regards,
mikeszmailto:[EMAIL PROTECTED]
_
iated with the user and stored in the database. ImageMagick and GD are both useful for doing conversions.
HTH
--
Best regards,
mikesz mailto:[EMAIL PROTECTED]
___
New York PHP Community Talk Mailing List
http://lists.nyphp.o
t; 1933
[month] => 01
[day] => 01
)
If I enter the input again, it works perfectly. Because it redirects
to another page, it clears the $_POST array so I can't check what was
in it to cause it to work?
Thanks for the idea anyway.
--
Best regards,
mikesz
h the correct data and pass it
to the diff function but that breaks the script so that it doesn't work
at all no matter how many times you run it. I would really appreciate
someone who might have done something like this and solved it to give
me an idea of whe
do a data verification test too.
You could add a hidden field with content to the end of the form and
test for the hidden content as well. I think that would tell you the
form was loaded, I think.
--
Best regards,
mikeszmailto:[EMAIL
does. Any one
run into this issue and can shed a little light on it for me?
I found a few things that mention using .htaccess and local php.ini
files but that doesn't address the permissions issue.
TIA for any assistance on this, regards, mikesz
--
Best regards,
m
Hello Anthony,
Thursday, December 20, 2007, 2:46:51 AM, you wrote:
>
Is anyone using www.hostgator.com?
My two words for them, grotesquely incompetent!
--
Best regards,
mikesz mailto:[EMAIL PROTEC
entertained. I just think its a poor and sloppy approach to problem
solving. Any comments?
--
Best regards,
mikesz mailto:[EMAIL PROTECTED]
___
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/lis
that form and he's getting about 10 spammers bad guys a day
who generate about a hundred bogus forms that die because they can
never be submitted for lack of required data.
The one's that succeed are being generated by hand, at least that is
what it looks like and those are the &quo
ver got any space on the project priority
list obviously).
Thanks for the suggestion though, I appreciate it.
--
Best regards,
mikeszmailto:[EMAIL PROTECTED]
___
New York PHP Community Talk Mailing List
http://lists.nyphp.
Hello David,
Wednesday, November 7, 2007, 8:08:27 PM, you wrote:
> [EMAIL PROTECTED] wrote:
>>
>> Here is the URL : http://cl1p.net/myexploitedcode/
>>
>> thanks, mikesz
> I am definitely not the code fashion police here, but I have quite some
> problems to
Hello David,
Thanks for the tips. I was able to correlate the timestamp of the error
message and the bad guys IP address. The are using a POST to do the
injection.
--
Best regards,
mikeszmailto:[EMAIL PROTECTED]
___
New
n or entering the captcha code and how did it bypass the
>> >> check function. It seems like the query was sent directly to the
>> >> database though the registration.php program but I have no clue how
>> >> that could have happened. I need to plug thi
this hole but don't have any
>> idea where to start looking for it.
>>
>> I have tried running the query like registration.php?query but that
>> didn't work.
>>
>> Any ideas about how I can reproduce this problem wo
ttention.
--
Best regards,
mikesz mailto:[EMAIL PROTECTED]
___
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com
Show Your Part
row[Subj], $row[Body], "From: $site
>> [email_notify]", "-f$site[email_notify]") )
>> {
>> ++$err; //update the error queue
>> }
>> else
>> {
>> mail( $row['Email'], $row[Subj], $row[Body], "From: $site
>> [email_not
this script has a lot of short cuts that
make the code difficult to debug sometimes, like this one.
Thanks in advance for your comments,
--
Best regards,
mikesz mailto:[EMAIL PROTECTED]
___
New York PHP Community Talk Mai
HP
> http://www.nyphp.org/show_participation.php
> __ NOD32 2491 (20070830) Information __
> This message was checked by NOD32 antivirus system.
> http://www.eset.com
Hello Ben,
All the captcha scripts that I have worked with either use an explicit
path to the spe
60 matches
Mail list logo
