Posts tagged chat

New threat for all Joomla and WordPress installations

3
867 days
by in Security

There is a new BOT out there, and one of the bad ones. I have started receiving traffic from it in my servers over the past week, and after some investigation it turns out it is quite a powerful bot, and so simple to use even a kid with a computer could use it.

The bot attacks mainly Joomla and WordPress installations, the Firestats plugin for WordPress version 1.6.2 has a known vulnerability that is exploited by this bot.

If successful, the bot will usually get your admin password and send it to a server somewhere, other versions f** your server up... it depends.

The bot is basically a top All-In-One product, that acts as a:

  • RFI Scanner
  • RFI Scan & Exploit
  • Joomla RFI Scan & Exploit
  • Milw0rm Search
  • Google bypass
  • Message Spy & Save
  • Auto Spreading

The last known spreader for the bot is the Fx29Spreadz v1.0 (Apr. 2009) which can be used from a server with a PHP Shell.

IPs and servers:

This bot has used the following IPs and hosts (That I know of)

  • 62.15.230.250
  • 210.68.188.206
  • 211.239.150.144
  • 125.251.133.3
  • 250.230.15.62.static.jazztel.es
  • buminch.org
  • www.framoss.ru

It has compromised servers in Republic of Korea, Taiwan and some other countries.

Injections:

The bot basically tries to insert the following PHP line:

 
< ?php /* Fx29ID */ echo("FeeL"."CoMz"); die("FeeL"."CoMz"); /* Fx29ID */ ?>
 

Although there is another variation which inserts:

 
    < ?php
    function ConvertBytes($number) {
    $len = strlen($number);
    if($len < 4) {
    return sprintf(”%d b”, $number); }
    if($len >= 4 && $len < =6) {
    return sprintf(”%0.2f Kb”, $number/1024); }
    if($len >= 7 && $len < =9) {
    return sprintf(”%0.2f Mb”, $number/1024/1024); }
    return sprintf(”%0.2f Gb”, $number/1024/1024/1024); }
 
    echo “Osirys<br>”;
    $un = @php_uname();
    $id1 = system(id);
    $pwd1 = @getcwd();
    $free1= diskfreespace($pwd1);
    $free = ConvertBytes(diskfreespace($pwd1));
    if (!$free) {$free = 0;}
    $all1= disk_total_space($pwd1);
    $all = ConvertBytes(disk_total_space($pwd1));
    if (!$all) {$all = 0;}
    $used = ConvertBytes($all1-$free1);
    $os = @PHP_OS;
 
    echo “0sirys was here and also is a fucking gay..”;
    echo “uname -a: $un”;
    echo “os: $os”;
    echo “id: $id1”;
    echo “free: $free”;
    echo “used: $used”;
    echo “total: $all”;
    exit;
 

Security recommendations:

If your website runs on WordPress, Joomla, Drupal, or other popular CMS you must upgrade all plugins and check for the latest version of the system!
If you have Firestats I recommend deactivating it for some time, until a new version fixing that bug is released, and still, I would wait.
If you have URL rewriting systems, ensure they are up-to-date, and if you built them re-check the security, and never include external files.

Hope this helped you :)

If you found any variations and new stuff about this please comment below

Calculate age in PHP from timestamp

0
882 days
by in PHP, Programming

If you ever wanted to calculate someone's age in PHP from a birth timestamp, you must take into account that the age is more than the number of years, since days and months are also important, so I wrote a simple function that will return the exact age for a given timestamp:

 
function getAge($birth){
	$t = time();
	$age = ($birth < 0) ? ( $t + ($birth * -1) ) : $t - $birth;
	return floor($age/31536000);
}
 

Basically we first get the current time and store it in a variable (To avoid having to call the function time more than once)
Then we get the age in milliseconds (Taking into account that before 1969 timestamps are negative, thus the ternary operator)

Now we have the date in milliseconds, we divide it by the number of milliseconds in a year (60*60*24*365)

And that is basically it :)

Easiest PHP file upload

1
914 days
by in PHP, Programming

Hello people,
I want to share with all of you a file upload class I have developed, that makes it stupid simple to upload files haha

The PHP class:

First of all, here is the PHP class you will need:

 
< ?php
//Uploader class, by Alex
// This class is meant to handle all kinds of file uploads for DJs Music
// Images, music... all here
 
class Uploader{
	var $maxSize;
	var $allowedExt;
	var $fileInfo = array();
 
	function config($maxSize,$allowedExt){
		$this->maxSize = $maxSize;
		$this->allowedExt = $allowedExt;
	}
 
function generateRandStr($length){
      $randstr = "";
      for($i=0; $i< $length; $i++){
         $randnum = mt_rand(0,61);
         if($randnum < 10){
            $randstr .= chr($randnum+48);
         }else if($randnum < 36){
            $randstr .= chr($randnum+55);
         }else{
            $randstr .= chr($randnum+61);
         }
      }
      return $randstr;
   }
 
	function check($uploadName){
		if(isset($_FILES[$uploadName])){
			$this->fileInfo['ext'] = substr(strrchr($_FILES[$uploadName]["name"], '.'), 1);
			$this->fileInfo['name'] = basename($_FILES[$uploadName]["name"]);
			$this->fileInfo['size'] = $_FILES[$uploadName]["size"];
			$this->fileInfo['temp'] = $_FILES[$uploadName]["tmp_name"];
			if($this->fileInfo['size']< $this->maxSize){
				if(strlen($this->allowedExt)>0){
					$exts = explode(',',$this->allowedExt);
					if(in_array($this->fileInfo['ext'],$exts)){
						return true;
					}
					echo 'Invalid file extension. Allowed extensions are '.$this->allowedExt;
					return false; //failed ext
				}
				echo 'Sorry but there is an error in our server. Please try again later.';
				return false; //All ext allowed
			}else{
				if($this->maxSize < 1000000){
					$rsi = round($this->maxSize/1000,2).' Kb';
				}else if($this->maxSize < 1000000000){
					$rsi = round($this->maxSize/1000000,2).' Mb';
				}else{
					$rsi = round($this->maxSize/1000000000,2).' Gb';
				}
				echo 'File is too big. Maximum allowed size is '.$rsi;
				return false; //failed size
			}
		}
		echo 'Oops! An unexpected error occurred, please try again later.';
		return false; //Either form not submitted or file/s not found
	}
 
	function upload($name,$dir,$fname=false){
		if(!is_dir($dir)){
			echo 'Sorry but there is an error in our server. Please try again later.';
			return false; //Directory doesn't exist!
		}
		if($this->check($name)){
			//Process upload. All info stored in array fileinfo:
			//Dir OK, keep going:
			//Get a new filename:
			if(!$fname){
				$this->fileInfo['fname'] = $this->generateRandStr(15).'.'.$this->fileInfo['ext'];
			}else{
				$this->fileInfo['fname'] = $fname;
			}
			while(file_exists($dir.$this->fileInfo['fname'])){
				$this->fileInfo['fname'] = $this->generateRandStr(15).'.'.$this->fileInfo['ext'];
			}
			//Unique name gotten
			// Move file:
			if(@move_uploaded_file($this->fileInfo['temp'], $dir.$this->fileInfo['fname'])){
				//Done
				return true;
			}else{
				echo 'The file could not be uploaded, although everything went ok :S ... Please try again later.';
				return false; //File not moved
			}
		}else{
			return false;
		}
	}
 
};
//Initialize the object:
$up = new Uploader;
?>
 

Alright this is the code. You shouldn't have to modify it, simply include it where you process the upload and the class will initiate itself inside the variable $up

Usage:

For this example I will suppose you have a basic HTML form as follows:

 
<form action="process.php" method="post" enctype="multipart/form-data">
<input name="uploadPic" type="file" />
<input name="upload" type="submit" value="Upload" />
</form>
 

As you can see, the action is process.php, which is, in this example, where the picture upload will be processed.

In the file process.php we will first include the upload handler, then configure it, and finally try to upload the file into the directory pictures/. Please take into account that it must be writable (CHMOD 777)

process.php:

 
< ?php
//include the class:
include('handleUpload.php');
$up->config('2000000','jpg,gif,png');
if($up->upload('uploadPic','pictures/')){
	echo 'File uploaded. File information: ';
	echo $up->fileInfo['ext'].'';
	echo $up->fileInfo['name'].'';
	echo $up->fileInfo['size'];
}
// If the file was not uploaded, the error will have been echoed automatically
?>
 

As you can see there is no }else{ because the handler echoes the errors by itself. You can change this behavior easily by setting up your own function as desired.

In this example we have configured it to allow a maximum of 2000000 bytes per upload, and only jpg, gif, and png pictures.

Now that the file is uploaded you have some information about it in the $up object. The format ($up->fileInfo['ext']), the name ($up->fileInfo['name']), and finally the size in bytes ($up->fileInfo['size']).

The handler also generates a random name, and ensures it is not already in the directory. The new name is stored in the fileInfo array as mentioned above.

I hope you found this useful :)

Creating an IRC bot in PHP from scratch

7
1421 days
by in PHP, Programming, Web-related

IRC Bot :DI came across several articles about this topic, and I decided to take a look at it, combine them, and actually have the bot work.

The way this bot works is it will open up a server, join an IRC chat channel and post a message, going into idle status after that, waiting to receive a ping in response. If you don't want to wait, once the message is posted you can cancel page loading and enter the page again (Not reload it, since that would send the message again), and you would have the message posted.
A good use for this bot (Although not recommended because of the high traffic) would be to send messages to hundreds of different IRC channels, or to have the program refresh the page every minute or so and send a message to certain IRC channels every x time.

We will create a new file, named "irc_bot.php" with the following function:

 
< ?php
function writeIRC($msg){
	// define your variables
	$host = "irc.dal.net";
	$port=6666;
	$nick="demoTester";
	$ident="DemoTester";
	$chan="#frih";
	$readbuffer="";
	$realname = "Demo Tester";
 
	// open a socket connection to the IRC server
	$fp = fsockopen($host, $port, $erno, $errstr, 30);
 
	// print the error if ther eis no connection
	if (!$fp) {
		echo $errstr." (".$errno.")\n";
	} else {
		// write data through the socket to join the channel
		fwrite($fp, "NICK ".$nick."\r\n");
		fwrite($fp, "USER ".$ident." ".$host." bla :".$realname."\r\n");
		fwrite($fp, "JOIN :".$chan."\r\n");
 
		// write data through the socket to print text to the channel
		fwrite($fp, "PRIVMSG ".$chan." :$msg\r\n");
 
		$timep = 0; //set up timer
		$timep = round(microtime(), 3); //start microtime
		// loop through each line to look for ping
		 while (!feof($fp)) {
 
			$line =  fgets($fp, 128);
			echo $line."\n";
 
			$line = explode(":ping ", $line);
 
			echo $line[0]."\n";
 
			if ($line[1]) {
 
				fwrite($fp, "PONG ".$line[1]."\r\n");
			}
			$time2 = round(microtime(), 3); //set up second timer
			$gen = $time2 - $timep; //find the difference
			if($gen > 30){
				//timeout - break loop
				echo '
 
Operation finished without receiving ping. Check out the stats iframe to see your message.
 
';
				break;
			}
		}
 
		fclose($fp);
	}
}
?>

Using it:

So now you should join a channel in the server you like, for this example I will be using one of frihost.com's IRC channels (Server: irc.dal.net Channel: #frih)

The way you would use this bot would be to send messages every set period of time for example, with loop functions, or to manage IRC channels, if you leave the last loop of code and you examine every single line posted on the channel.
You could also use it to warn users, or to post to several channels at the same time... The uses are varied, and here you have a base code to start from... :D

Have fun, and if you use it, post a link in the comments and I'll include it here in the article, as examples of usage.

Example of Bot working

Well I have created a simple page that will use POST to send data to the IRC server, and then I included the channel stats in an iframe below, so you can see the results live... ;) It's pretty cool, so try it, and if you wonder how it is done download the demo page.

  1. Go to demo page
  2. Download demo page (3kb)

For any questions/suggestions please comment

Go to Top