On 6 June 2010 19:56, Raymond Irving wrote:
> Hello,
>
> Sorry to have to be writing to you directly. I've tried sending this email
> to the mailing list but it keeps returning with a failure message:
>
> Remote host said: 550 5.7.1 reject mailfrom [sbl]
>
> It appears that my yahoo about has been
On 6 June 2010 19:56, Raymond Irving wrote:
> Hello,
>
> Sorry to have to be writing to you directly. I've tried sending this email
> to the mailing list but it keeps returning with a failure message:
>
> Remote host said: 550 5.7.1 reject mailfrom [sbl]
>
> It appears that my yahoo about has been
On 7 June 2010 04:20, Skip Evans wrote:
> Hey Ash & all,
>
> Thanks for that detailed explanation.
>
> This is a lot of what I was thinking. Cookies can get deleted, etc, and all
> the other things that can toss wrenches into this.
>
> To clarify, they want to limit a single user to two machines m
Hi Folks!
The portal for which I work is suffering constant attacks that I feel that
is PHP Injection. Somehow the hacker is getting to change the cache files
that our system generates. Concatenating the HTML file with another that
have an iframe to a malicious JAR file. Do you have any suggestion
On Mon, 2010-06-07 at 09:54 -0300, Igor Escobar wrote:
> Hi Folks!
>
> The portal for which I work is suffering constant attacks that I feel that
> is PHP Injection. Somehow the hacker is getting to change the cache files
> that our system generates. Concatenating the HTML file with another that
On Sun, 6 Jun 2010 13:56:25 -0500, Raymond Irving wrote:
> Here's the script. Can anyone confirm this error or is there a known
> workaround?
>
>
> $html = '
>
>
>
>
>
> var html = "Bold Text,Normal Text";
> document.write(html);
On 7 June 2010 14:54, Igor Escobar wrote:
> Hi Folks!
>
> The portal for which I work is suffering constant attacks that I feel that
> is PHP Injection. Somehow the hacker is getting to change the cache files
> that our system generates. Concatenating the HTML file with another that
> have an ifra
On Jun 7, 2010, at 8:54 AM, Igor Escobar wrote:
Hi Folks!
The portal for which I work is suffering constant attacks that I
feel that
is PHP Injection. Somehow the hacker is getting to change the cache
files
that our system generates. Concatenating the HTML file with another
that
have a
Hi Ashley!
Thanks for helping us!
OK, first thing, check all the file access logs, i.e. FTP logs, etc, just to
make sure that it's not a case of a compromised password. There's a
well-known issue with people who use FileZilla on Windows systems that
allows passwords to be easily stolen.
*
*
*We'v
This was my fear.
Regards,
Igor Escobar
Systems Analyst & Interface Designer
+ http://blog.igorescobar.com
+ http://www.igorescobar.com
+ @igorescobar (twitter)
On Mon, Jun 7, 2010 at 10:05 AM, Peter Lind wrote:
> On 7 June 2010 14:54, Igor Escobar wrote:
> > Hi Folks!
> >
> > The portal
I do not believe he is doing so through forms but PHP Injection. We have
already met one of the files that he used to make the concatenation of the
cache files. Need to know if there is a tool, anything, that we can install
on the server and identify the hacker more easily because the manual labor
There should be some clues in your httpd logs if it is coming in on the
http request. Otherwise, you need to beef up the input sanitization all
across the board. Some of that might be caught by verifying the users
all have current versions of their applications in place.
Bob McConnell
-Origin
I need to test for the existence of at least one punctuation (@#$%') character
in a string. What would my regular expression be?
Thanks!
Floyd
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
On Mon, 2010-06-07 at 12:11 -0400, Floyd Resler wrote:
> I need to test for the existence of at least one punctuation (@#$%')
> character in a string. What would my regular expression be?
>
> Thanks!
> Floyd
>
>
/[...@#\$%\']/
That will match against at least one of those characters you sp
May be this:
/.*?[(@#$%].*/
"Floyd Resler" escreveu na mensagem
news:3c7c9ee4-786e-4447-859e-ad0556359...@adex-intl.com...
I need to test for the existence of at least one punctuation (@#$%')
character in a string. What would my regular expression be?
Thanks!
Floyd
--
PHP General Mailing
On Mon, 2010-06-07 at 13:18 -0300, Jo?o C?ndido de Souza Neto wrote:
> May be this:
>
> /.*?[(@#$%].*/
>
> "Floyd Resler" escreveu na mensagem
> news:3c7c9ee4-786e-4447-859e-ad0556359...@adex-intl.com...
> I need to test for the existence of at least one punctuation (@#$%')
> character in a s
On 7 June 2010 18:11, Floyd Resler wrote:
> I need to test for the existence of at least one punctuation (@#$%')
> character in a string. Â What would my regular expression be?
>
I'm certain you'd be capable of finding out if you read a bit on
http://www.regular-expressions.info/ or any of the n
On 7 June 2010 18:26, Ashley Sheridan wrote:
> On Mon, 2010-06-07 at 13:18 -0300, Jo?o C?ndido de Souza Neto wrote:
>
>> May be this:
>>
>> /.*?[(@#$%].*/
>>
>> "Floyd Resler" escreveu na mensagem
>> news:3c7c9ee4-786e-4447-859e-ad0556359...@adex-intl.com...
>> I need to test for the existence of
It's not that bad.
Use filter functions and sanity checks for input.
Use htmlspecialchars() basically on output.
That should take care of basically everything.
On Jun 7, 2010, at 6:16 AM, Igor Escobar wrote:
This was my fear.
Regards,
Igor Escobar
Systems Analyst & Interface Designer
+ ht
It's not a SQL Injection or XSS problem, Michael.
It's a PHP Injection problem. I know how fix that but the web site is very
very huge, have lots and lots of partners and i'm have a bug difficult do
identify the focus of the problem.
Got it?
Regards,
Igor Escobar
Systems Analyst & Interface Des
On Mon, 2010-06-07 at 10:38 -0700, Michael Shadle wrote:
> It's not that bad.
>
> Use filter functions and sanity checks for input.
>
> Use htmlspecialchars() basically on output.
>
> That should take care of basically everything.
>
> On Jun 7, 2010, at 6:16 AM, Igor Escobar wrote:
>
> > Thi
Oh yeah. I do more than just intval() I make sure they didn't feed me
anything BUT numeric text first. I do sanity check before type
forcing :)
I use garbage in garbage out. So I take what is given to me and yes I
escape if before the db of course as well, and then encode on output.
On Ju
On Mon, 2010-06-07 at 14:42 -0300, Igor Escobar wrote:
> It's not a SQL Injection or XSS problem, Michael.
>
> It's a PHP Injection problem. I know how fix that but the web site is very
> very huge, have lots and lots of partners and i'm have a bug difficult do
> identify the focus of the problem
Hello,
I've got a form with two combo boxes, one for the month one for the
day. Both are required. I've got code that checks the post submission
to ensure neither is empty. My problem is that if a user does not
select anything in the combo boxes January first is sent, this i don't
want. If they hav
On Mon, 2010-06-07 at 10:48 -0700, Michael Shadle wrote:
> Oh yeah. I do more than just intval() I make sure they didn't feed me
> anything BUT numeric text first. I do sanity check before type
> forcing :)
>
> I use garbage in garbage out. So I take what is given to me and yes I
> escape i
I think we're getting off topic here folks...
Regards,
Igor Escobar
Systems Analyst & Interface Designer
+ http://blog.igorescobar.com
+ http://www.igorescobar.com
+ @igorescobar (twitter)
On Mon, Jun 7, 2010 at 2:51 PM, Ashley Sheridan
wrote:
> On Mon, 2010-06-07 at 10:48 -0700, Michael
You could do generic things to modify the $_GET and other superglobal
arrays. For example if you wanted to implement magic quote yourself
have a recursive function (I'd paste one but I'm on my phone) but
something akin to this:
$_GET = your_function_name($_GET);
An idea for you might be to
On Mon, 2010-06-07 at 13:49 -0400, David Mehler wrote:
> Hello,
> I've got a form with two combo boxes, one for the month one for the
> day. Both are required. I've got code that checks the post submission
> to ensure neither is empty. My problem is that if a user does not
> select anything in the
Because that only typecasts it. It's safe but it isn't what the user
actually entered.
This way I can actually determine if the user put in "123abc" and
reject it, not accept it and keep the "123" silently for example. Same
with floats. You may or may not consider a negative number acceptab
PHP Injection is the technical name given to a security hole in PHP
applications. When this gap there is a hacker can do with an external code
that is interpreted as an inner code as if the code included was more a part
of the script.
// my code...
// my code...
include ('http:///externalhacks
--
---
http://sperling.com http://ancientstones.com http://earthstones.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
I'm totally agree with you Ash,
I came up here to ask you guys some for light. Anything to well me to track
that M%$#% F#$CK#$# and discover from where he's attacking.
Regards,
Igor Escobar
Systems Analyst & Interface Designer
+ http://blog.igorescobar.com
+ http://www.igorescobar.com
+ @igores
I couldn´t resist.
"tedd" escreveu na mensagem
news:p0624080cc832e662f...@[192.168.1.102]...
>
> --
> ---
> http://sperling.com http://ancientstones.com http://earthstones.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
I couldn´t resist.
"tedd" escreveu na mensagem
news:p0624080cc832e662f...@[192.168.1.102]...
>
> --
> ---
> http://sperling.com http://ancientstones.com http://earthstones.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
I disagree and this kind of approach could be appropriate if you walk
your input globals and apply some sanity checks and appropriate
filtering you could fix the issue.
On Jun 7, 2010, at 10:52 AM, Igor Escobar wrote:
I think we're getting off topic here folks...
Regards,
Igor Escobar
S
On Mon, 2010-06-07 at 15:00 -0300, Igor Escobar wrote:
> PHP Injection is the technical name given to a security hole in PHP
> applications. When this gap there is a hacker can do with an external
> code that is interpreted as an inner code as if the code included was
> more a part of the script.
From: Ashley Sheridan
> On Mon, 2010-06-07 at 15:00 -0300, Igor Escobar wrote:
>
>> PHP Injection is the technical name given to a security hole in PHP
>> applications. When this gap there is a hacker can do with an external
>> code that is interpreted as an inner code as if the code included was
Hi Adam,
Thanks for the update but I'm thinking that it would be much easier if the
DOM parser could just ignore the contents of the tags when parsing
HTML content. This way we would not have to out JavaScript or force uses to
add JavaScript to a separate file.
What do you think?
__
Raymond Irv
Hi Richard,
I believe putting around the HTML will not work when using
and it will also prevent the html from being parsed into
nodes that can be access via the DOM APIs
Or should the html that is inside the JS be urlencoded?
This works but the only drawback is that we would have
Thanks Nisse. This works great!
I just wish the HTML DOM parser could just ignore the contents of the
Hi,
empty() cannot check the return value of the method or function. which would
be the best workaround?
empty($class->method()) // gets an error
i could do
$method_return_value = $class->method() and then run empty() on
$method_return_value or is there an better option? i would like to do
On Mon, Jun 7, 2010 at 3:30 PM, Raymond Irving wrote:
> Hi Adam,
>
> Thanks for the update but I'm thinking that it would be much easier if the
> DOM parser could just ignore the contents of the
On Mon, 2010-06-07 at 22:40 +0300, Tanel Tammik wrote:
> Hi,
>
> empty() cannot check the return value of the method or function. which would
> be the best workaround?
>
> empty($class->method()) // gets an error
>
> i could do
>
> $method_return_value = $class->method() and then run empty(
On 6/7/2010 9:15 PM, João Cândido de Souza Neto wrote:
I couldn´t resist.
"tedd" escreveu na mensagem
news:p0624080cc832e662f...@[192.168.1.102]...
--
---
http://sperling.com http://ancientstones.com http://earthstones.com
me too ;)
--
PHP General Mailing List (http://www.php.n
"Peter Lind" wrote in message
news:aanlktilqkz8dnc0zacfv70tctf2wqkgpzojccqtuw...@mail.gmail.com...
> On 1 June 2010 17:33, Ashley Sheridan wrote:
>> On Tue, 2010-06-01 at 16:31 +0100, Richard Quadling wrote:
>>
>>> $re1 = '/^[a-z]++$/i';
>>> $re2 = '/^[a-z ]++$/i';
>>>
>>>
>>>
>>> --
>>> -
"Ashley Sheridan" wrote in message
news:1275940320.2248.40.ca...@localhost...
> On Mon, 2010-06-07 at 22:40 +0300, Tanel Tammik wrote:
>
>> Hi,
>>
>> empty() cannot check the return value of the method or function. which
>> would
>> be the best workaround?
>>
>> empty($class->method()) // get
On 7 June 2010 21:52, Ashley Sheridan wrote:
> On Mon, 2010-06-07 at 22:40 +0300, Tanel Tammik wrote:
>
>> Hi,
>>
>> empty() cannot check the return value of the method or function. which would
>> be the best workaround?
>>
>> empty($class->method()) // gets an error
>>
>> i could do
>>
>> $meth
"Peter Lind" wrote in message
news:aanlktinmvaqv-hdgjlq_dwoquvojbbmbfrixnxvqk...@mail.gmail.com...
On 7 June 2010 21:52, Ashley Sheridan wrote:
> On Mon, 2010-06-07 at 22:40 +0300, Tanel Tammik wrote:
>
>> Hi,
>>
>> empty() cannot check the return value of the method or function. which
>> woul
Hey - It looks like a PHP form on my server is insecure and is being used to
send spam. This is Rackspace's best guess. The problem is there are SO MANY
forms on all the web sites on this server that it would be a nightmare task to
try and look at them all to be sure they're properly secured.
I
On 07/06/2010 20:00, Igor Escobar wrote:
PHP Injection is the technical name given to a security hole in PHP
applications. When this gap there is a hacker can do with an external code
that is interpreted as an inner code as if the code included was more a part
of the script.
// my code...
// my
On 7 June 2010 22:25, Brian Dunning wrote:
> Hey - It looks like a PHP form on my server is insecure and is being used to
> send spam. This is Rackspace's best guess. The problem is there are SO MANY
> forms on all the web sites on this server that it would be a nightmare task
> to try and look
Brian Dunning wrote:
> Hey - It looks like a PHP form on my server is insecure and is being used to
> send spam. This is Rackspace's best guess. The problem is there are SO MANY
> forms on all the web sites on this server that it would be a nightmare task
> to try and look at them all to be sure
On Mon, Jun 07, 2010 at 01:25:28PM -0700, Brian Dunning wrote:
> Hey - It looks like a PHP form on my server is insecure and is being used to
> send spam. This is Rackspace's best guess. The problem is there are SO MANY
> forms on all the web sites on this server that it would be a nightmare tas
Agreed that's a great overall strategy but what I need now is a way to track
down the offending script, within the next few days if possible.
On Jun 7, 2010, at 1:35 PM, Jim Lucas wrote:
> Change all the forms to use a single
> processing script and then you won't have such a big problem trackin
Hello,
I've got a form with three fields that are not required for proper
completion of it, ending month, day, year fields. If a user enters
nothing no problem, but if those form fields are entered I need them
validated. They have to be in the correct format -MM-DD date
format and that value al
Brian Dunning wrote:
Agreed that's a great overall strategy but what I need now is a way to track
down the offending script, within the next few days if possible.
On Jun 7, 2010, at 1:35 PM, Jim Lucas wrote:
Change all the forms to use a single
processing script and then you won't have such a
I think I must have misstated the problem. Thanks to everyone for the replies,
but the question is not how to fix it, it's how to find the script being
attacked. Many different admins manage many different sites on this server, and
I can't even begin to guess how many mail forms are on there fro
On Mon, 2010-06-07 at 22:54 +0300, Tanel Tammik wrote:
> "Peter Lind" wrote in message
> news:aanlktilqkz8dnc0zacfv70tctf2wqkgpzojccqtuw...@mail.gmail.com...
> > On 1 June 2010 17:33, Ashley Sheridan wrote:
> >> On Tue, 2010-06-01 at 16:31 +0100, Richard Quadling wrote:
> >>
> >>> $re1 = '/^[a-
On Mon, 2010-06-07 at 16:51 -0400, David Mehler wrote:
> Hello,
> I've got a form with three fields that are not required for proper
> completion of it, ending month, day, year fields. If a user enters
> nothing no problem, but if those form fields are entered I need them
> validated. They have to
On Mon, 2010-06-07 at 14:34 -0700, Brian Dunning wrote:
> I think I must have misstated the problem. Thanks to everyone for the
> replies, but the question is not how to fix it, it's how to find the script
> being attacked. Many different admins manage many different sites on this
> server, and
Well you coud do just that but after you turn it back on. Set up a
fresh error log based on the reset of the mail server. You then have
some kind of script monitoring the in and out of your server.
Disconnecting the mail server momentarily and maybe a pass reset for
your users would stunt t
Brian Dunning wrote:
> I think I must have misstated the problem. Thanks to everyone for the
> replies, but the question is not how to fix it, it's how to find the script
> being attacked. Many different admins manage many different sites on this
> server, and I can't even begin to guess how man
I'm currently geotargeting all the IPs in the log, and focusing on the hits
from Russia (the majority of these apache@ spams seem to be Russian). I've got
a much shorter list of scripts to look at now. Hopefully I'll find some that
just use mail() with no scrubbing.
--
PHP General Mailing List (
On Mon, 2010-06-07 at 17:29 -0700, Brian Dunning wrote:
> I'm currently geotargeting all the IPs in the log, and focusing on the hits
> from Russia (the majority of these apache@ spams seem to be Russian). I've
> got a much shorter list of scripts to look at now. Hopefully I'll find some
> that
David Mehler wrote:
> Hello,
> I've got a form with three fields that are not required for proper
> completion of it, ending month, day, year fields. If a user enters
> nothing no problem, but if those form fields are entered I need them
> validated. They have to be in the correct format -MM-DD
Sorry everyone, I know this isn't PHP related and I hope I'm not out of line,
If I am I sincerly appologize. I don't know who else I could ask.
What I want to know if anyone can reconize this font. I have searched the web
high and low and can't find any matching letter "A's" in the font examples
Hi Dave,
It is called "Fine Hand" I believe. Found a copy here.
http://www.fonts.com/FindFonts/Detail.htm?pid=203813&/cgi-bin/
MsmGo.exe?grab_id=0&page_id=8346&query=HANDWRITING&SCOPE=Fonts
HTH,
Karl
On Jun 7, 2010, at 9:01 PM, David McGlone wrote:
Sorry everyone, I know this isn't PHP re
On Mon, Jun 07, 2010 at 02:34:23PM -0700, Brian Dunning wrote:
> I think I must have misstated the problem. Thanks to everyone for the
> replies, but the question is not how to fix it, it's how to find the script
> being attacked. Many different admins manage many different sites on this
> serv
I've got a file of passwords I'd like to encrypt/decrypt using blowfish. I'd
like to be able to do so with PHP and via the command line. I have a
Linux utility call "bcrypt" which encrypts/decrypts files using
blowfish. And I'm using the following code under PHP to do
encryption/decryption:
$raw_d
On Mon, Jun 7, 2010 at 10:22 PM, Karl DeSaulniers wrote:
> Hi Dave,
> It is called "Fine Hand" I believe. Found a copy here.
>
>
> http://www.fonts.com/FindFonts/Detail.htm?pid=203813&/cgi-bin/MsmGo.exe?grab_id=0&page_id=8346&query=HANDWRITING&SCOPE=Fonts
>
> HTH,
>
> Karl
>
>
>
>
> On Jun 7, 2010
On Mon, Jun 7, 2010 at 11:20 PM, Paul M Foster wrote:
> I've got a file of passwords I'd like to encrypt/decrypt using blowfish.
> I'd
> like to be able to do so with PHP and via the command line. I have a
> Linux utility call "bcrypt" which encrypts/decrypts files using
> blowfish. And I'm using
On Mon, Jun 07, 2010 at 11:59:14PM -0400, Adam Richardson wrote:
> On Mon, Jun 7, 2010 at 11:20 PM, Paul M Foster
> wrote:
>
> I've got a file of passwords I'd like to encrypt/decrypt using blowfish.
> I'd
> like to be able to do so with PHP and via the command line. I have a
>
Are you running the latest version of PHP?
If not you should check for PHP vulnerabilities for the version that you
have installed. You should also check your OS and web server software for
security holes.
On Mon, Jun 7, 2010 at 7:54 AM, Igor Escobar wrote:
> Hi Folks!
>
> The portal for which
Well it actually failed when loadHTML() is used.
The strange thing is that it will fail regardless of the "--" characters:
"Unexpected end tag : strong in Entity"
__
Raymond Irving
On Mon, Jun 7, 2010 at 2:50 PM, Andrew Ballard wrote:
> On Mon, Jun 7, 2010 at 3:30 PM, Raymond Irving wrote:
>
74 matches
Mail list logo
