I have some php (php 7.4) program that is connected to a Webserver that causes problems when I do not use a VPN.
Sadly, we just using the server without any rights to config it.
So if you need something specific I can ask for this Information.
There are some Serverinformations
DB-Server
Server-Type: MariaDB
Server-Version: 10.4.20 MariaDB - MariaDB Server
Webserver
Apache/2.4.37(centos)
PHP-Ext: mysqli, curl, mbstring
PHP-Version: 7.3.20
phpinfo():
PHP 7.4.18
Other People testing the program getting same results.
My php program is working flawlessly with VPN and local.
Now here is the issue:
It is some straight-forward program. You need to answer the questions to get further and after some time you can end the program. A Survey, you can start it by typing the URL in any Browser you find.
#Thats bringing me to this point#
Program interrupts randomly (no specific site or element) while work through. Leaving TimeOut Website and deprecated non-js Modules console-message. Apparently things are deprecated.
#Now I use VPN#
Program does not interrupt at any point. This procedure is working for every Person testing the Program. This means, I do not get the message "deprecated non-js modules".
Either things are not deprecated or there are other reasons making the Program work without timeout.
Error-Code
Website
ERR_CONNECTION_TIMED_OUT
Console of Chrome
VM9:7146 crbug/1173575, non-JS module files deprecated.
My Doings and Ideas:
I checked the whole Program for deprecated elements, tags, functions...
-> Using PHPStorm and:
ini_set('display_errors', 1)
ini_set('display_startup_errors', 1)
error_reporting(E_ALL)
-> There were something. Every used deprecated something could be replaced easily. Lucky me.
IP-Adress is stable while working through the program.
Program is working local. Tested it 50 times without any interruptions.
Program is working with VPN. Tested it...
Session variables expire after 6 hours.
classic mysqli_connect.
session cookies.
using css and js files.
using other php files for configs and better organisation.
####New Facts
I tested some other php program (more complex - needed to add "preventDefault()" to make it work for Chrome/Safari). Using same files and every function of the contaminated php program. And no timeouts without VPN.
-> Now I think it is the specific program. But why? There is nothing new in use.
Differences:
The corrupted program shows some text and answer options you need to click to get to the next site. Website timeouts occur randomly when I press the radio button to send the value.
New program shows also some text and these answer options. But you can interact with it. After you press the radio button, you get pictures and buttons which are telling you what to do. I added a simple event handler (js) to show these pictures and buttons and hide em (depends on the condition the program gives you). It is using the same functions to send values, present pictures/texts, hop to the next page. It has generally more pages, therefore more texts, pictures.
The VPN I use must be very close to the server. But cannot tell for sure. It is something like an university-vpn to access specific things.
Tested it with handy-network (5G). No timeouts! I asked people to test it, so we get some stability-statistics.
It is important that people (not only me) outside this vpn-network can access the program and end it successfully!
Can you show me some lead I can follow?
Thank you. :)
I solved my problem, contacting the server-support.
Firewall rules are very strict and blacklisted people who are testing the program with >1 click per second. Apparently that is the behavior of a bot.
That explains also the working other php-program, which uses same functions, files, everything. There, you couldn't be faster than 1 click per second because you need to wait for some elements to show you what to do before sending produced values.
Special thanks to ADyson! :)
Related
I have a quite simple php page (PHP 5.5.35 on CentOS 5.11) that queries a MySQL database. The resulting page shows completely, including the footer I include as a final instruction, so the PHP script runs entirely without error.
Almost every images and js libraries are loaded. However, there are two elements that are never loaded, an image and a jquery library. Each time and with any browser, those elements generate a (in Chrome, for instance) :
Failed to load ressource : net::ERR_CONNECTION_RESET
For testing purpose, I tried to delete those element from the page, ultimately, it is the favicon that can't be loaded. So it seems not to be those elements in particular. The connection seems to be reseted at some point between the PHP script completion and the page loading… and I don't have the beginning of any clue where I should start the troubleshoot.
Some other informations :
Apache logs don't log anything !
The other pages of the site works well
The site works without any problem on my local machine (Mac OS X, PHP 5.5.35 too)
Once the page is loaded, if I click any link on it, it shows a "Connection reseted" error page.
Does anybody have a clue, anything about where to start my search ? Thanks in advance, I am starting to desperate.
It happened that after searching everywhere, the cause was simply that I was handling a lot of parameters through GET – too many of them. I changed the code for using POST and everything worked miraculously… Hope it may help someone, sometime !
After asking this question, someone pointed on the right direction of not being able to execute a second script at all if one was already running.
I usually make apps which rely on the execution of AJAX calls to PHP pages, and today I found that trying to write on a file with fwrite() on a PHP script and trying to read that same file with fread() (to get progress feedback) on another AJAX call ended up in the second script only being executed when the first one had already finished.
Even trying to echo a simple "hello" (echo "hello"; exit;) would not show nothing on the page until the first script was finished.
So, I'm asking: is this a normal configuration? Is this the same on every installation of PHP by default? Is some configuration on php.ini that I can change?
Or it has to do with the server (in my case, Microsoft IIS 10)? Can someone shed some light on how to be able to execute multiple PHP scripts on different AJAX calls at once (or before the others finish)?
I know I'm not giving much information about the settings of my context, but I don't know neither where to look into.
Thank you everyone for your time and help!
As Luis said it could be a write-lock on the file that you're trying to modify. However another possibility if you're using sessions that use files (rather than a database), or a framework that uses file-based-sessions - then this behavior could also be a result of session-locking. My money would be on Luis' answer though - you should probably be using a database rather than a file unless you have a solid reason not to.
Sadly I have run into a very big problem. I noticed that on a website (not mine anyway) there was a file with avery long obfuscated string (over 70.000 chars) with this:
eval(gzuncompress(base64_decode("CODE")));
I wanted to deobfuscate it locally on my PC but finally i decided to use the lazy way using one of the many online deobfuscator tools. As soon as i clicked on "Deobfuscate" i was able to see the output just for a few seconds. From that moment it seems that i can no longer access to pages where online deobfuscators are hosted. For example i can't open this page (Connection Aborted) even if i can properly browse all other pages:
http://www.whitefirdesign.com/tools/deobfuscate-php-hack-code.html
It's like if all these tools get banned from my PC on every browser and user account. Only few of them are still accessible like MobileFish:
http://www.mobilefish.com/services/eval_gzinflate_base64/eval_gzinflate_base64.php
But no one of them is able to process my requests. It's like if this php script is a pure devil. I suppose that my PC has been compromised in some way since i can't open some particular websites even if both MalwareBytes and Avast can't find anything wormy. Any ideas? What this script does?
http://pastebin.com/yf6R1rVK
The code has been put there through some sort of other vulnerability on the site. Here's the deobfuscated PHP, run at your own peril. It looks like some sort of shell which would allow attackers to run certain commands/farm information on the server it's hosted on
https://gist.github.com/jtylr/4fd6240ddcd046e62535
The code has been encoded and compressed, base64_decode() decodes the string, gzuncompress() decompresses it and eval() (see: evil) will then run the string.
I've run into some malicious code before that was injected into some vBulletin forums I was responsible for. Generally this malicious code is executed on the remote machine by being dumped onto the box as a bunch of bites, and then set up to be decoded, decompressed, and evaluated as suggested by that line you have.
It could have done anything.
Perhaps check your machines' host file and see if there are any strange entries that may prevent you from visiting those web pages.
C:\Windows\System32\drivers\etc\hosts
(Assuming you are on Windows. Look for anything suspicious in there and remove it.)
Could also be something in there preventing your anti-virus software from running, or it may be that no actual viral loads were delivered and that you've simply had your host file rewritten.
I doubt you are infected. The code is some kind of shell, that is certainly bad news for the site you found it on, but the simple act of viewing the code string wont effect you.
You can see the deobed code here: http://pastebin.com/QDvnAzZw
What i expect has happened is that your antivirus software scans webpages as you visit them, and recognized the deobed code as malicious, thus cutting the connection to the site.
I imagine the site is then flagged as malicious by your antivirus, thus blocking later attempts to visit it.
If i am correct, you probably wont be able to see the pastebin page linked above.
The solution is specific to your AV program.
here is the decoded malicious code (this link is a tiny paste , don't worry)
First rapid investigation (i didn't decode the python part) seem to try open backdoors in wordpress & joomla admins.
I have an Android application that is connectiont to a web server running MySQL DB. On the web server I have php files that run scripts and return JSON Objects to the client (application). I recently upgraded the versions of my web server and as of then, the SELECT statements are no longer returning anything to the client if they have parameteres, however if I run a SELECT with no parameters, it works fine. Has anyone ever encountered a similar problem?
To be more clear about my question:
Is there anyway I can debugphp scripts?
I thought maybe debugging via a web browser wouldn't work because the client is triggering the php files directly and not a direct access to the web.
All help is much appreciated!
Chrome has a set of tools that let you remote debug from your android.
Check them out: https://developers.google.com/chrome-developer-tools/docs/remote-debugging
You could wirte your own error handler an let him wirting some debug informations to a own log-file. than you can read the log file and check it for errors
Look at the MySQL error log and the php error log on your server
Check you activated the correct php_mysql* extensions in the newly upgraded PHP
Run the scripts on the server through a browser with the same parameters that your app uses, watch for errors
Upgrade the PHP code running on the server so it captures any errors and does something OBVIOUS with them.
I would recommend to use XDEBUG for debugging PHP code, or any analogue for yours web server. It is really simple to set-up and use it with any PHP IDE (like Netbeans) and it gives you a lot of abilities to explore your application condition. There is no difference in what browser you will open link with ?XDEBUG_SESSION_START=netbeans-xdebug parameter.
Also you can watch MySQL and Web-server logs.
If you cannot do anything above and you need to watch network action (AJAX requests), you can set-up ADB and use chrome developer console for debugging js (or to see php var_dump() in ajax calls) in you android chrome browser.
If you need to debug js in native android browser - try to redirect to "about:debug" page, and after this you will be able to see browsers js console (in some cases this button appears only when console has something to show - error or any othe message, in some cases it just doesn't work).
Update Watch Duplicate Copy Move
As mentioned by others, you can debug using the error logs given by mysql and php. There are also IDEs which come with debugging tools for scripting languages like php.
With an IDE like phpStorm by JetBrains, which I highly recommend using over just a normal text editor, you can configure data sources like a connection to your MySQL db. This is useful because you can run scripts in the IDE and see whether it's the retreival of the data from your db or something in your scripts or handling of the JSON object back in the client. So if you configure a data source and run those same scripts and you get the correct data back then you know there is either something wrong in the code where you send the data or something wrong in the code where you receive it.
**p.s. I know that I am 5 years (oh my days its been 5 years since 2013) late to this post but none the less you never know who may be having this same issue and they stumble accross this answer
1st - Setup Xdebug for remote debugging with your IDE(Eclipse, PHPStrom, etc), and put breakpoints in your script.(for example here's link for setting up eclipse envirompment).
2-nd - When sending your url request to server add parametres to your url(http://your/url.php&XDEBUG_SESSION_START=ECLIPSE_DBGP&KEY=XXXXX,
-1st parameter - XDEBUG_SESSION_START=ECLIPSE_DBGP starts debugging session. (as for me I am using eclipse IDE for developing, so my key will be ECLIPSE_DBGP).
-2nd parameter - KEY=XXXXXX - is a session number(type any number here).
After that you'll get your code breaks at your debugging point in your script.
I'm considering the idea of a browser-based PHP IDE and am curious about the possibility of emulating the command line through the browser, but I'm not familiar enough with developing tools for the CLI to know if it's something that could be done easily or at all. I'd like to do some more investigation, but so far haven't been able to find very many resources on it.
From a high level, my first instinct is to set up a text input which would feed commands to a PHP script via AJAX and return any output onto the page. I'm just not familiar enough with the CLI to know how to interface with it in that context.
I don't need actual code, though that would be useful too, but I'm looking for more of which functions, classes or APIs I should investigate further. Ideally, I would prefer something baked into PHP (assume PHP 5.3) and not a third-party library. How would you tackle this? Are there any resources or projects I should know about?
Edit: The use case for this would be a localhost or development server, not a public facing site.
Call this function trough a RPC or a direct POST from javascript, which does things in this order:
Write the PHP code to a file (with a random name) in a folder (with a random name), where it will sit alone, execute, and then be deleted at the end of execution.
The current PHP process will not run the code in that file. Instead it has to have exec permissions (safe_mode off). exec('php -c /path/to/security_tight/php.ini') (see php -?)
Catch any ouput and send it back to the browser. You are protected from any weird errors. Instead of exec I recomment popen so you can kill the process and manually control the timeout of waiting for it to finish (in case you kill that process, you can easily send back an error to the browser);
You need lax/normal security (same as the entire IDE backend) for the normal PHP process which runs when called through the browser.
You need strict and paranoid security for the php.ini and php process which runs the temporary script (go ahead and even separate it on another machine which has no network/internet access and has its state reverted to factory every hour just to be sure).
Don't use eval(), it is not suitable for this scenario. An attacker can jump out into your application and use your current permissions and variables state against you.
The basic version would be
you scripts outputs a form with a line input
The form action points to your script
The script takes the input on the form and passes it to eval
pass any output from eval to the browser
output the form again
The problem is, that defined functions and variables are lost between each request.
Would you could to is to add each line that is entered to your session. Lets say
$inputline = $_GET['line'];
$_SESSION['script'] .= $inputline . PHP_EOL;
eval($_SESSION['script'];
by this, on each session a the full PHP script is executed (and of course you will get the full output).
Another option would be to create some kind of daemon (basically an instance of a php -a call) that runs on the server in the background and gets your input from the browser and passes the output.
You could connect this daemon to two FIFO devices (one for the input and one for the output) and communicate via simple fopen.
For each user that is using your script, a new daemon process has to be spawned.
Needless to say, that it is important to secure your script against abuse.
Recently I read about a PHP interpreter written in Javascript php.js, so you could write and execute PHP code using your browser only. I'm not sure if this is what you need in the end but it sounds interesting.
We've tested some products at my university for ssh-accessing our lab servers and used some of the Web-SSH-Tools - they basically do exactly what you want. The Shell-In-A-Box-Project may be bound to any interpreter you like and may be used with an interactive php-interpreter, if desired (on the demo-page, they used a basic-interpreter). The project may serve as a basis for a true PHP-IDE. These have the advantage of being capable of interacting with any console-based editor as well (e.g. vi, emacs or nano), as well as being able to give administrative commands (e.g. creating folders, changing ownerships or ACLs or rebooting a service).
Mozilla also has a full-featured webbased IDE called Bespin, which is also highly extensible and configurable.
As you stated, that the page is not for the public, you of course have to protect the page with Authentication and SSL to combat session hijacking.