Recently I noticed that there is a PHP file with eval base_64_decode function present in my web-hosting. I decoded that file online and pasted the content here: https://pastebin.com/S2NJqiKN
I could not understand what this code is doing as I do not know PHP. Please someone take a look and tell me should I be concerned and delete this file?
This file has obfuscated code to host contents on your web server by uploading it through this script. Check your hosting account for the unwanted files. You should delete this file. I wiil also suggest you to run inurl:yourwebsiteaddress.com on google to see if there is any page that doesn't belongs to your website.
Related
I'm working on a website that is generated from a server. I have a php file where I include files that are stored on my computer and are necessary for the code to work. The files that I need are related to google calendar API like my credentials and a link to the API folder just like in the quickstart.php example of google (https://developers.google.com/google-apps/calendar/quickstart/php).
I think that storing these files on the server is not such a good idea. Is there a way for me to link local files from the server in an include or require? Or do I have to put everything on the server? And in that case how do I know the filepath to my files?
I am not in control of the server I just have acces to a small part of it. It is the school server and I'm working on one directory or so from that server so I can't do anything from root or so.
Thanks in advance and if my question is unclear please notify me so I can rephrase it.
If you want to protect the code from exposure, try PHP ionCube Encoder. So someone who has access to the server can't read the code, but still it will run correctly.
You CAN include remote files via HTTP if you can configure the server to set the following in the php.ini.
allow_url_include = On
This is NOT the normal setting as it could leave you more vulnerable to attacks. So this method is not a recommended one, but it is possible.
You should consider setting up an additional account on Google and then using that to work with. You can share the relevant calandars from your personal account with that account and thus protect yourself better.
Create a folder on your server outside of the public html folder. Go one directory above your website route directory and create your folder there. People will not be able to navigate to that new folder as it is outside of your website route. Store your sensitive files in the new folder. Then just require them in your normal files as needed. This protects your sensitive files in the event your PHP handler failed (rare but can happen) as the content of your sensitive files would not be displayed to people as plain text on your website. Remember to set appropriate folder and file ownership and permissions also on your server.
I have a code of online shop on Prestashop, and I have for example content="Shop on PrestaShop" in meta-data of current page, but when I'm trying to find that String in project in Webstorm to localize which page file it is, I get nothing.
So I guess it's some PHP magic working there. So now I have huge problem with finding proper file in order to change that String. Is it possible to check a filename and it's extension via Google developer tools? I'm starting site from server, not localhost.
You can only find the files that are delivered to client's machine in chrome developers tools by visiting:
Inspect > Sources
The server side files can be visible only if you can see them in URL. If the path is re-written using something like .htaccess in apache, then there's really nothing that you can do to find out the file.
These type of files are meant to be present only to hide the actual file path.
This is just a hypothetical question. Let's say we have a website built using CGI scripts. I find a folder within it (for ex; www.website.com/links/link.txt) and it has some basic text files. When I enter this URL on a browser, I am able to see the file "link.txt". I also know that the website is running on Apache Tomcat.
My question is, how do I (as a user) edit this link.txt file? What tools should I use?
Unless you have a web-based editor you can't edit the files directly; this is for security purposes as if you can change the file that means anyone else can too.
You will need a way to either connect to the server and edit it using a remote session, or you will need to edit the file using your computer and then upload it. Unfortunately you have already mentioned that ssh and ftp aren't working, which are the two ways I would have otherwise suggested.
I would suggest you get in touch with your site host and ask them what functionality they provide to allow you to edit files.
Hope this helps!
I'm trying to build a basic web application using the Dropbox API. I have the file upload/folder listing etc. working but cannot find in the documentation how to force the file to download to the user's browser. Is this possible?
If it is can someone point me in the right direction? I'm using the standard PHP SDK.
Dropbox.com: How do I force a file to download from the web
Force a file or folder to download
To cause the browser to download a file or folder rather than display
it, you can use dl=1 as a query parameter in your URL. For example:
https://www.dropbox.com/s/qmocfrco2t0d28o/Fluffbeast.docx?dl=1 Note
that the original share link URL may contain query string parameters
already (e.g. dl=0), so app developers should make sure to properly
parse the URL and add or modify parameters as needed.
And if that doesn't suffice you can check Wikihow: How to Force a File to Download from the Web on Dropbox, with nice screenshots.
If this is not what you had in mind you have clarified that in your question. You still can do that now.
So far, I've built a PHP script that downloads to a remote server of mine a file from Internet, provinding its URL (I've used this piece of code to download to the server).
Now I would like to upload the downloaded file on Google Drive using its API.
My question is: Is there a way to download the file directly to Google Drive, without using the server? Or I am forced to download the file first to the server and then upload it to Google Drive?
Thank you
I doubt if you can 'make' google drive get file from an external location...
However you do have an option to create a shortcut to the external file, if that suits you.
Also, If you wish continue direct upload you may refer this.
As far as I know the API doesn't allow to push files from another referer than the one that's calling the API. So, long story short:
First you need to download the file to your server, then upload it to gDrive from your server.
Read here more: https://developers.google.com/drive/examples/php#saving_files
Or here: https://developers.google.com/drive/manage-uploads