Recently one of my client website was hacked When I checked the source code of the website it was fine(No such hacking information was there),
But when I checked the same with firebug it was showing different i.e hacked code with some iframes,
Then I tried to use file_get_content() function to display the index page which was displayed as hacked but when I tried to check the source of the website with file_get_content() again no such hacking information was there.
In such scenrio how i can get the actual source of the webpage in PHP
I would Suggest Using
FTP
to the source documents or find the source documents on your own server and use an editor to look for the bad code.
If you don't have FTP access or access to the source files then you need to get that access.
I use
FileZilla FTP Client
I know this Doesn't Help In Your Question But There Could Be More Wrong With Source Files then some simple IFrames.
If you still don't see any Problems With The Source Files Then There Most Likely Isn't Anything In That File And Not Added Somewere else with:
include 'file.php';
or
require_once 'file.php';
To Use PHP file_get_contents please refer to http://php.net/manual/en/function.file-get-contents.php
You could run a search:
$text = file_get_contents('http://test.com/home.html');
if(strpos($text, "<IFrame")!==false)
{
echo('IFrame found');
}
else {
echo('IFrame Not found');
}
Or
if(preg_match('/^<iframe /',$text)){
echo 'That has an iframe using Regular Expressions!!';
}
If that still doesn't help then always use a backup system when done with a change back up. Restore A Back up of said site or files see if that helps.
Related
the dilemma I have is my website index.php calls to a template php file on a button press like this:
case 'main':
$page = getTemplate('main.php', array('user'=>$user));
echo $page;
break;
This main.php template file is in a folder in "/var/www/template/" How do I stop people going to: domain.com/template/main.php and viewing the code for that page. I think the solution would be to make the localhost be able to pull the it and display it rather than the user or something along those lines. Any help would be appreciated thank you.
Like a comment said, the PHP file will not be printed, it will print the HTML result that the php file produce.
Maybe it produces some errors indicating vulnerabilities to a potential attacker ? If that's your case, you should handle this directly into the php code or use a .htaccess at the root of your site. You can't find some help there.
How to deny access to a file in .htaccess
Managed to fix this by putting this at the top of the php page I wanted to render:
<?php
if (!isset($_GET['page'])) {
header('Location: /main');
exit();
}
?>
This means if someone goes "domain.com/template/main.php" to attempt to view the source code, it will redirect them back to the main webpage for my site. Thanks for your suggestions however.
I have this code inside of my header
<?php
define('RELPATH','http://www.saint57records.com/');
include_once(RELPATH.'sidebar.php');
?>
and an example line of code in the sidebar
<img style="margin:10px;" src="<?php print RELPATH;?>images/logo.png" width="60px"/>
but when it gets to the page it includes the file correctly but all the links inside of the file just print RELPATH instead of the web url like this
<img style="margin:10px;" src="RELPATHimages/logo.png" width="60px"/>
It works fine on the other pages of my website, just not inside of Wordpress. Does anyone know what might be causing this issue?
The short answer is to provide a filesystem path to RELPATH, not a web URL.
The long answer is that when you use a web URL to include a PHP file, the PHP file will be treated like an external source. It will be called remotely, executed in a process of its own, and return the results. A constant defined previously can not have an effect in this remote resource.
If http://www.saint57records.com/ is on a different server, you'll have to pass RELPATH to it some other way, e.g. through a GET variable (which you'd have to sanitize with htmlentities() prior to use.) However, including content from a remote server in this way isn't good practice. It'll slow down your page as it'll make an expensive web request. If the target server is down, your page will time out.
I do not care about people viewing my source code, however, I want Bots to avoid coming on to my site and getting through my security. I was hoping to disable page source viewing. To do this, I am using this code:
$url= $_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
$needle = "view-source:";
if (strpos($url,$needle)) { echo "You can not see me";}
else {
//The rest of my index page
}
The objective here is that if someone tries to view my page source or if a bot tries to, that rather than being able to see it, the code will detect that the page URL is view-source:www.yoururl.com and will display a "Nice try" message in the source instead of the page source. The code above in theory should have worked, but didn't. Any other idea's to try and make this work?
This cannot be done, the HTML source code is passed to whoever requests it. You should probably redesign your captcha, as it is not secure from how you described it. Use session variables to store the data and to check against the submitted value on the form processor script.
you could use mod_rewrite and a permanent 301 redirect in your .htaccess to hide the ?captcha=xxxx part of your url, if it is your sole concern.
I am experiencing some very strange behavior when including a php file.
I need to load a script that is not on the same domain as the page that will be calling it.
I have already created a system that works using cURL, but I just recently found out that many of the sites that will need to have access to this script, do not have cURL installed.
I did, however, notice that these sites have allow_url_fopen set to on. With this knowledge I got started creating a new system that would let me just include the script on the remote site.
Just testing this out, I coded the script test.php as follows:
<?php
echo("test");
?>
I include this script on the remote page using:
<?php
include("http://mydomain.com/script.php");
?>
and it works no problem and "test" is printed at the top of the page.
However, if I add a function to the script and try to call the function from the page, it crashes.
To make it worse, this site has php errors turned off and I have no way of turning it on.
To fully make sure that I didn't just mess up the code, I made my test.php look like this:
<?php
function myfunc()
{
return "abc";
}
?>
Then on the page including the file:
<?php
include("http://mydomain.com/script.php");
echo(myfunc());
?>
And it crashes.
Any ideas would be greatly appreciated.
This is not odd behavior, but since you load the file over the internet (note in this case the World Wide Web), the file is interpreted before it is sent to your include function.
Since the script is interpreted no functions will be visible, but only the output of the script.
Either load it over FTP or create an API for the functions.
My guess: The PHP of http://mydomain.com/script.php is interpreted by the web server of mydomain.com. All you're including is the result of that script. For a simple echo("test"), that's "test". Functions do not produce any output and are not made available to the including script. Confirm this by simply visiting http://mydomain.com/script.php in your browser and see what you get. You would need to stop mydomain.com from actually interpreting the PHP file and just returning it as pure text.
But: this sounds like a bad idea to begin with. Cross-domain includes are an anti-patterns. Not only does it open you up to security problems, it also makes every page load unnecessarily slow. If cross-domain inclusions is the answer, your question is wrong.
You are including the client side output from test.php rather than the server-side source code. Rename test.php to test.phpc to prevent executing the script. However this is dangerous out of security point of view.
I've never seen this before, and am not even really sure I can explain it properly, but I desperately need a solution.
My website uses header and footer files. When you access the files directly from the browser, they work fine. But when I access them through another file using the "include" function, the queries on the files do not work.
In my case, the header and footer files need to establish whether or not the viewer is logged in. And the files work just fine on their own. If I access the files directly through the browser (by address: website/html/header.php), the queries function and the results are correct.
If I go to my index.php page, which uses: include("$webpath/html/header.php"); the queries in the header.php file do not return the correct data.
I've just recently transferred the website to a new webhost. The files were working just fine on the previous webhost, so I'm assuming it's a setting or something in the webhost? Althought I don't see anything relating to that in my control panel, and the webhost swears that it should function properly.
Any ideas? I would greatly appreciate any input.
You could always do:
<?php
function loadContent($file){
if(!file_exists($file)){die($file.' not found.');}
ob_start();
require($file);
$return = ob_get_contents();
ob_end_clean();
return $return;
}
echo loadContent("$webpath/html/header.php");
?>