View previous topic :: View next topic |
Author |
Message |
faceless admin
Joined: 25 Apr 2006
|
Posted: Tue Jan 28, 2014 9:06 pm Post subject: |
|
|
|
|
ah right, well it sounds like you will have to rewrite things then - but I'm sure there's an easy way to convert your code without having to do it manually |
|
Back to top |
|
|
luke
Joined: 11 Feb 2007 Location: by the sea
|
Posted: Tue Jan 28, 2014 9:19 pm Post subject: |
|
|
|
|
yeah its pretty simple to fix, i've already fixed the site that was hacked apart from two pages which are a bit different from everything else
looks like they used a tool called Havij http://itsecteam.com/products/havij-advanced-sql-injection/
i can see how they exploited the site to run a query, but i'm not sure how they managed to view the results from the queries |
|
Back to top |
|
|
luke
Joined: 11 Feb 2007 Location: by the sea
|
Posted: Mon Mar 17, 2014 3:48 pm Post subject: |
|
|
|
|
i got a problem with a site ... again!
this site has a page which is accessible from another site, and only from that other site
up until now i've been checking the http referrer, if the referrer is valid i display the page
the problem is the boss ( who i'm trying to win some work from! ) of this other site has some software or setup thats not sending the http referrer. and looking through the logs, it does happen now and then. googling the problem, there is an option in ie, or settings you can change in other browsers or privacy or security software that prevents the http referrer being sent, and its recommended not to rely on it for anything important.
so now i can't use that to validate the request, how can i?!
i've googled and i can't find anything, but there must be a way ... |
|
Back to top |
|
|
faceless admin
Joined: 25 Apr 2006
|
Posted: Mon Mar 17, 2014 5:25 pm Post subject: |
|
|
|
|
a cookie? I've never really used them myself, but it sounds like it should do the trick |
|
Back to top |
|
|
luke
Joined: 11 Feb 2007 Location: by the sea
|
Posted: Mon Mar 17, 2014 7:44 pm Post subject: |
|
|
|
|
no it won't work, i did actually say the other week i had a fix for it, and i'd based that around the idea of checking for the existence of their members cookie - not realising that for security reasons you can't check cookies from one site set by another site!
i've been thinking about this for a while now, and i can't think of a solution. without the http referrer, and not being able to check for the existence of a cookie set by the other site, i just don't know how it can be done - but i'm going to have to come up with some blag as to why i said i had a fix! |
|
Back to top |
|
|
faceless admin
Joined: 25 Apr 2006
|
Posted: Mon Mar 17, 2014 9:23 pm Post subject: |
|
|
|
|
Could you do it inside a protected frame like I do with some pages here? If the page isn't loaded inside the frame the redirect makes any browser go to where it should be.
Put this in the HEAD and it works.
Code: | <script>
if(self.location==top.location)self.location="http://couchtripper.com/forum2/viewtopic.php?t=12771";
</script> |
|
|
Back to top |
|
|
luke
Joined: 11 Feb 2007 Location: by the sea
|
Posted: Fri Mar 21, 2014 12:43 pm Post subject: |
|
|
|
|
sorry for the delay, had some trouble with a site this week, and i'm getting ready to move all the sites to a new server
it could possibly work in a way - and it might have to - but i don't think it would be the best or a very secure way of doing it.
at the moment, this other site has a link to say www.mysite.com/for-their-members-page/ and if the http referrer is http://www.theirsite.com/members/ i know its a valid request from their site from within their members area which they have had to sign into
i know the http referrer can be faked, but you know - even nasa can be hacked
i guess to do your solution, instead of them clicking to go to www.mysite.com/for-their-members-page/ they'd click to go to another page on their site like http://www.theirsite.com/members/mysite-frameset/, that if they was logged in would set up a frameset, which would load my page from my site, which would then run the javascript to check it was inside the frameset set by their members area ... its kinda messy and can be broken, but it might be the best solution at the moment!
thinking about it, i might use this as a fall-back - if the http referrer doesn't exist in the existing check, jump automatically back to their site to run the frameset which will only run if their member cookie exists. thanks
the blag i'm going to say for why i said i had a proper solution is that if they give me the work i bid for, and they moved their site over to my server, i can run sql queries from either site on the other sites database to either check that the ip is logged in and valid, or to get the content from the other site while being able to check for their members cookie - all server side so it can't be broken. |
|
Back to top |
|
|
luke
Joined: 11 Feb 2007 Location: by the sea
|
Posted: Mon Mar 24, 2014 9:23 pm Post subject: |
|
|
|
|
i just wanted to say, fuck linux and its case sensitive nonsense! even on table names!! |
|
Back to top |
|
|
Brown Sauce
Joined: 07 Jan 2007
|
|
Back to top |
|
|
luke
Joined: 11 Feb 2007 Location: by the sea
|
Posted: Wed Mar 26, 2014 1:31 pm Post subject: |
|
|
|
|
yeah i can see that, i was kinda pissed off when i wrote that!
i'm in the process of moving everything to a new linux server; i started testing the sites and all the sql was failing. in my local databases, and my code, all table names are called something like tblDocuments, tblPages etc - although up until now case has never mattered - but somewhere along the way from my local machine to the old server to this new server, mysql has made all the table names lower case, so i had to rename every table for every site to match the code.
do you use linux much?
i've got an old desktop machine that i'd like to set up with linux, apache, mysql and coldfusion. i see you can get xampp for linux so i'll just use that, but do you know a decent and easy to set up version of linux?
anyone have any experience of virtualbox? https://www.virtualbox.org/ http://en.wikipedia.org/wiki/VirtualBox
looks like i could install and run linux from my windows desktop |
|
Back to top |
|
|
Brown Sauce
Joined: 07 Jan 2007
|
Posted: Wed Mar 26, 2014 7:39 pm Post subject: |
|
|
|
|
I use linux every day. I gave up with xammp it was too slow, and really I needed the terminal. Windows is too complicated, and all the useful info revolves around linux. Most of my stuff is drupal and php, so needs linux.
I also have a vps, it is ubuntu and I can easily ssh to it from the virtualbox on windows. It makes life a lot easier.
it's free, and there is so much info about installing the lamp stack for instance that it's so easy to do.
if you need tuts about any of it let me know. i have gigs of the shit.
take a look at squqs.com tell me what you think .. |
|
Back to top |
|
|
luke
Joined: 11 Feb 2007 Location: by the sea
|
Posted: Fri Mar 28, 2014 3:46 pm Post subject: |
|
|
|
|
thanks sauce, i think i'm going to try ubuntu through the virtual box first. i've never had trouble with xampp being slow, coldfusion has always run fine on it - even on my old computer. i'll see what its like running on linux through virtual box from windows though!
is there some sort of weird difference with sorting folders/files by name on linux?
on one site a few members can upload cd's/dvd's via ftp, and my code goes through the folders/files displaying the info so other members can download
on windows, i just set the sort by folder name, and then by filename
on linux, no matter what i do - the order is totally random!
maybe its a bug with coldfusion on linux, but i googled the problem and noone else seems to have it
|
|
Back to top |
|
|
luke
Joined: 11 Feb 2007 Location: by the sea
|
Posted: Fri Mar 28, 2014 4:15 pm Post subject: |
|
|
|
|
scrap that, fixed it in linux, its just a simple sort by 'name', whereas windows i had to sort by 'directory' and 'file' |
|
Back to top |
|
|
luke
Joined: 11 Feb 2007 Location: by the sea
|
Posted: Thu May 15, 2014 6:37 pm Post subject: |
|
|
|
|
i was wondering if anyone has any ideas whats going on here ...
these are files/folders uploaded from a dvd to a linux server
on some filenames, what were spaces have been changed to some strange character, but not always - and sometimes a single file can contain a normal space and the strange character instead of the space?
in the ftp they look normal - no weird characters. but when i grab them through my code, they come back like this. if i rename via ftp and delete what looks in the ftp like a space, and replace with a space, they come back fine
these strange characters are messing with my system! |
|
Back to top |
|
|
faceless admin
Joined: 25 Apr 2006
|
Posted: Thu May 15, 2014 11:37 pm Post subject: |
|
|
|
|
I think that's the reason files from the scene always have.fullstops.between.words - I'd say to try at the server software forum. |
|
Back to top |
|
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You can attach files in this forum You can download files in this forum
|
Couchtripper - 2005-2015
|