IntegraMOD

I am looking at the entire function to determine why the code is as is? Once I have determined what was intended I will update the post but for now its for people who are having trouble...

I will also have to rewrite the change style mod as it uses the same strange code... more later...
Mike

"Drop-Forged";p="14891" wrote:...I found a page that seemed to have some good advise for making php more secure with .htaccess.

I have added one more that may or may not actually do something....

Code: Select all

 RewriteEngine onRewriteRule phpbb_root_path hacker_trying_again [L]  

If it does what I think it does, it will rewrite the string "phpbb_root_path" with "hacker_trying_again". I suppose the following would be even more interesting as it would redirect everything containing that string to a web page.

Code: Select all

 RewriteRule (.*)phpbb_root_path(.*) /hacking_attempt.cgi?first=$1&last=$2  

One could even get cleverer and store the first and last parts to see what they were trying.

- John

Cheers for the update Mike, waiting on your wisdom <img>

"macarlisle";p="15068" wrote:Hey guys, I have just added the lines of code and I'm now getting this issue.

Parse error: syntax error, unexpected ':' in /home/westtexas/www/www/phpBB2/includes/functions.php on line 29

Any clues?

Yes: functions.php 2 fixes
You've most probably done just one placement...

The only ] I can see is in [b]Find[color=red]]
And that would be on line 29 if you placed it all together...
That's no code, that's where the second fix starts! <img>

Sorry about that, I didnt pay attiontion to entire line of code.

"macarlisle";p="15074" wrote:Sorry about that, I didnt pay attiontion to entire line of code.

No Problem
You are not the first, and I'm sure that it happens to many more who don't even dare to ask...

The answer to your problem will help them as well... <img>

One other interesting one concerning these changes....

Ref the style change we use a couple of links in QBar on the menu to swap styles between 'full' and 'mobile, such as:

http://www.4winmobile.com/portal.php?s=21

This works great on the PC, but not on any Windows Mobile machine using Pocket Internet Explorer.

Anyone any ideas why?

No matter which style is set that way we end up with the full default style loading.

Can we see the code in QBar?

Now that one is easy:

[flash=,:2jizgjxf]http://www.4winmobile.com/news/qbar.png[/flash:2jizgjxf]

Does that help?

You are calling portal with s=2... I assume you have added code to the portal.php at some point...
Can you post a ziped copy of it.

Mike

Erm, not sure, I think we did.

http://www.4winmobile.com/portal.zip

"twitchy";p="14471" wrote:Ive got one <img>

it actually only affects my album (so far ) wehn i try to access it it says

Hacking attempt... Details Logged

plz help

I seem to be in the same boat. (http://www.snowtire.info/forum/album.php) I've gone back through the fixes and I have the latest. Any other suggestions? Is it possible that in the initial flurry of patches I still have an old one that should be unpatched?

The other difference may be that I am using an .htaccess rewrite to moved forum directory. Could it be a problem there? (I thought I patched all the paths, etc.)


Thanks,
- John

"jwernerny";p="15144" wrote:

"twitchy";p="14471" wrote:it actually only affects my album (so far ) wehn i try to access it it says
Hacking attempt... Details Logged

I seem to be in the same boat. (http://www.snowtire.info/forum/album.php) I've gone back through the fixes and I have the latest. Any other suggestions? Is it possible that in the initial flurry of patches I still have an old one that should be unpatched?

Found it. It looks like I left in a couple of the early patches. If you are having the same problem, look to see if you still have lines that look like below and remove them. The 2nd post in this topic doesn't have them and they just cause problems.

Code: Select all

 // Hack Fixes  280806 //if(strstr($phpbb_root_path, '"')){     die('Hacking attempt... Details Logged');     exit;}if($phpbb_root_path[0] != '.' && $phpbb_root_path[1] != '/' || $phpbb_root_path[0] != '.' && $phpbb_root_path[1] != '.'){       $phpbb_root_path = './';            die('Hacking attempt... Details Logged'); exit;}// Hack Fixes  280806 //  

- John (Who is learning more about PHP then he really wanted to.)

"jwernerny";p="15152" wrote:

"jwernerny";p="15144" wrote:

"twitchy";p="14471" wrote:it actually only affects my album (so far ) wehn i try to access it it says
Hacking attempt... Details Logged

I seem to be in the same boat. (http://www.snowtire.info/forum/album.php) I've gone back through the fixes and I have the latest. Any other suggestions? Is it possible that in the initial flurry of patches I still have an old one that should be unpatched?

Found it. It looks like I left in a couple of the early patches. If you are having the same problem, look to see if you still have lines that look like below and remove them. The 2nd post in this topic doesn't have them and they just cause problems.

Code: Select all

 // Hack Fixes  280806 //if(strstr($phpbb_root_path, '"')){     die('Hacking attempt... Details Logged');     exit;}if($phpbb_root_path[0] != '.' && $phpbb_root_path[1] != '/' || $phpbb_root_path[0] != '.' && $phpbb_root_path[1] != '.'){       $phpbb_root_path = './';            die('Hacking attempt... Details Logged'); exit;}// Hack Fixes  280806 //  

- John (Who is learning more about PHP then he really wanted to.)

I still have those lines in, and I'm not getting any problems. You guys probably distorted the syntax somewhere when doing the updates.

Here's my code, and my site works fine

[quote]<?php
/***************************************************************************
* functions.php
* -------------------
* begin ]

computerz, the code is fine but a bit restrictive for some mods...

If someone has a mod installed outside the root path (which can happen) or in an unusual path inside the root the fix will block them unless they add the path to the code...

It is safe to remove the code as IN_PHPHBB cannot be set by the hackers and it would need to be for a hack to work... I added the php_root_path check because several site informed they were still being hacked even after adding the IN_PHPBB... as it turned out they had other security problems...

Mike