• Category Archives PHP
  • Hacking the Code

    Last Post i was talking about how to clean up a hacked web server, hopeful your server is clean now and you can get back to what you do best. But what was the hacker trying to do? What does that long string mean? I will tell you how to decode the string the safe way, and understand how it was constructed.

    The Example that I am going to use is from a real hacked website, the code that I will display is only partial but the construct will be complete. Any identifiable URLs will be changed to prevent identification and your safety.
    Lets start by identifying the code, this is what i had found at the very beginning of the page.
    <? /**/eval(base64_decode(aWYoZnVuY3Rpb25<–>KTt9fX0=)); ?>

    lets start with /**/, it looks innocent but its a way to hide the code, what the code usually used for is large blocks of comments instead of using // on each line you would start it with /* and  end with */ but what i noticed is that in bluefish and notepad++ when these are highlighted the whole line appears to be a comment, my guess is that other code scanners will look like one long comment  on that line and skip it. But this is just my conclusion and testing, very clever way to use comments.

    almost forgot the first thing to notice is the use of short tags(<?) that they use, on my personal server I have short tags disabled, I had learned that it should be disabled for security purposes, I don’t know if this holds true today. but the reason they use it is it helps hide it as a comment adding php to   it (<?php),makes it show up as php code not a comment, now its starting to unravel………

    evalEvaluate a string as PHP code

    very simple right, they need something to run there code, eval does this trick, you can even add html to the string. just another peice of the pie.

    base64_decode – it decodes base64 code, now what is base64? It was originally for email to send binary data in emails, and other uses like binary data in urls and other variables but newest use is hiding php code in a long string, the string was 2692 characters long. So what did that string have in it.

    Continue reading  Post ID 220

  • Web Site Security- what to do when you get hacked?

    Recently a Client/friend asked me to help him with his site after he found out he was hacked, in a situation like that i would gladly volunteer my time to help assess and fix the issue and prevent it from happening again. All the Guides from the major CMSs or other frameworks all have help guides to helped you when you get hacked. WordPress and Zen cart both have very good guides, but this guide should be a general help guide to getting back on track, you may have better site specific info from the company that developed the framework. Also check the forums as well for other people that have been hacked and how they fixed it and what the cause was.

    Continue reading  Post ID 220

  • Server2Go….apache on usb drive

    I was trolling through the internet and found this little application, Server2go , So i decided to look into it.

    the software contains a great list of features that any web devolper needs for presenting there app to clients, there are many other great uses for this product, to many to list.

    • Complete WAMPP Server-Stack
    • Runs directly from CD-ROM, USB Stick or Hard disk without installation
    • Full featured webserver (based on apache)
    • PHP 5.x support with many extensions installed (e.g. gd)
    • Supports SQLite databases
    • Runs on all versions of Windows from Win 98 and above, MAC OSX support is coming
    • Support for MySQL 5 Databases
    • Supports many PHP extensions (GD-Lib, PDO…) by default
    • Support for Perl 5.8

    It pretty much turns any PC into a devolopement enviroment or a portible application that can be run on almost any windows based PC.

    So after loading it up onto my USB drive unpluging it and plugging it back in, it started the server2go.exe and started apache without an error, no configuration of the server except the simple ini file to tweak the behaviour of the servers that are avaible.

    Next i started up phpmyadmin and loaded up an old test DB with the PHP app to go with it, so far so good, DB loaded up and worked great, was able to connect to mysql with the mysql client as well. After that I used the browser that opend up with the server2go app and there was my PHP web app sitting there waiting to be tested, This app is a simple login to test DB connections. It worked with out error and so far the PHP is working great with out any PEAR errors or missconfiguration………

    This is definitly being added to my tools, it may even have the ability to be a portable webserver on any home network, or even an application server for those with home business that need a simple CRM like “simple customer”.

  • OO PHP Part 1: Re-usable DB connector

    Welcome to My first Tutorial and resource for OO PHP code and classes. There are a lot of Great OOP Tutorials out there for PHP. This tutorial is not for people who don’t have the OOP concept down, this tutorial is for the person that understands the concept and just needs some great reusable code for your library of scripts and Code to make your life a little bit easier.

    Continue reading  Post ID 220