• Tag Archives PHP
  • Hacking the Code

    Last Post i was talking about how to clean up a hacked web server, hopeful your server is clean now and you can get back to what you do best. But what was the hacker trying to do? What does that long string mean? I will tell you how to decode the string the safe way, and understand how it was constructed.

    The Example that I am going to use is from a real hacked website, the code that I will display is only partial but the construct will be complete. Any identifiable URLs will be changed to prevent identification and your safety.
    Lets start by identifying the code, this is what i had found at the very beginning of the page.
    <? /**/eval(base64_decode(aWYoZnVuY3Rpb25<–>KTt9fX0=)); ?>

    lets start with /**/, it looks innocent but its a way to hide the code, what the code usually used for is large blocks of comments instead of using // on each line you would start it with /* and  end with */ but what i noticed is that in bluefish and notepad++ when these are highlighted the whole line appears to be a comment, my guess is that other code scanners will look like one long comment  on that line and skip it. But this is just my conclusion and testing, very clever way to use comments.

    almost forgot the first thing to notice is the use of short tags(<?) that they use, on my personal server I have short tags disabled, I had learned that it should be disabled for security purposes, I don’t know if this holds true today. but the reason they use it is it helps hide it as a comment adding php to   it (<?php),makes it show up as php code not a comment, now its starting to unravel………

    evalEvaluate a string as PHP code

    very simple right, they need something to run there code, eval does this trick, you can even add html to the string. just another peice of the pie.

    base64_decode – it decodes base64 code, now what is base64? It was originally for email to send binary data in emails, and other uses like binary data in urls and other variables but newest use is hiding php code in a long string, the string was 2692 characters long. So what did that string have in it.

    Continue reading  Post ID 220


  • Web Site Security- what to do when you get hacked?

    Recently a Client/friend asked me to help him with his site after he found out he was hacked, in a situation like that i would gladly volunteer my time to help assess and fix the issue and prevent it from happening again. All the Guides from the major CMSs or other frameworks all have help guides to helped you when you get hacked. WordPress and Zen cart both have very good guides, but this guide should be a general help guide to getting back on track, you may have better site specific info from the company that developed the framework. Also check the forums as well for other people that have been hacked and how they fixed it and what the cause was.

    Continue reading  Post ID 220


  • HalloweenCenter.net project

    I am Currently working on a Google Maps Integration For another Word Press Blog at Halloweencenter.net and hauntedmaps.com, Its Been a Fun project with some great challenges and a great learning experience,

    hopefully it will be completely finished sometime this week with no other issues at hand, but My personal Goal with this project is an easily integrated map with DB support for markers, directions and a unique way of administrating the inputted markers by the users. My idea for this to work is a Unique Link created when the site or marker was put into the DB, after that the person who created the the marker can now go to that link and update certain parts of the entry, like the description and other non critical Data. later this Week I will Post some of the Code and the Basics of how it works, and Hopeful create some reusable Code for your own project.

    but for right now i will be concentrating on getting my themes and my other WP content setup so it looks as Good as other WP sites

    I have to Give a Shout to Leo, he did give me some great inspiration to start up my own site..