Ravens PHP Scripts: Forums
 

 
  Forum Index  •  Forum FAQ  •  Search  •  Memberlist  •  Usergroups  •  Profile  •  Log in to check your private messages  •  Log in

Hack Alert - 404 page?
 View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Hack Attempt Script
Author Message
Panthera
Hangin' Around



Joined: May 16, 2004
Posts: 28
Location: Northern California, USA
PostPosted: Sun May 16, 2004 11:28 pm Reply with quote
Hello!

I am just recovering from my first hack and my head is still spinning. I installed the Hack Alert but when I test it I get my own 404 Error page.

Here is what I inserted:

Code:
// Raven http://ravenphpscripts.com


$queryString = strtolower($HTTP_SERVER_VARS['QUERY_STRING']);


if (strstr($queryString,'%20union%20') OR strstr($queryString,'/*')) {


   header("Location: hackattempt.php?$queryString");


   die();


}



Admittedly, I'm a phpNuke newbie (running 7.1) but I cannot find the $LOC in the coding. Am I missing something??

Quote:
- NOTE: SOME SETUPS REQUIRE THE TRAILING SLASH AFTER THE $LOC AND SOME WILL NOT WORK IF THE TRAILING SLASH IS PRESENT. IF YOU ARE EXPERIENCING PROBLEMS THEN TRY ADDING/REMOVING THE TRAILING SLASH AS NEEDED.


Only registered users can see links on this board! Get registered or login!

What am I doing wrong?

Panthera
 
View user's profile Send private message Yahoo Messenger
Raven
Site Admin/Owner



Joined: Aug 27, 2002
Posts: 17088
PostPosted: Mon May 17, 2004 12:05 am Reply with quote
First of all, make sure that you have the hackattempt.php file in the same directory as mainfile.php. Now, the $LOC has been changed to $queryString and I forgot to update the statement in the INSTALL file - sorry (it's fixed now)! So, try this
Code:
// Raven http://ravenphpscripts.com 


$queryString = strtolower($HTTP_SERVER_VARS['QUERY_STRING']); 


if (strstr($queryString,'%20union%20') OR strstr($queryString,'/*')) { 


   header("Location: hackattempt.php?$queryString/"); 


   die(); 


}
 
View user's profile Send private message
Panthera
PostPosted: Mon May 17, 2004 12:47 am Reply with quote
Raven wrote:
First of all, make sure that you have the hackattempt.php file in the same directory as mainfile.php.


Hi Raven,

Thanks for the quick reply. They are in the same directory and I updated the code to the above you included. I still get my own 404 Error page.

Should I replace the code that is there currently? Or just place it above it? [I replaced it]

Code:
$queryString = strtolower($_SERVER['QUERY_STRING']); 


if (strstr($queryString,'%20union%20') OR strstr($queryString,'/*')) { 


header("Location: index.php"); 


die(); 


}


Thanks!
 
Raven
PostPosted: Mon May 17, 2004 12:53 am Reply with quote
Replace it. Make sure you don't have a typo in the script name. Review the error message to see what path it is attempting to goto. That should give an indication as to the pathing error. Try this if nothing else works
Code:
header("Location: http://yourdomain.com/hackattempt.php?$queryString");
Of course adjust the url to point to the script.
 
Panthera
PostPosted: Mon May 17, 2004 1:17 am Reply with quote
Well, it doesn't look as if there are any typos ... i tried expanding the path location as you suggested and then back again.
Code:
// Raven http://ravenphpscripts.com 


$queryString = strtolower($HTTP_SERVER_VARS['QUERY_STRING']); 


if (strstr($queryString,'%20union%20') OR strstr($queryString,'/*')) { 


   header("Location: hackattempt.php?$queryString/"); 


   die(); 


}


I still get my own 404 page. Crying or Very sad

Here is what shows at the bottom of that page:
Code:
http://ravenphpscripts.com/modules.php?name=Forums&file=viewtopic&p=10457 69.104.2.35 /modules.php?name=Web_Links&l_op=viewlink&cid=1%20union%20select www.dabat.com Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; AT&T CSM6.0; yie6) 404


I'm at a loss. It should be so simple ...

Panthera
 
Panthera
PostPosted: Mon May 17, 2004 1:21 am Reply with quote
Oh, and I have tried it with and without the trailing slash / at the end of the location string. Confused
 
bones
Hangin' Around



Joined: Sep 18, 2003
Posts: 36
PostPosted: Mon May 17, 2004 1:54 am Reply with quote
no wonder you have the wrong url which is http://www.ravenphpscripts.com/modules.php? change that to your url.
 
View user's profile Send private message Visit poster's website
Panthera
PostPosted: Mon May 17, 2004 7:32 am Reply with quote
hey bones,

that bit with raven's url just is showing i ran that link from this site. same thing happens when i run http://www.dabat.com/modules.php?name=Web_Links&l_op=viewlink&cid=1%20union%20select from my site.
 
Raven
PostPosted: Mon May 17, 2004 8:58 am Reply with quote
Is your site url in Admin Preferences http://www.dabat.com/portal ? That's what your site shows for your main page. If you type http://www.dabat.com/portal/modules.php?name=Web_Links&l_op=viewlink&cid=1%20union%20select , does that work?
 
Panthera
PostPosted: Mon May 17, 2004 12:58 pm Reply with quote
Raven wrote:
If you type http://www.dabat.com/portal/modules.php?name=Web_Links&l_op=viewlink&cid=1%20union%20select , does that work?


Bless you Raven!!! Mr. Green

And I am BLIND!!!!!!! and feeling stupid for missing such a simple thing Embarassed

Yes, it works beautifully now!

Hugs, Panthera
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Hack Attempt Script


 Jump to:   




View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©