#2876 "Hackers not wanted Here" GedCom Download

closed-rejected
nobody
None
5
2011-08-30
2011-08-28
Techengineer
No

This was covered in the Help Forum.

This is the relevant error log output:

28.08.2011 07:41:52 - ##.##.###.## - ***** - Login Successful
28.08.2011 07:44:13 - ##.##.###.## - Anonymous - MSG>Attempt escape from PGV directory; script terminated.
28.08.2011 07:44:13 - ##.##.###.## - Anonymous - UA>Mozilla/5.0 (Windows NT 5.1; rv:6.0) Gecko/20100101 Firefox/6.0<
28.08.2011 07:44:13 - ##.##.###.## - Anonymous - URI>/php/downloadgedcom.php?action=download&ged=**********.ged&filetype=gedcom&privatize_export=none&conv_path=%E2%80%8E..%2Fphp_media%2F*************%2F%E2%80%8E&conv_slashes=forward<

Googled "Attempt escape from PGV directory" and found the following information from:

https://sourceforge.net/tracker/?func=detail&aid=3152857&group_id=55456&atid=477081

Replacement for "includes/session_spider.php" for 4.2.3 and SVN versions.
Adds check for new hacking attempt to escape from PGV directory. Also adds "bingbot" and "archive.org_bot" to the list of search engines that don't need to be logged.

The 4.2.4 installation has a session_spider.php file dated 2011-01-13.

The tracker archive contains a session_spider.php file dated 2011-01-07.

My local Unbuntu 4.2.3 installation has a session_spider.php file dated 2009-12-26.

Tried replacing using files supplied in the archive and which resulted in the same error when attempting to download.

Replaced session_spider.php with the file from my local 4.2.3 installation session_spider.php and was able to download the GEDCOM without problem.

I then upgraded my local 4.2.3 installation with files supplied in the archive and was unable to to download GEDCOM files with the same "Hackers not welcome here" message.

SUMMARY: Fresh live installation of PhpGedView 4.2.4. "Hackers not welcome here" message when attempting to download GEDCOMs in PhpGedView release 4.2.4. Problem observed using Firefox 3.6.12 and 6.0, also Internet Explorer 8.0. Problem observed on local Unbuntu and also shared hosting environments.

Problem was solved by replacing session_spider.php in the 4.2.4 installation dated 2011-01-13 with the session_spider.php file from my local 4.2.3 installation dated 2009-12-26.

Local Unbuntu 4.2.3 exhibited same problem when tracker/patch 3152857 applied.

Discussion

  • Gerry Kroll
    Gerry Kroll
    2011-08-30

    Problem is caused by entering an incorrect value into the "Convert media path to" field. The Help text associated with this field indicates what's expected.

    Normally, the field is pre-filled with "media/" and does not need to be changed.

     
  • Gerry Kroll
    Gerry Kroll
    2011-08-30

    • status: open --> closed-rejected