Work at SourceForge, help us to make it a better place! We have an immediate need for a Support Technician in our San Francisco or Denver office.

Close

#2877 "Hackers not wanted Here" GedCom Download

closed-duplicate
nobody
None
5
2011-08-30
2011-08-28
Techengineer
No

This was covered in the Help Forum.

This is the relevant error log output:

28.08.2011 07:41:52 - ##.##.###.## - ***** - Login Successful
28.08.2011 07:44:13 - ##.##.###.## - Anonymous - MSG>Attempt escape from PGV directory; script terminated.
28.08.2011 07:44:13 - ##.##.###.## - Anonymous - UA>Mozilla/5.0 (Windows NT 5.1; rv:6.0) Gecko/20100101 Firefox/6.0<
28.08.2011 07:44:13 - ##.##.###.## - Anonymous - URI>/php/downloadgedcom.php?action=download&ged=**********.ged&filetype=gedcom&privatize_export=none&conv_path=%E2%80%8E..%2Fphp_media%2F*************%2F%E2%80%8E&conv_slashes=forward<

Googled "Attempt escape from PGV directory" and found the following information from:

https://sourceforge.net/tracker/?func=detail&aid=3152857&group_id=55456&atid=477081

Replacement for "includes/session_spider.php" for 4.2.3 and SVN versions.
Adds check for new hacking attempt to escape from PGV directory. Also adds "bingbot" and "archive.org_bot" to the list of search engines that don't need to be logged.

The 4.2.4 installation has a session_spider.php file dated 2011-01-13.

The tracker archive contains a session_spider.php file dated 2011-01-07.

My local Unbuntu 4.2.3 installation has a session_spider.php file dated 2009-12-26.

Tried replacing using files supplied in the archive and which resulted in the same error when attempting to download.

Replaced session_spider.php with the file from my local 4.2.3 installation session_spider.php and was able to download the GEDCOM without problem.

I then upgraded my local 4.2.3 installation with files supplied in the archive and was unable to to download GEDCOM files with the same "Hackers not welcome here" message.

SUMMARY: Fresh live installation of PhpGedView 4.2.4. "Hackers not welcome here" message when attempting to download GEDCOMs in PhpGedView release 4.2.4. Problem observed using Firefox 3.6.12 and 6.0, also Internet Explorer 8.0. Problem observed on local Unbuntu and also shared hosting environments.

Problem was solved by replacing session_spider.php in the 4.2.4 installation dated 2011-01-13 with the session_spider.php file from my local 4.2.3 installation dated 2009-12-26.

Local Unbuntu 4.2.3 exhibited same problem when tracker/patch 3152857 applied.

Discussion

  • Gerry Kroll
    Gerry Kroll
    2011-08-30

    • status: open --> closed-duplicate