On GEDCOM download: "Hackers not W...
Brought to you by:
canajun2eh,
yalnifj
Menu
▾
▴
When I try to download GEDCOM file, I am presented the message "Hackers not Welcome Here."
This is on a fresh install of PhpGedView 4.2.4 stable, the GEDCOM file is from PhpGedView 4.2.3 and operates as expected. The file used to supply the files is: PhpGedView-all-4.2.4.zip.
I have tried different browsers (FireFox 3.6.12, Internet Explorer 8.0)
I have tried different download configurations (i.e.: Zip File Yes/NO)
I removed the PHP installation and the database and performed a fresh install. After uploasding the GEDCOM, I immediately tried to download and received the same error.
Can anyone shed some light on this? What have I overlooked?
Thanks in advance for any help.
Check the log file that PhpGedView records. There should be an explanation of what piece of the hacker detection code triggered the message.
I think it's the version of Firefox you're running - it's too old. You should really be running Firefox 5.0 or 6.0.
Thanks for your response. I had already tried two different browsers so it didn't look like a browser error, I did upgrade to Firefox 6.0, surprised to see that they had upgraded to that level so quickly, doesn't seem that it was that long ago that I had upgraded. After upgrading Firefox tried to download and was presented with the same error.
Should have looked at the log file first. I seldom have had to use the log file before so it went over my head. This is the relevant error log output:
28.08.2011 07:41:52 - ##.##.###.## - ***** - Login Successful
28.08.2011 07:44:13 - ##.##.###.## - Anonymous - MSG>Attempt escape from PGV directory; script terminated.
28.08.2011 07:44:13 - ##.##.###.## - Anonymous - UA>Mozilla/5.0 (Windows NT 5.1; rv:6.0) Gecko/20100101 Firefox/6.0<
28.08.2011 07:44:13 - ##.##.###.## - Anonymous - URI>/php/downloadgedcom.php?action=download&ged=**********.ged&filetype=gedcom&privatize_export=none&conv_path=%E2%80%8E..%2Fphp_media%2F*************%2F%E2%80%8E&conv_slashes=forward<
Googled "Attempt escape from PGV directory" and found the following information from:
https://sourceforge.net/tracker/?func=detail&aid=3152857&group_id=55456&atid=477081
Replacement for "includes/session_spider.php" for 4.2.3 and SVN versions.
Adds check for new hacking attempt to escape from PGV directory. Also adds "bingbot" and "archive.org_bot" to the list of search engines that don't need to be logged.
The 4.2.4 installation has a session_spider.php file dated 2011-01-13.
The tracker archive contains a session_spider.php file dated 2011-01-07.
My local Unbuntu 4.2.3 installation has a session_spider.php file dated 2009-12-26.
Tried replacing using files supplied in the tracker archive: This resulted in the same error when attempting to download.
Replaced session_spider.php with the file from my local 4.2.3 installation session_spider.php and was able to download the GEDCOM without problem.
I then upgraded my local 4.2.3 installation with files supplied in the archive I experienced the same problem when trying to download GEDCOM files with the same "Hackers not welcome here" message.
SUMMARY: Fresh live installation of PhpGedView 4.2.4. "Hackers not welcome here" message when attempting to download GEDCOMs in PhpGedView release 4.2.4. Problem observed using Firefox 3.6.12 and 6.0, also Internet Explorer 8.0. Problem observed on local Unbuntu and also shared hosting environments.
Problem was solved by replacing session_spider.php in the 4.2.4 installation dated 2011-01-13 with the session_spider.php file from my local 4.2.3 installation dated 2009-12-26.
Local Unbuntu 4.2.3 exhibited same problem when tracker/patch 3152857 applied.
Once again, thank you for your response and assistance.
You are strongly urged to NOT continue using the session_spider.php file from the original 4.2.3.
Please reveal to us the precise value you entered into the "convert media path" field. No obfuscation please!
You encountered problems because you entered an unexpected value into this field. Normally, you'd just leave it alone. PGV will, on re-import of this file, do the proper path conversions without you having to worry about it.
Please read the Help text associated with this field for an explanation of how it's expected to be used.