|
PHP - Drive-by Downloads
Not sure if I'm putting this in the correct spot, but,
Can anyone give me a link or an idea of how to fix Drive-By downloads I have on a site I have created? Everything I search for online brings up how to repair an issue someone may have gotten on their computer from a drive-by download, but nothing talks about repairing it on the actual site itself. I don't have any injections or anything, but doing a check on my site from the norton site shows that I have 1 Threat and it's on a contact form page due to Drive-By Downloads, is this from the php tags on the form not being stripped or from the javascript possibly? Some old lady submitted my site to http://safeweb.norton.com/report/show?url=gotmine.com, now I have to fix it I guess. Any help would be great, Thanks. Similar TutorialsHi all, I've tried many, many variations of php download script using readfile() fread() fpassthru() etc... but none seem reliable. I can download small files perfectly fine, but say I have a 30 or 90mb zip file the download ocassionally bombs out and says the download is complete even though the full file hasn't been transferred. I have tired it on several browsers with pretty much the same issue. The interesting bit for me is that if I download the same file across different browsers (whether or not they start at the same time or not) on my computer the download stops at the same time (not same point into download) for each browser. Its as if the connection is being reset on my website on a global basis... The important part of my script as it is at the moment: Code: [Select] // resumable download? $is_resume = TRUE; //Gather relevant info about file $size = filesize($path); $fileinfo = pathinfo($path); @ini_set('magic_quotes_runtime', 0); set_time_limit(0); apache_setenv('no-gzip', '1'); mb_http_output("pass"); // required for IE, otherwise Content-disposition is ignored if(ini_get('zlib.output_compression')) { ini_set('zlib.output_compression', 'Off'); } //workaround for IE filename bug with multiple periods / multiple dots in filename //that adds square brackets to filename - eg. setup.abc.exe becomes setup[1].abc.exe $filename = (strstr($_SERVER['HTTP_USER_AGENT'], 'MSIE')) ? preg_replace('/\./', '%2e', $fileinfo['basename'], substr_count($fileinfo['basename'], '.') - 1) : $fileinfo['basename']; $file_extension = strtolower($fileinfo['extension']); //This will set the Content-Type to the appropriate setting for the file switch($file_extension) { case 'zip': $ctype='application/zip'; break; case 'pdf': $ctype='application/pdf'; break; default: $ctype='application/force-download'; } //check if http_range is sent by browser (or download manager) if($is_resume && isset($_SERVER['HTTP_RANGE'])) { list($size_unit, $range_orig) = explode('=', $_SERVER['HTTP_RANGE'], 2); if ($size_unit == 'bytes') { //multiple ranges could be specified at the same time, but for simplicity only serve the first range //http://tools.ietf.org/id/draft-ietf-http-range-retrieval-00.txt list($range, $extra_ranges) = explode(',', $range_orig, 2); } else { $range = ''; } } else { $range = ''; } //figure out download piece from range (if set) list($seek_start, $seek_end) = explode('-', $range, 2); //set start and end based on range (if set), else set defaults //also check for invalid ranges. $seek_end = (empty($seek_end)) ? ($size - 1) : min(abs(intval($seek_end)),($size - 1)); $seek_start = (empty($seek_start) || $seek_end < abs(intval($seek_start))) ? 0 : max(abs(intval($seek_start)),0); //add headers if resumable if ($is_resume) { //Only send partial content header if downloading a piece of the file (IE workaround) if ($seek_start > 0 || $seek_end < ($size - 1)) { header('HTTP/1.1 206 Partial Content'); } header('Accept-Ranges: bytes'); header('Content-Range: bytes '.$seek_start.'-'.$seek_end.'/'.$size); } header("Cache-Control: cache, must-revalidate"); header("Pragma: public"); header('Content-Type: ' . $ctype); header("Content-Disposition: attachment; filename=\"".$filename."\""); header('Content-Length: '.($seek_end - $seek_start + 1)); //open the file $fp = fopen($path, 'rb'); //seek to start of missing part fseek($fp, $seek_start); //start buffered download while(!feof($fp)) { //reset time limit for big files set_time_limit(0); print(fread($fp, 1024*8)); flush(); ob_flush(); } fclose($fp); exit(); I did have the following section in replace of the above fread section up until this morning (but same issue): Code: [Select] // http headers for zip downloads header("Pragma: public"); header("Expires: 0"); header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); header("Cache-Control: public"); header("Content-Description: File Transfer"); header("Content-type: application/octet-stream"); header("Content-Disposition: attachment; filename=\"".$filename."\""); header("Content-Transfer-Encoding: binary"); header('Content-Length: '.$size); ob_end_flush(); @readfile($path); I have tried different headers and so forth, but all generally seem to bomb out occassionally before the download completes. But they don't bomb out at a particular point in the file size (ie at 25mb). Just seems to work and then die at the same time across different browsers, even when they are started at different times. Very strange and I've spent days modifying the script and still no answers. Sometimes the files download fine, but bomb out too many times for it to be satifactory to leave. Any help or pointers would be much appreciated. Is there a way (in PHP) to prompt to download file regardless of it's type? I have taken someone's suggestions and put files in a folder with HTAccess protection. ALL I want to do is just grab the files and prompt download (regardless of what the type of file is), is there an easy way to do this in PHP. I'm creating a CSV file on the fly for download in the backend - a stock management function. The script works fine extracting from the database fine and creates the CSV. But the next step of the script is to download the file using: header('Content-type: application/octet-stream'); header('Content-Disposition: attachment; filename="' . $filename . '"'); This works, in as much as it downloads the file specified by $filename but when I open the file it's empty and the File Size in properties is 0. But if I go into my FTP and download the file it contains all the data as expected? Anyone have any ideas whats wrong? Thoughts I've had: File size too large would using ob_start('ob_gzhandler'); help? Or is there an INI setting? File encoding needs to be set? UTF8? Content Type should be text/csv? Thanks Hi ! I am currently trying to develop a PHP application in which my server downloads a file and the user can do the same almost simultaneously. I already think about the problem "If the user downloads fastly than the server...", but it's not a problem at this moment. To do so, I used the header and readfile functions of php. Here is my code : Code: [Select] header('Content-Type: application/octet-stream'); header('Content-Disposition: attachment; filename="'.$data['name'].'";'); header('Content-Transfer-Encoding: binary'); header('Content-Length: '.$data['size']); readfile($remoteFile); I must to use the Content-length header to set the proper size of the file and not the size that is downloaded when the user clicks on the link. However, after some seconds or minutes, download is stopped and I need to restart... If you think about a solution, even if it didn't use the header(); function, please tell me. Thank you in advance... This upload form code works successfully, where a file is chosen, renamed and stored in the 'upload' folder, I would like to be able to add a yes/no to a field in a 'user' database when a logged in user clicks on a link to download a file. The site I have built stores docs and applications. and my client would like to know which user has downloaded a certain application (clicked on a button to 'download' and installer file. Is this possible? So, I have a script that works downloading a file - excerpt below: Code: [Select] header("Pragma: public"); header("Expires: 0"); header('Content-type: "application/octet-stream"'); header("Cache-Control: private",false); header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); $f = "Content-Disposition: attachment; filename=\"".$myfile['downloadname'].".".$myfile['ext']."\""; header($f); header("Content-Transfer-Encoding: binary"); header("Content-Length: ".filesize($file)); ob_clean(); flush(); readfile("$file"); exit(); I record elsewhere in a mysql database when the script is started. In addition, I'd like to be able to record whether the download completes (successfully or otherwise). As it is, the script can run and the user press cancel and it looks like a download but isn't. Is this possible? If so, how? Your help, as ever, gratefully received. Hi, Firstly, apologies if this is in the wrong place in the forum to post this. I have a website, I use PHP in various places to pull/push info from/to a mySQL database, i'm fairly happy with PHP and its uses. I've recently started to use the Google checkout widget on the site for a proposed webstore (to go live at a later date), this has the ability to 'sell' download URL's or keys. I like the idea of a customer being able to purchase multiple MP3 downloads and them being given a URL that gives them the links for the MP3's selected. This is probably beyond anything i've ever done with PHP though so I need to understand the architecture........I understand that, given a list of items from the store, I can run a query to display a list of stored URL's for those items - and I'm sure I can find code that will give me a random URL that will 'expire' after an amount of time. My question is, how to get the list of items ordered from the google checkout?? I'm sure this has something to do with API's - but I don't know what they are, presumably there is some kind of table in Google that I can tap into to get the product info?? any help would be very much appreciated. ....oh, and i'm sure people are going to ask "why are you using Google checkout", the answer being, for me, it seems simple, effective and free! (but i'm open to suggestions.) Darren This topic has been moved to PHP Freelancing. http://www.phpfreaks.com/forums/index.php?topic=346654.0 Is there a way to write a file to a directory on my network? I tried creating a shortcut called automated and pointed it to the network path. I also set up a virtual directory called automated in IIS and still could not make it work. I gave it read and write permissions. error Warning: fopen(C:\Inetpub\wwwroot\dompdf\automated\resource.pdf) [function.fopen]: failed to open stream: No such file or directory in C:\Inetpub\wwwroot\date.php on line 69 Warning: fwrite() expects parameter 1 to be resource, boolean given in C:\Inetpub\wwwroot\date.php on line 70 Warning: fclose() expects parameter 1 to be resource, boolean given in C:\Inetpub\wwwroot\date.php on line 71 code Code: [Select] require_once("dompdf/dompdf_config.inc.php"); $html = '<html><body>'. '<p>Put your html here, or generate it with your favourite '. 'templating system.</p>'. '</body></html>'; $dompdf = new DOMPDF(); $dompdf->load_html($html); $dompdf->render(); $pdfoutput = $dompdf->output(); $filename = "C:\\Inetpub\\wwwroot\\dompdf\\automated\\resource.pdf"; $fp = fopen($filename, "a"); fwrite($fp, $pdfoutput); fclose($fp); In ubuntu 18.10 , i created a folder name db in the external usb hard dirve changed the ownership to the www-data the apache2 server and set the permissions to 777 , i run this php code and get the permission error:
<php
chdir('/media/user/e46cafba-2656-4e42-b1c9-6417f28839df/db/');
system('./rs');
?>
but the php code cannot change to the dir and get the error: [21-Feb-2019 10:43:26 UTC] PHP Warning: chdir(): Permission denied (errno 13) in /home/user/www/html/rse4db.php on line 5
Hi, I have downloads that are available for users. They can click the links to download the file. Once they do this, I have a query that updates the number of downloads that file has received. I need to create a query that adds up all the rows Total Downloads. So for example: i have 3 rows: Name - Total Downloads First - 2 Second - 23 Third - 7 Using the query for these rows would give me an amount of 32. Any idea how to do this? I don't want to have to create a new column to find the total number of downloads. Any other ways? hello dear php-experts how to testrun a drive with command-line? note: i had several blank screens during the last week does this somewhat have to do with the hard-drive? which tests can be done? how to install linux on a netbook without a dvd-drive.
i think about buying a new notebook there are several ones that come up to mind. question should i buy one without a dvd-drive? there are many many out there - eg the ACER Aspire V3-371-36MA but many of them do not have a dvd. question: how can i install suse linux on this notebook and how should / could i do an update. well - do you reccomend to buy a notebook with a. a dvd drive - is this mandantory b. a notebook with more than 4 gb ram!? love to hear from you hello dear php-experts good day
well at the moment i try to figure out how to test the healthy of my harddrive.
How do I use SMART tools to check on my notebooks hard drive? That is the question of the day for me. i want to run a SMART-Test on my notebook to test the harddrive. i have opensuse 13.1 on the machine: and the SMART-Tools are installed. SMART (Self-Monitoring, Analysis, and Reporting Technology) is a technology included in most hard drives today. Short test: According to the documentation, this command can be given during normal system operation (unless run in captive mode). i can run the test: smartctl --test=short /dev/sda1 see here what happens: martin@linux-70ce:~> su Passwort: linux-70ce:/home/martin # smartctl --test=short /dev/sda1 smartctl 6.2 2013-07-26 r3841 [i686-linux-3.11.10-25-desktop] (SUSE RPM) Copyright (C) 2002-13, Bruce Allen, Christian Franke, www.smartmontools.org === START OF OFFLINE IMMEDIATE AND SELF-TEST SECTION === Sending command: "Execute SMART Short self-test routine immediately in off-line mode". Drive command "Execute SMART Short self-test routine immediately in off-line mode" successful. Testing has begun. Please wait 2 minutes for test to complete. Test will complete after Tue Jan 20 00:29:16 2015 Use smartctl -X to abort test. linux-70ce:/home/martin # hmm - this seems to be a short (quick ) test. But i have to wait to see the results. Question: do they come to the terminal - are they are shown in the terminal? btw: i also can run the Long Test: The long test can also be run on a live system, and will do a lot deeper testing on the device, however it will take significantly longer to finish. smartctl --test=long /dev/sda smartctl well - how can i run tests on all the partitions: is this possible to do this with only one single step? cfdisk (util-linux 2.23.2) Festplatte: /dev/sda GrM-CM-6M-C~_e: 320072933376 Bytes, 320,0 GB KM-CM-6pfe: 255 Sektoren pro Spur: 63 Zylinder: 38913 Name Flags Part. Typ Dateisystemtyp [Bezeichner] GrM-CM-6M-C~_e (MB) ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- PrimM-CM-$re Freier Bereich 164,63 * sda4 PrimM-CM-$re LVM2_member 1990,20 * sda2 PrimM-CM-$re LVM2_member 21475,89 * sda5 NC Logische swap 2155,88 * sda6 NC Logische ext4 21475,89 * sda7 NC Logische ext4 272799,63 * Pri/Log Freier Bereich 10,84 * but what can i do if i want to Get it all: there are options to do that - getting it all: The next and last command will output all the information the drive can possibly give. In the response below I have selectively removed a lot of output because there is a lot information to go through. My main point is the command and something I will get to in just a second. smartctl -a /dev/sda Device Mode since the harddrive has differnet partitions - the question arises: how to test all at once? question: which way to get the drive tested in one single step are there options to do that - getting it all in a single command. look forward to any and all hints and help greetings PHP 5.3 on Windows 7 running IIS 7 Hey... when using: Code: [Select] $dom = DOMDocument::load( 'p:\\WebTest\\test1.xml' );where P:\ is a mapped drive, I'm getting: Code: [Select] Warning: DOMDocument::load(): I/O warning : failed to load external entity "file:///p:/WebTest/test1.xml" in ... I've also tried using / instead of \\. If it's on c:\, it works fine, but I can't get the absolute path to work to a mapped drive. If I use \\\ip\\folder\\file (or //ip/folder/file) the page never loads. Any thoughts on getting DOMDocument to look at a shared network location on Windows? Thanks! |
|||||||