Thread: Register Globals Risk - Turn Off Register Globals

Hello,

anyone have see this turkish hack? any idea what is it?

aedating 3.3

Smoge: Code removed - we try not to publish code like this. If you need to report such code - please send me (Smoge) a PM.

Do you have register_globals on?

Also - why is your inc directory not .htaccess protected?

Smoge

Hello Smoge,

how can u check if register_globals is on?

with php.info maybe ? and if it's on should I turn it off?

I just check it out, yes directory, is protected by htacess that says " DirectoryIndex index.html"
at that time. How to do one ?

Marc

See this post.

http://www.modmysite.com/showthread....3551#post13551

for info on how to check for, and disable, register_globals.

Smoge

Originally Posted by marcus

I just check it out, yes directory, is protected by htacess that says " DirectoryIndex index.html"
at that time. How to do one ?

This is not protected. This just says that your index is index.html... no protection there.

You need to add:

Code:

Deny from all

to the .htaccess in your /inc folder

did you try that on your site?

Smoge: Code removed - we try not to publish code like this. If you need to report such code - please send me (Smoge) a PM.

I tried that on fewsites on aewebworks porfolio, it shows the image.... weird... I don't know if it's a hack or not...

smoge, if I set htacess "deny for all" how I will get myself in the inc folder?

Why would you need to go into the /inc folder.... they are all include files in a normal aedating / dolphin installation.

Originally Posted by marcus

smoge, if I set htacess "deny for all" how I will get myself in the inc folder?

very easy, I have ae site too and today when I checked on my lacess logs I founded that someone from Turkish IP was trying SQL injection to my site.

That guy is a hacker and seems to know very well ae dating folders names and files. I guess that he's trying many sites around to see if he can find a weakness in ae script to get inside.

I made "Deny from all" but it doesnt change anything I can still see the folder. I mean I'm dont have "access denied" like it should be.

any ideas?

Thanks

Marc

Hi,
did i try what? Not comprehending what you are or just did?

What he is saying is... is a URL with [dir]inc = a hack...

Register_globals allows a user of your site to replace varibles in your scripts with something else... including a file on another server.

Using this - they can write to files on your server - and mess with your site.

If Marcus ran the same code on some of the sites in aeDating's Portfolio ( http://www.aewebworks.com/portfolio.htm ) - then those sites have register_globals set to ON.

This is nothing new. This problem with register globals applies to many many many php scripts, not just aedating / dolphin.

Its nothing to get nervous and jerky over - just turn them off!

However, some scripts REQUIRE them on - if you turn them off - check your other scripts on your server for correct operation.

Smoge