The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
#1
|
|||
|
|||
How do I get sure I'm not being hacked?
Hi, I'm not sure if this is the correct subforum, feel free to move it if it's not.
I've been contacted by an agent from ztmc.com, this guy offered me $50.00 USD in advance each month for introducing text ads in our vb board. When I accepted, he sent me not a HTTP code as I though he would, but some php and xml files and I'd like to be sure those files are completely safe: The instructions: Quote:
Code:
<?xml version="1.0" encoding="ISO-8859-1"?> <product productid="advertising_links" active="1"> <title>Advertising Links</title> <description><![CDATA[Allows you to run 5 advertising links on your forum]]></description> <version>1.0</version> <codes> </codes> <templates> </templates> <plugins> <plugin active="1"> <title>Advertising Links On Archive</title> <hookname>archive_process_start</hookname> <phpcode><![CDATA[include ('ad_network_405.php'); echo '<div style="border: 1px solid silver; padding: 8px; background: #eee; margin-bottom: 16px;"><center>'; echo $ad_network . '</center></div>';]]></phpcode> </plugin> <plugin active="1"> <title>Advertising Links On Main Forum</title> <hookname>global_start</hookname> <phpcode><![CDATA[include ('ad_network_405.php');]]></phpcode> </plugin> </plugins> <phrases> </phrases> <options> </options> </product> Code:
<?php // Last update: October 6, 2005 5:49 pm (PST) function file_get_contents_an($url) { if (substr ($url, 0, 7) == 'http://') { $url = parse_url ($url); if ($handle = @fsockopen ($url['host'], 80)) { fwrite ($handle, "GET $url[path]?$url[query] HTTP/1.0\r\nHost: $url[host]\r\nConnection: Close\r\n\r\n"); while (!feof($handle)) { $string .= @fread($handle, 40960); } $string = explode (" ", $string); $string = array_pop ($string); } } else { $handle = fopen($url, 'r'); $string = fread($handle, 4096000); } fclose($handle); return $string; } if (!function_exists('make_seed')) { function make_seed() { list($usec, $sec) = explode(' ', microtime()); return (float) $sec + ((float) $usec * 100000); } mt_srand (make_seed()); } if (!isset($_SERVER)) $_SERVER = $HTTP_SERVER_VARS; $ad_file = 'ad_network_ads_405.txt'; for ($i = 0; $i <= 11; $i++) { $path = substr ('../../../../../../../../../../', 0, $i * 3); if (file_exists ($path . $ad_file)) { $ad_file = $path . $ad_file; break; } } if (is_writable ($ad_file)) { $ad_network = array(); $ads = file_get_contents_an ($ad_file); $ads = explode ('<ad_break>', $ads); $ads_temp = explode ('|', $ads[0]); $file = fopen($ad_file, 'r+'); if (flock ($file, LOCK_EX|LOCK_NB, $would_block) && !$would_block) { if ((count ($ads) < $ads_temp[4] + 1 && $ads_temp[0] + $ads_temp[6] < time()) || $ads_temp[0] + $ads_temp[5] < time()) { $new_ad = file_get_contents_an ('http://ads.digitalpoint.com/network.php?c=' . $_SERVER['SERVER_NAME'] . '&type=link'); if ($new_ad) { $ads_param = explode ('<ad_param>' , $new_ad); $new_ad = $ads_param[1]; unset ($ads_param[1]); $ads_temp = explode ('|', $ads_temp[0] . '|' . $ads_temp[1] . '|' . $ads_temp[2] . '|' . $ads_param[0]); } else { $ads_param = array_slice ($ads_temp, 3, 6); } $ads_temp[1] = (integer)$ads_temp[1] + 1; if ($ads_temp[1] > $ads_temp[4]) $ads_temp[1] = 1; $ads[0] = time() . '|' . $ads_temp[1] . '|' . gethostbyname('validate.digitalpoint.com') . '|' . implode ('|', $ads_param); if ($new_ad) { $ads[$ads_temp[1]] = $new_ad; if (count ($ads) > $ads_temp[4] + 1) $ads = array_merge ((array)$ads[0], (array)array_slice ($ads, -$ads_temp[4])); } fwrite ($file, implode ('<ad_break>', $ads)); ftruncate ($file, ftell($file)); } flock ($file, LOCK_UN); fclose ($file); } $ads_x = 0; while (count ($ad_network) < 5) { if (count($ad_network) % 2 == 0 && false) { $ads_next = (hexdec(substr(md5($_SERVER['SERVER_NAME'] . $_SERVER['SCRIPT_NAME'] . $_SERVER['PATH_INFO'] . $_SERVER['QUERY_STRING']), 0, 6)) % (count($ads) - 1 - $ads_x)) + 1; $ads_x++; } else { $ads_next = mt_rand(1,count($ads) - 1); } $ad_network[] = $ads[$ads_next]; } foreach ($ad_network as $key => $ad) { $split = explode ('<id>', $ad); $ad_ids[] = $split[1]; $ad = $split[0]; $ads_output = $ads_temp[2] == $_SERVER['REMOTE_ADDR'] || $_SERVER['SERVER_ADDR'] == $_SERVER['REMOTE_ADDR']; if ($ads_output) { $ad_network[$key] = str_replace ('" />', '" class="' . $ads_temp[3] . '" />', $ad); } else { $ad_network[$key] = str_replace ('" />', '">', $ad); } } $ad_network = implode (' | ', $ad_network); if ($ads_temp[7] && ($ads_output || preg_match('#(' . str_replace ('-', '|', $ads_temp[8]) . ')#si', $_SERVER['HTTP_USER_AGENT'])) && !$_SERVER['HTTPS']) $ad_network .= ' <img src="http://ads.digitalpoint.com/t-' . implode ('-', $ad_ids) . '.gif" width="1" height="1">'; } else { $ad_network = 'You must set the ' . $ad_file . ' file to be writable (check file name as well).'; } if (substr (@$_SERVER['DOCUMENT_NAME'], -6) == '.shtml') { ini_set ('zlib.output_compression', 0); echo $ad_network; } ?> Thank you! |
#2
|
||||
|
||||
The XML is fine - it's just the vb product file to upload the plugins.
The php is quite complicated so it's hard to say really, do you have some reason to suspect it ? |
#3
|
|||
|
|||
Yes, i never heard before about ads that would need this kind of scripts, and the emails received from the agent never were signed with phones, complete company name, charge, etc. He never sent a brochure or something, and Its maybe nothing, but as I am not sure I'm still investigating... I won't make a step until I know for sure these codes are safe.
|
#4
|
||||
|
||||
have you considered google adsense or yahoo publishers network? they are somewhat more repuitable.
|
#5
|
|||
|
|||
What i think it does is that it will pull the content (didn't really check the script) from an external server. That means that even if it is ok now, they could remotely insert unsecure things. Personally i would only allow this from well known trusted sites.
I don't know this website, but that means not much, not very familiar with advertisement suplliers. |
#6
|
|||
|
|||
What would be the worst escenario in case these guys were malicious?, I mean, introducing these scripts would put in danger the integrity of the whole forum?, we really don't need that much the money, I'm just curious about it... I think we'll check for google ads...
Thanks to you all. |
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|