Archive for the ‘PHP’ Category

Newer Entries »

WordPress under gpc_10805 attack

Tuesday, September 8th, 2009

WordPress

WordPress


A lot of information about last attack on WordPress managed sites can be found:
http://mashable.com/2009/09/05/wordpress-attack/
http://www.netpassiveincome.com/wordpress-mysql-injection-permalink/
http://www.warriorforum.com/main-internet-marketing-discussion-forum/121131-wordpress-mysql-injection.html
http://www.andysowards.com/blog/wordpress/breaking-wordpress-mysql-injection-how-to-fix-latest-attack-evalbase64_decode_serverhttp_referer/
http://www.seanrees.com/2009/09/02/well-an-update-worth-its-salt/
But pay attention that not only WordPress sites are attacked in this manner, look at the
http://www.webdeveloper.com/forum/showthread.php?p=1032611
Sites in the HTML only are attacked by this robot too.
Read the rest of this entry

Tags: PHP, Security, WordPress
Posted in General, PHP, Security, WordPress | View Comments

Your own PHP error handler

Sunday, September 6th, 2009

Your own php erorrs log

Your own php erorrs log


In case you are not able for some reasons to setup PHP error log through php.ini settings you can use this code to setup your own PHP error handler and thus write needed PHP errors/event into your own log file:
Read the rest of this entry

Tags: error_log, error_reporting, log_errors, PHP
Posted in PHP | View Comments

WordPress Security: Silence is golden. Part 2.

Sunday, September 6th, 2009

display_errors OFF

display_errors OFF


Some shared hosting providers don’t turn off php error showing by default. If you don’t change this default PHP configuration settings too, your blog has vulnerability issue or even security problem. Why I talk about security problem? Be cause of this can lead to exposure of the absolute path to your WordPress blog installation. Let’s check together. Put this little script into your blog root folder, for example name it phpinfo.php:

< ?php
phpinfo();
?>

Call it from the browser as http://yourBlogURL/phpinfo.php
You will see standard ‘PHP Info’ page with values of different PHP configuration parameters. Check display_errors parameter value under ‘PHP Core section’ now.

Read the rest of this entry

Tags: display_errors, error_log, error_reporting, log_errors, PHP, Security, WordPress
Posted in PHP, Security, WordPress | View Comments

Joomla – how to build logout text link

Friday, September 4th, 2009
Joomla Logout Redirect

Joomla Logout Redirect

If you search how to build the logout text link for the Joomla! then you are at the right place now. The answer is below

<a href="index.php?option=com_user&task=logout">Logout</a>

Do you need to redirect user to the needed URL after logout? Then you have to add the parameter return=[your-base64-encoded-return-URL]. For example

<a href="index.php?option=com_user&task=logout&return=<?php echo $returnURL; ?>">Logout</a>

where

$returnURL = base64_encode('URL to redirect');

Or if you need to redirect to the site root of your Joomla! installation after logout then you can use this link with preencoded return parameter value

<a href="index.php?option=com_user&task=logout&return=Lw">Logout</a>

You can read discussion on this issue at these topics
http://forum.joomla.org/viewtopic.php?f=466&t=325172
http://forum.joomla.org/viewtopic.php?f=428&t=334765
of the Joomla! discussion forum.

Posted in Joomla!, PHP | View Comments

Newer Entries »