Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Need a new image gallery now!

L

LastLine

macrumors 65816
Original poster
Aug 24, 2005
1,313
21
http://www.nofearspunk.com/test.htm

Ok, so I'm working on a new layout, but I can't shift this black line to the right of the site map, can't figure out what's causing it, anyone got any ideas?

Site attached to post if people want to paly with the code.

On a second note someone else seems to have access to my site, they keep posting random pages into my ftp. Occasionally I'll log in to find a random htm page uploaded, now I know nobody knows the user/pass so it can't be that so if anyone fancies a challenge I'd like to see if you can figure out how to upload a page (let's call it macrumors.htm) to the site, and if so explain how you did it and how I can stop it reoccuring (the offending page is http://www.clarkephotography.co.uk/Lord.htm) The main site page is www.clarkephotography.co.uk

Anyone fancy the challenge?
 

Attachments

  • newlayout.zip
    17.4 KB · Views: 82
Holy crap, your admin password hash (via md5) is exposed to the rest of the world. Give them a few hours and they can crack your password if your password is badly formed

I suggest changing the app, apparently, I can use that php script to look at the encypted passwords of the rest of the accounts on your shared hosting, there are approx 13,000 users on it.
 
To the first poster - Linux I believe - 1and1's basic package.

angelneo said:
Holy crap, your admin password hash (via md5) is exposed to the rest of the world. Give them a few hours and they can crack your password if your password is badly formed

I suggest changing the app, apparently, I can use that php script to look at the encypted passwords of the rest of the accounts on your shared hosting, there are approx 13,000 users on it.
Click to expand...

Yeah, I figured it might be something like that - just wanted someone to have a go without a suggestion just to see if someone could come up with it. Thank you (?) for confirming my suspicions - does anyone have a suggestion for a similar, more secure script? I don't have SQL available yet, but would be able to transfer to a different package if needed.


As for the black line, I've assumed this to be a CSS issue thus far, however I can't find anything in the CSS that I can use to get rid of it, that said I'm *fairly* inexperienced with CSS thus far so perhaps someone can see something I'm missing?


Thanks for the help so far guys - you've been brilliant - hopefully you'll continue to help me :)
 
LastLine said:
Yeah, I figured it might be something like that - just wanted someone to have a go without a suggestion just to see if someone could come up with it. Thank you (?) for confirming my suspicions - does anyone have a suggestion for a similar, more secure script? I don't have SQL available yet, but would be able to transfer to a different package if needed.
Click to expand...
This link will tell you about how to secure your users folder
linkety


Personally, I don't think it is this flaw that caused the intrusion, it looks like the hacker is trying to be a smartass, I don't think he will put in that much effort to crack the password. I suspect it's something more convenient, might have something to do with the fact you have your register_globals is turn on in php configuration. I will be off work soon and might have some time to take an actual crack at your site.
 
angelneo said:
This link will tell you about how to secure your users folder
linkety


Personally, I don't think it is this flaw that caused the intrusion, it looks like the hacker is trying to be a smartass, I don't think he will put in that much effort to crack the password. I suspect it's something more convenient, might have something to do with the fact you have your register_globals is turn on in php configuration. I will be off work soon and might have some time to take an actual crack at your site.
Click to expand...
Yeah, see the hack isn't actually a real problem as it's not replacing anything that I've made as such, just putting it there to show he can. The thing that concerns me is that I don't have the programming knowledge to fix the problem (the script itself was downloaded from elsewhere and looking at the code game me a headache lol)

For theories sake if I removed the script and stuck to ftp access would that solve the problem?
 
Ok, I've currently removed the site due to the attacks getting ridiculous but i'm no let with no solution :(

Anyone able to suggest the following:
Requirements: No SQL be needed

I need

A File upload system - preferably one that can be used through a browser window - must be secure, this is what caused the problem last time - must be passworded, and people must not be able to find the password/user anywhere.

A gallery that displays images in .jpg format, generates it's own thumbnails, basically I want to be able to put this on my site, upload photos and have the page add them itself.

As I say, don't want to have to use SQL here - but as a bonus, if anyone can find a way that I can leave comments on the photos (i.e. exif information) have users rate it, then that's a bonus.


Many thanks all
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back