Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - khansahib

Pages: 1 2 3 4 5 [6] 7
76
Mods & Plugins (Releases & Support) / Re: [MOD] Multi Size Download of same image [ver 4.3]
« on: September 26, 2010, 02:27:11 PM »
i'm getting this on detail page.

Code: [Select]
DB Error: Bad SQL Query: SELECT i.image_id, i.cat_id, i.user_id, i.image_name, i.image_description, i.image_keywords, i.image_date, i.image_active, i.image_media_file, i.image_thumb_file, i.image_download_url, i.image_allow_comments, i.image_comments, i.image_downloads, i.image_votes, i.image_rating, i.image_hits, c.cat_name, u.user_name, u.user_email, c.multi_downloadage_votes, i.image_rating, i.image_hits, c.cat_name, u.user_name, u.user_email FROM (4images_images i, 4images_categories c) LEFT JOIN 4images_users u ON (u.user_id = i.user_id) WHERE i.image_id = 2 AND i.image_active = 1 AND c.cat_id = i.cat_id
Unknown column 'c.multi_downloadage_votes' in 'field list'

Warning: Cannot modify header information - headers already sent by (output started at /home/fun/public_html/includes/db_mysql.php:190) in /home/fun/public_html/includes/functions.php on line 114

77
Discussion & Troubleshooting / Re: Problem Using PlugIns
« on: September 21, 2010, 03:59:57 PM »
THanks worked..
login problem solved from settings in admin panel..

78
Discussion & Troubleshooting / Problem Using PlugIns
« on: September 21, 2010, 09:56:57 AM »
I've a strange problem using plugins..
when i click on it, first it asks for relogin.. after entering that i get message, "logged in.. you'll be redirected" then error 404 page appears..

and also i want to get rid of entering the username password again and again..

thanks

79
Mods & Plugins (Releases & Support) / Re: [MOD] Check new images in ALL categories v2.11 (updated 22-04-2006)
« on: September 21, 2010, 07:20:25 AM »
Thanks

well i used the following code

Code: [Select]
php_value suhosin.request.max_vars 2048
php_value suhosin.post.max_vars 2048

and saved it as php.ini and added to admin folder.. and all worked out... :)

80
Mods & Plugins (Releases & Support) / Re: [MOD] Check new images in ALL categories v2.11 (updated 22-04-2006)
« on: September 20, 2010, 06:28:03 AM »
hello anybody there to tell where is the problem...

81
Mods & Plugins (Releases & Support) / Re: [MOD] Cat name in clickstream->to the page# where image i
« on: September 17, 2010, 03:40:31 PM »
Worked like a charm.. you made my day :D
Thanks alot :)

82
Mods & Plugins (Releases & Support) / Re: [MOD] Cat name in clickstream->to the page# where image i
« on: September 17, 2010, 03:07:40 PM »
now i'm running both .htaccess and session.php of this thread "http://www.4homepages.de/forum/index.php?topic=17598.0" but even then my problem is not solved, still same not working hyperlink on page is coming.. please help me out.. Thanks

83
Mods & Plugins (Releases & Support) / Re: [MOD] Cat name in clickstream->to the page# where image i
« on: September 17, 2010, 09:07:29 AM »
.htaccess from here
http://www.4homepages.de/forum/index.php?topic=17598.0

and session.php from here
http://www.4homepages.de/forum/index.php?topic=6729.0

84
Mods & Plugins (Releases & Support) / Re: [MOD] Cat name in clickstream->to the page# where image i
« on: September 17, 2010, 08:43:42 AM »
sorry for the bad explanation

the original link is
http://www.my-site.com/wallpapers/cat-automobiles-3.htm?page=6

while in clickstream it directs to
http://www.my-site.com/wallpapers/cat3.6.htm

which does not exist..

85
Mods & Plugins (Releases & Support) / Re: [MOD] Cat name in clickstream->to the page# where image i
« on: September 17, 2010, 06:59:35 AM »
nice mod..
can anybody tell how to fix the link on "Page #"

In my case..

Home / Category / Sub-Cat / Page 6

everything is fine but page 6 link is wrong.. it is something like "cat#.6.htm" where 6 is page number.

thanks

86
Mods & Plugins (Releases & Support) / Re: [MOD] Check new images in ALL categories v2.11 (updated 22-04-2006)
« on: September 17, 2010, 06:03:37 AM »
first of all thanks for such a nice MOD..
well i've tried both v2.11 and v2.12.2 but have no sucess with both as i can't add 80+ images in one go.. when i select 90 or 100 it turns out to

--------------------------------
Check new images log
No new images added!
--------------------------------

i've to add 20k plus images so adding 80 in one go will take alot of time.. i want to add atleat 200 in one go..

after reading the thread i figured out that might be my "post_max_size" will be less but i also increased that to 30MB from 8MB.. and still it didn't work out.. :(

can u please tell me where is the problem, my server or script.. i'm using latest version of 4images i.e. v1.7.8

Thanks.

87
Discussion & Troubleshooting / Re: Download.php problems and core files
« on: August 15, 2010, 07:46:19 AM »
Here is the response from support once agian,

Quote
>>It's probably too late now, but could you confirm/deny my theory that core files created only when clicked download zip button, normal download not causing this?

Kindly note that core files are not generated when you click on download zip button, but is created when some programs are crashed/failed.

Core file is an image of a process that is created by the operating system when the process terminates unexpectedly due to a segmentation fault. The file saves the current state of a process and its memory.

>>Do you think we should do some adjustments to the server? Also core files creating has been disabled by Softlayer team Refer to Ticket ------.

I could see that the core dump has been disabled in the ticket ------. Do you want to enable it now?

Awaiting your reply.

Thank you,
Lionel R.
SoftLayer Support

88
Discussion & Troubleshooting / Re: Download.php problems and core files
« on: August 15, 2010, 01:53:04 AM »
Quote
now that they mentioned allow_url_fopen, search for any images that were added to your gallery with a remove url (images not physically uploaded, only url to it submitted). I'd suggest you use [MOD] Batch Copy/Move/Edit Images v4.15.1 (2010-08-14) for this task (search for "/" without quotes in "Image file contains" field)

No entries found.

Now the hosting support have disabled that creation of core files by doing the following.

====================================
We have turned off core dump in the server now. The OS will not generate any core files. For this we have added the following parameters in the system configuration file (/etc/sysctl.conf).
================
kernel.core_uses_pid = 0
kernel.core_pattern = /dev/null

[root@server themes]# ulimit -a
core file size (blocks, -c) 0
====================================

The core files are created by PHP while executing the code in /home/gallery/public_html/download.php.
===============
[root@server gallery]# gdb php core.14929 | grep Core
Core was generated by `/usr/bin/php /home/gallery/public_html/download.php'.
Quit
===============
We would recommend to contact your PHP developer to check the PHP code.


==========================

Please suggest.

With Regards.

89
Discussion & Troubleshooting / Re: Download.php problems and core files
« on: August 14, 2010, 02:15:23 PM »
1) is there any other scripts running on your website? (we've had a few people reporting their websites were hacked through 4images, but turned out it was due to security holes in other software they had (wordpress mostly)

>> Complete scan done nothing found everything seems up to date and OK.

2) can you confirm that there is no suspicious files anywhere on your website?

>> Nothing

3) you've said you are running latest 4images version, do you mean recently released v1.7.8? If it's v1.7.7, have you apply ALL bug fixes?

>> I have uploaded 1.7.8 means its the latest.

4) is this happening often or happened just once?

>> It was happening regularly and was using cpu at highest.

5) if it happening often, try to delete download.php see if this happens again.

>> delete and then re upload or what?


Please help.

And here is something more from the hosting support.

========================================
     
Hello,

>>>Can you please explain why this happened?

As your site is using PHP function "allow_url_fopen" for delivering the download requests. PHP function "allow_url_fopen" enables the URL-aware fopen wrappers that enable accessing URL object like files. Default wrappers are provided for the access of remote files using the ftp or http protocol.

Enabling "allow_url_fopen" in the server make it vulnerable to server hack. However, installing PHP extension Suhosin, will help you in protecting the server form such vulnerabilities to some extend.

Please go through the following URL to know more about this:

---------
http://blog.php-security.org/archives/45-PHP-5.2.0-and-allow_url_include.html
---------

Suhosin is already installed in the server.

----------
[root@server ~]# php -v
PHP 5.2.13 (cli) (built: Jul 10 2010 06:38:36)
Copyright (c) 1997-2010 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2010 Zend Technologies
with eAccelerator v0.9.6.1, Copyright (c) 2004-2010 eAccelerator, by eAccelerator
with the ionCube PHP Loader v3.3.20, Copyright (c) 2002-2010, by ionCube Ltd., and
with Zend Optimizer v3.3.9, Copyright (c) 1998-2009, by Zend Technologies
with Suhosin v0.9.31, Copyright (c) 2007-2010, by SektionEins GmbH <=====
[root@server ~]#
----------

Hence, I recommend you to disable "allow_url_fopen" in the server. You need to find an alternative to make the download option in the site to work without "allow_url_fopen". I would suggest you to seek the assistance of your web developer for this task.

If you have any further queries regarding this, please get back to us.

Thank you for understanding.

Regards,
Derrick P
SoftLayer Support
===============================

With Regards.

90
Discussion & Troubleshooting / Re: Download.php problems and core files
« on: August 14, 2010, 01:43:58 AM »
I compared download.php and global.php nothing found.

Here is the response from hosting support.

------------------------------------------------------------------
Hello,

I am pasting Apache error logs for the file '/home/gallery/public_html/download.php'
----------------------------------
$ grep 'download.php' /usr/local/apache/logs/error_log

[Mon Aug 09 09:28:27 2010] [error] [client 180.214.233.9] ModSecurity: Access denied with code 501 (phase 2). Pattern match "(?:\\b(?:(?:n(?:et(?:\\b\\W+?\\blocalgroup|\\.exe)|(?:map|c)\\.exe)|t(?:racer(?:oute|t)|elnet\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\.exe|echo\\b\\W*?\\by+)\\b|c(?:md(?:(?:32)?\\.exe\\b|\\b\\W*?\\/c)|d(?:\\b\\W*?[\\\\/]|\\W*?\\.\\.)|hmod.{0,40}?\\+.{0,3}x))|[\\;\\|\\`]\\W*? ..." at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "146"] [id "959006"] [msg "System Command Injection"] [data "; id"] [severity "CRITICAL"] [tag "WEB_ATTACK/COMMAND_INJECTION"] [hostname ""] [uri "download.php"] [unique_id "TGAQi0PkFkIAAHC-CuoAAACe"]
[Mon Aug 09 09:28:49 2010] [error] [client 180.214.233.9] ModSecurity: Access denied with code 501 (phase 2). Pattern match "(?:\\b(?:(?:n(?:et(?:\\b\\W+?\\blocalgroup|\\.exe)|(?:map|c)\\.exe)|t(?:racer(?:oute|t)|elnet\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\.exe|echo\\b\\W*?\\by+)\\b|c(?:md(?:(?:32)?\\.exe\\b|\\b\\W*?\\/c)|d(?:\\b\\W*?[\\\\/]|\\W*?\\.\\.)|hmod.{0,40}?\\+.{0,3}x))|[\\;\\|\\`]\\W*? ..." at REQUEST_HEADERS:User-Agent. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "146"] [id "959006"] [msg "System Command Injection"] [data "; id"] [severity "CRITICAL"] [tag "WEB_ATTACK/COMMAND_INJECTION"] [hostname ""] [uri "download.php"] [unique_id "TGAQoUPkFkIAAG0NgrcAAADK"]
----------------------------------

The code in '/home/gallery/download.php' is conflicting with the ModSecurity rule.
--------------------------------------
SecRule ARGS \
"(?:(?:[\;\|\`]\W*?\bcc|\bwget)\b|\/cc(?:[\'\"\|\;\`\-\s]|$))" \
"phase:2,capture,t:none,t:htmlEntityDecode,t:lowercase,ctl:auditLogParts=+E,deny,log,auditlog,status:501,msg:'System Command Injection',id:'950907',tag:'WEB_ATTACK/COMMAND_INJECTION',logdata:'%{TX.0}',severity:'2'"
SecRule "REQUEST_HEADERS|XML:/*|!REQUEST_HEADERS:'/^(Cookie|Referer|X-OS-Prefs|User-Agent)$/'|REQUEST_COOKIES|REQUEST_COOKIES_NAMES" \
"(?:(?:[\;\|\`]\W*?\bcc|\bwget)\b|\/cc(?:[\'\"\|\;\`\-\s]|$))" \
"phase:2,capture,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:lowercase,ctl:auditLogParts=+E,deny,log,auditlog,status:501,msg:'System Command Injection',id:'959907',tag:'WEB_ATTACK/COMMAND_INJECTION',logdata:'%{TX.0}',severity:'2'"
--------------------------------------

Thank you,
Cathy T.
SoftLayer Support



Pages: 1 2 3 4 5 [6] 7