phpfreek
Nov 6 2006, 08:45 AM
| | Hello;
If you are running a website that offers free image hosting, than this is for you !
If the image hosting script you are using is a bit poor, hackers can use this to upload their "php shell" and be able to do modifications to your site !!!
You might say this wouldn't happen to you ! ... but it happened with me ...
My website is mostly a familly web-site, so all my familly checks it, and when the hackers acted ... i got humiliated  ... they put "inapropriate pages" on my site ...
I had to delete everything they put, and disable the image hosting service, but all this after i got humiliated ... so watch out guys !! |
Reply
brandice
Nov 6 2006, 03:04 PM
What was the hosting script that you used? Just so we know what to look out for...
Reply
Rap_Speedy
Nov 25 2006, 03:34 PM
that could happen but if youre upload script only allows pictures... its a slighter less chance to have that. 
Reply
shadowx
Nov 25 2006, 06:11 PM
QUOTE that could happen but if youre upload script only allows pictures... its a slighter less chance to have that. less likely yes, but not impossible. There is a way to get php to execute within an image as some signatures you see do, the ones which display your IP, OS etc... the only way i know of doing this is to write the php code yourself and specify an image document type but im sure there is an exploit somewhere which will allow such images to be uploaded. As a rule i wouldnt normally allow people to upload their own images just because its risky in what they might upload, including illegal images and codes etc... It might be an idea to try to add a feature to let people specify a URL to an image already hosted and to have them uplaod these images on some other professional image host. Might defeat the point tho!
Reply
garbage
Nov 27 2006, 03:06 PM
well sorry to hear about that but I hope for those who are running image hosting sites please beware..
Reply
apacheNewbie
Nov 28 2006, 05:51 AM
I think there is a procedure in PHP to make sure that the input would not be parsed as PHP script. The same thing which is used to prevent SQL injection
Reply
Kioku
Dec 23 2006, 05:09 AM
If I recall correctly, Image Shack used to have a vulnerability to something like this and some forms of spyware were actually trying to slip their way in, along with the image upload. Eventually, they had something scripted in that blocks anybody who has cool web search and the like from uploading anything.
Reply
daler
Dec 25 2006, 07:44 AM
I wrote a upload script in PHP a few years ago that allowed users to upload jpg/gif images. The 3 important things that must be in an upload script are: 1. Check the file's name (in my case ensure it's a .jpg or .gif and not a anything else) 2. Check the file's CONTENT-TYPE 3. Set the permissions of the file so that it isn't allowed to be "executed" (read/write only) Also, I dynamically renamed the files so that: 1. Overwriting existing files of the same name wouldn't be a problem 2. More secure: if the above methods failed, at least the file would have an arbitrary name of randomname.jpg instead of something like index.gif.php Finally, be careful about allowing users to upload files into a directory visible from the web.
Reply
-[Nero]-
Jan 10 2007, 03:21 AM
Mind telling us which picture hosting website you used? Please let me know so that I can set a rules in my forum to prevent any damage from occuring.
Reply
FLaKes
Jan 10 2007, 08:52 AM
He didnt use a website, he used a script for his own image uploading website. There are so many image hosting websites out there, that I wouldnt really bother into makin my own though. It would be good for practice, but unless you have bandwidth and your own server it could be fun.
Reply
Latest Entries
Galahad
Sep 7 2007, 10:33 PM
QUOTE(jlhaslip @ Sep 6 2007, 07:48 PM)  Check in the Tutorial Section here at the Trap17. there is one that uses a folder named with a jpg (or png ) extension that would likely work for you.
I think the problem is that .php is not an acceptable file extension fo uploading to this server. Ig you have the script named index.php inside a folder named with an acceptable file extension might work?
I think the Tutorial I am referring to can be found use "sig rotator" as a search value. Thanks for that, I already talked to alex7h3pr0gr4m3r about his dynamic Trap17 status image, and he said he used that folder.jpg method, with index.php script inside... It is so simple, and so obvious, that it completely eluded me, and I think I would have never thought of it... But, as you can see now, there is a dynamic image in my sig, and I'm actualy working on releasing a public version, with software to download and update ones status, and a sig for every user... But it's a big work ahead of me  Hopefully, I will find some beta testers here
Reply
jlhaslip
Sep 6 2007, 05:48 PM
QUOTE(Galahad @ Sep 6 2007, 05:36 AM) Well, I have created a certain signature, that I use in forums that allow members to have hosted images in their signatures via IMG tag, and don't check for extensions... Trap17 doesn't allow it, so I'm not using it here, but I certainly can see how one could easily make a malicios PHP script, and take over some site, or crash it... If you want to see my signature, go see http://status.galahad.trap17.com/stat.php ... It is a pure JPEG picture, no malicious code... If it's not allowed to have links here, mods, please remove this section, it's not my intent to promote my site, just to show how ot would work Check in the Tutorial Section here at the Trap17. there is one that uses a folder named with a jpg (or png ) extension that would likely work for you. I think the problem is that .php is not an acceptable file extension fo uploading to this server. Ig you have the script named index.php inside a folder named with an acceptable file extension might work? I think the Tutorial I am referring to can be found use "sig rotator" as a search value.
Reply
benzkids
Sep 6 2007, 01:35 PM
if i was a really smart guy (which i'm not lol) i would make a script that makes you, the administrator, ok the pis. (in other words, you have to say yes i will allow this certain picture on my website) so you know what people are putting up on your website. but unfortunately i am not a smart guy and i don't know how to write scripts. this is all saying that i got the right idea of what your talking about
Reply
Galahad
Sep 6 2007, 11:36 AM
Well, I have created a certain signature, that I use in forums that allow members to have hosted images in their signatures via IMG tag, and don't check for extensions... Trap17 doesn't allow it, so I'm not using it here, but I certainly can see how one could easily make a malicios PHP script, and take over some site, or crash it... If you want to see my signature, go see http://status.galahad.trap17.com/stat.php ... It is a pure JPEG picture, no malicious code... If it's not allowed to have links here, mods, please remove this section, it's not my intent to promote my site, just to show how ot would work
Reply
ImageFilez.com
Aug 27 2007, 10:13 PM
I am really interested in what image hosting script u were using ?? as i knew that the turnkey image hosting scripts had these problems
Reply
Similar Topics
Keywords : image, hosting, hurt
- Hosting Account Suspended
status shows i am non-hosted (2)
Hosting Struts Application
I need help here (1) I just got web hosting approved and I want to host the site I created using Struts framework.
I'm a complete newb when it comes to web hosting, so I need a little help. Is there a tutorial
that covers this subject? Any help with hosting of Java applications will be appreciated.....
When Trap17 Will Host Non-english Sites?
"All websites must be in English to qualify for free hosting"- (5) QUOTE All websites must be in English to qualify for free hosting. We do this to ensure that
Accounts are legal and have permissable contents. I totally agree with the need to ensure that
accounts are legal and have permissable contentes, but I believe there's a big portion of forum
members who speak English as their second language, including myself, and so, I assume some time
they may need free hosting in their native language. So, why can't Trap17 host sites in those
non-English languages which have a large community in the forums? I'm sure that t....
Free Web Hosting Request [denied]
(1) Sub-domain or domain name: druzenje.trap17.com Name/Nickname: druzenje Country
you live in: Bosnia and Herzegovina Theme of website: Community Reason for
choosing us: No reason,like this. How did you Find us ? my friend give me link
Package You want: 500 mb space, 10000 mb bandwith Additional Comments: nothing
Confirmation : You understand the Rules & Regulations. You have read the Terms of Service.: Yes,I
understand My e-mail: alcatraz@w.cn Cpanel can be accessed in the Followin....
Free Web Hosting Application [screened] [approved]
.:Piper_2051:. (3) PRESENT CREDITS : Forum Username : .:Piper_2051:. Display Username: .:Piper_2051:. Email Address:
piper_2051@hotmail.com My request is for: HOSTING PACKAGE 2 Your Registered Domain Name or Desired
Trap17 Subdomain Name Piper2051.com Introduce Yourself: Your hobbies, interests, talents, etc. Let
the forum know you better. • HI!, My name is James, I reside in Edmonton Alberta Canada,
and I play the Great Highland Bagpipe in my spare time, and as a small side venture. I'm 22yrs
old and have been playing since I was about 14/15yrs of age, including several y....
Free Web Hosting Application [screened] [approved]
by miikerocks: request for site (PLEASE READ) (6) PRESENT CREDITS : Forum Username : miikerocks Email Address: mike_simpson_@hotmail.com My
Desired Trap17 SUBdomain Name is: www.FreeLoads.org Introduce Yourself: Your hobbies, interests,
talents, etc. Let the forum know you better. • For hobbies I like to be nice to people,
well help people out. I like to go on the computer, and one of the things I LOVE is to make
websites. Ever since grade 3 I have been searching and searching for a way to make a .com for free,
now I find you guys. THANK YOU SOOOO MUCH!!! I have talents and interests in sport....
Best Free Host
Best free hosting service (3) I have tried more than a dozon free hosting services. 000webhost.com is the best. They give
you 350 MB Disk Space 100,000 MB Bandwidth Free Subdomain or Your Own Domain Automated Scripts
Installer (20 Popular Scripts) FTP Access and Web Based File Manager Easy to use Website Builder 5
MySQL Databases with Full PHP Support Zend & Curl Enabled IMMEDIATE Activation! only thing you
have to take care is to login to your account at least once in every 30 days....
Free Web Hosting Account Request [denied]
(1) Sub-domain or domain name: jlbribeiro.trap17.com Name/Nickname: who? Country you live in:
Portugal Theme of website: Personal Website where I'll be testing my webdesign and programming
skills. I will also host a Flash MSN Game that I'm developing (testing my programming skills
right now /biggrin.gif" style="vertical-align:middle" emoid=":D" border="0" alt="biggrin.gif" />).
It won't be available to the general public, only to my friends (because I don't want it
public and because that would slow down your servers). Reason for choosing us: Great....
Free Web Hosting Pre Req's
submitted with all due respect as a general rant/question (1) Ok, Here It Goes... When I applied for the free web hosting I went over everything required and was
still denied due to a "lack of post content", yet days before I submitted a new topic under the
Introduction to Spirituality thread and received credits for it. after that I did not see it in the
forums, assuming that it just needed to be accepted first, I let it go., now it is not anywhere to
be found and there is no indication other than my credits that it ever existed. This post was a full
Introduction to Buddhism and took me quite some time to type out and organize, b....
Asp.net Hosting On Linux Servers?
(1) Hi, I was searching the free ASP.NET hosting, but I didn't found any really good hosts. However,
I found lots of good free hosting sites(like trap17) without ASP.NET support. Now I'm wondering,
why there is only few free ASP.NET hosts with such poor plans? You may say, that ASP.NET requires
Windows OS, but it isn't true, there is such tool named mono, which allows run NET technologies
on linux OS and it is free(as far as I know). Then why hosts doesn't interested in ASP.NET? A
lot of people searching for free good ASP.NET hosting, I just can't underst....
Why Has Everyone Ignored My Free Hosting Request?
(7) I posted a free hosting account request on the 27 of last month, I still haven't got a reply,
when I go in and look at my request post I notice that EVERYONE before AND after me was at reviewed,
and most of them accepted! Can anyone please tell me why mine seems to have been
skipped!?!? I've been really anxious to get my website up and running on the web, but
it seems i've been completely ignored in the process! Im starting to wonder why i'm
wasting my time here!....
Thanks For The Hosting
I've terminated mine (4) I'm just saying goodbye to Trap17's free hosting service. You guys are really great all the
times when I'm using your service. The servers was fast, disk space are decent, and no
restriction for PHP function, and the forum is so friendly. But after the incident with the cPanel
and the site, I decided to leave. All my forums data and blog was completely vanished. While I
cannot access my cPanel, FTP, and of course my site, I'm terminating my account, and rebuilding
my forum,site, and blog at another host. Thanks for being great. Of course this incident wil....
My Free Hosting Account Request
(3) I recently filled out the form to request a free hosting account, its been about a week and I notice
that every one else's above and below mine has been reviewed, but mine hasen't been
thouched.... It also says that I have no hosting credits on the form, but the box on the forums page
says that i've got 35.55 credits! Im really anxious to get a website up and running!
just hoping some one can help me!....
My Hosting Request Email... [resolved]
(3) Hi, could you re-send the hosting email, as my mailbox has been going wrong recently, so i think the
email was lost. Thanks... minimcmonkey....
Shoutcast Hosting >.<
Shoutcast (3) Did u know that Shoutcast hosting is a Scam i want on these site and i got only 2 hosting for free
and the rest paid for well note this all tho... some of there Free Services Don't Allow Sam B.
to work with at all... u much need to use there Web Page With Adsssss All Over it.... now why kill a
Great Radio well i tell u why..the thing is ppl hate Ads Right or Wrong? they need more ppl to host
but why ads to pay them? there like over 10 diff ads by google and other ads on this site so, i
would like Host my Own Radio Witch i been doing about 9 years now, and soon 1....
Need A Name For A Hosting Site
(3) Ok so i'm thinking about setting up a paid and free hosting site with computing host resaller
plan. but i'm having no luck coming up with a name for the site, evey thing i have tryed it
taken arleady. so i was wonder if i could get some help with picking a name? so dose any body have
any ideas? I dont wont it to be one of those super long domain names. Thanks....
Help With Hosting Credits [resolved]
(7) I would be very grateful if someone could tell me why I bought 6 months worth of hosting credits
through this site through paypal and they never showed up. Right now I have a suspended page and
negative credits even though I paid for them. Thank-you kraizii88z kraizii88z@yahoo.com
loverenee.trap17.com....
I Am Looking Into Going With A Paid Hosting Service And Trap17 Has Been Good To Me So Whats The Paid Hosting's Website?
(7) I am looking at different solutions for paid hosting and I know that that trap17 has some connection
with a paid hosting company and I would like more info about it because I like the way this place is
run and it has been a good place to have my website. So what is the site for the paid hosting?....
Jatsim Hosting
(1) Hi, JatSim Hosting is pretty good, although it has barely any members, its a FREE FFMPEG hosting
community ! so i can host my own video sharing website ! like PHPMotion and vshare which i
bought for $10 for FREE ! hehe, have to love me for that /tongue.gif"
style="vertical-align:middle" emoid=":P" border="0" alt="tongue.gif" /> this is their link:
www.jatsim.com their servers are "ok" with a 99.89% uptime, but they have fast speeds... Customer
Service = 7.5/10 Server Service = 8/10 Website looks = 6/10 Speed = 7/10 Reliability = 8/10 overall
they a....
Zymic Hosting
(10) Zymic is a fairly decent host with a good amount of bandwith and storage available and is ad-free.
It has a simple cPanel and does not really offer a lot of advanced features, but you do have PHP and
MySQL with 5 MySQL Databases and Accounts available. They only allow one FTP username though, but
all of your hosting accounts are linked to your Zymic account. They have PHP Safe Mode on though, so
you might have some limited PHP features. I do not know about support because I have not really
suffered much downtime and haven't needed it. You are able to have unlimited h....
Credit System V2.0 Online
Free Web Hosting Credit System v2 now online! (15) Dear Members, I am pleased to announce that I have finished coding Credit System V2.0 and its now
online for members to use. Instead of the old URL used for managing your free web hosting account
(http://www.trap17.com/process), You shall now be using :- http://www.trap17.com/manage (Credit
System v2.0 Url) The new version is :- More secure. More reliable. Easily Upgradable and employs
Module system. Has a Much better look. Central Login. Ajax Powered. Has a Log System. Good
number of Bugs fixes Please use it and kindly report any further suggestions, comme....
Background Image Swap Script
Change a Background Image based on clock time (15) Background Image Changer Script To swap the background image from your CSS file according to the
Server Clock Time. 1.) In your CSS file, add the following rule: CODE body {
background: url(time.png); } 2.) Create a "folder" named time.png. 3.) Into the
folder, place three images named morning.png, day.png, night.png. 4.) Also, in the same folder,
create an index.php file and copy/paste the following script. CODE <?php $hour =
date('H'); if ($hour < 12 ) { $image =
"morning.png"; } ....
Do You Use Imagefilez.com?
ImageFilez.com : Free Image and Video Hosting (30) Do you use ImageFilez.com? If so, for what and how long? If not, why? /huh.gif"
style="vertical-align:middle" emoid=":huh:" border="0" alt="huh.gif" /> Please vote and reply to
this thread with your responses. I don't personally, because I have an account on Photobucket
and ImageShack, and I sometimes use the Free Hosting that comes embedded into my forum and at the
site I moderate.....
110mb Hosting
What happened to FREE hosting? (37) 110mb A big name in the hosting world today, indeed. I remember back in the days, 110mb offered
LOTS of amazing features, despite the fact they couldn't keep them. I talked to support, they
were about 2 - 3 people controlling it all. It was nice ! Don't get me wrong, anyway. On
to my POINT. We all (or some of us) remember 110mb as the best host possible! (Sorry, even
better than Trap17 /wink.gif" style="vertical-align:middle" emoid=";)" border="0" alt="wink.gif"
/>) But what it has become now is really bad. First of all - They brag too much abo....
How Much For This Hosting Package?
my custom package (7) Hello! If this is the wrong board i apologize to BH! Well i was thinking a lot about hosting
plan which will be the best for me right now! I wonder how much does this package cost: QUOTE
Disk Space :4000 MB Ftp Accounts:15 POP3 Email Accounts:4000 Email Lists:13 MySQL Databases:15 Sub
Domains:25 Parked Domains:16 Number of Addon Domain Names:5 Bandwidth:unlimited For the below
options answer is YES: 100% Satisfaction Guarantee 24/7 Email Support Live Chat Support Easy
to use Web site builder Online Control Panel FrontPage Extension Dreamweav....
Qupis : Free Hosting With Php, Mysql, Cpanel. (one Line Text Ad At Bottom)
a member of Xisto (41) Hello Members, We are proud to introduce a new member to Xisto group of sites.
Qupis : Free Web Hosting 150 MB space, 5000 MB Bandwidth, php,
mysql, CPanel (Latest). Emails, FTP, Addon domains, Parked Domains etc.
http://www.Qupis.com
Feel free to add your reviews and comments about it. -Trap17
Management ....
Incorrectly Set Hosting Accounts Have Been Deleted
it is your responsibility that your account is set properly (8) Dear newely hosted members: First of all, welcome to Trap17 Free Web Hosting with No Ads. When you
are approved for hosting by admins you are to proceed to the Process page (also explained in your
confirmation email) and activate your hosting account. It is important that you are to be patient
during the account creation step. Read all direction and caution words! And let the activation
script run the full length. Do not stop, go back or refresh. This will have adverse effect on your
hosting experience. It is also your responsibility to report any unknown errors o....
Watermark Your Image With Simple Php Script
found it on the net (34) This script was found on the net http://tips-scripts.com/?tip=watermark#tip B&T's Tips &
Scripts site. Just in case the site may not show, I will include the code here: List of things
needed: 1. your image in any format 2. watermark image--in gif format with transparent background 3.
script below with name (i.e. watermark.php) CODE <?php // this script creates a watermarked
image from an image file - can be a .jpg .gif or .png file // where watermark.gif is a mostly
transparent gif image with the watermark - goes in the same directory as this script // ....
*** Click Here To Get Your Free Hosting ***
Trap17 Free Web Hosting Request Form - FILL OUT THIS FORM (1) Welcome to Trap17 Free Web Hosting. Before you start, read the Trap17 Readme . NOTE:
Trap17 is not like other forums where you can still survive without reading stickies. If you
don't read the Trap17 sticky you will NOT UNDERSTAND how to get hosting. Please take a few
minutes to do that now. Some more info: A NOTE TO NEW MEMBERS (those who haven't yet
participated in our forums) Before you post an application, You must participate in our forum and
collect "Hosting Credits". You earn "Hosting Credits" when you make a post. You should make good
genui....
**** Read Before You Post! ****
THIS MAY AFFECT YOUR HOSTING CREDITS (47) These rules were re-written by Dooga THESE RULES ARE IMPORTANT! FAILING TO READ THESE NOTES
WILL RESULT IN YOUR HOSTING CREDITS TO BE DEDUCTED! This forum is a forum to post tutorials
that YOU have written. You are NOT allowed to post a tutorial copied from another site,
regardless of any reference you make! (However, you may PARAPHRASE it with correct
referencing). Your tutorial is going to be moderated (that means, anything you post won't be
viewable until a moderator has accepted it). Do not re-post your tutorials if they don't show
up&....
Looking for image, hosting, hurt
|
|
Searching Video's for image, hosting, hurt
|
advertisement
|
|
Jul 26, 2008
