AW: AW: ANN: GLX2 3.05

J. Landman Gay jacque at
Fri Jun 15 00:05:32 EDT 2012

Thanks Andre, that helps. I think I'm safe.

I'll keep the filetype function around for the future though. That's a 
nice thing to know about.

On 6/14/12 10:46 PM, Andre Garzia wrote:
> Jacque,
> This usually happens once one of two things happens:
> 1 - you have a compromissed FTP account. Maybe one collaborator lost your
> FTP account or an infected machine is harvesting them from your HD (more
> common on windows). Something caused the FTP account to be compromissed,
> after that the hacker uploads a single PHP script and calls this script
> with CURL or something similar, this causes the script to execute on the
> server. This script is usually a bootstrap script that will download more
> nastiness and infect other files.
> 2 - an exploit on some software you're using on the server side. This
> mostly happens when using stuff you didn't built such as Wordpress or
> others popular CMS. Wordpress is a big target for hackers because it is the
> most popular CMS out there.
> Be aware that if you're LiveCodeServer application has an upload feature
> such as "upload your photo" form that works by saving the uploaded file
> somewhere and then sending it to the browser when needed, for example by
> using something similar to:
> <img src="photos/<?rev put photoFilePath ?>" />
> Where you simply send an image with its source pointing to the uploaded
> file. This is a major risk because if the hacker uploads a PHP file instead
> of a nice mug shot. The PHP file will be executed when the browser request
> that image.
> If you're accepting files on forms, always check the file with a command
> like:
> function filetype pFile
>    return shell("file --mime"&&  pFile)
> end filetype
> This function will return the MIME type for a given file on Mac OS X or
> Linux (any Unix I think...).
> On Fri, Jun 15, 2012 at 12:29 AM, J. Landman Gay
> <jacque at>wrote:
>> On 6/14/12 8:58 PM, stephen barncard wrote:
>>> these guys would pack a string of URLEncoded PHP code with no white space
>>> into a global, then decode and call it. It was usually placed at the
>>> bottom
>>> of one's document.
>> It's still not clear to me how they did this.
>> The security snafu was a year ago and the hacker didn't get any passwords,
>> only a few user names. Unless anyone's password is "12345" I kind of doubt
>> this recent incident is related, and it was a long time ago anyway.
>> Is there a likely explanation how they got in this time? Something we
>> should watch out for?
>> --
>> Jacqueline Landman Gay         |     jacque at
>> HyperActive Software           |
>> ______________________________**_________________
>> use-livecode mailing list
>> use-livecode at
>> Please visit this url to subscribe, unsubscribe and manage your
>> subscription preferences:

Jacqueline Landman Gay         |     jacque at
HyperActive Software           |

More information about the Use-livecode mailing list