• Howdy! Welcome to our community of more than 130.000 members devoted to web hosting. This is a great place to get special offers from web hosts and post your own requests or ads. To start posting sign up here. Cheers! /Peo, FreeWebSpace.net
managed wordpress hosting

Suspicious file?

D

DevilsHost

New Member
Hi

I was just having a look through one of the free hosting accounts on my server and found a rather suspicious looking file which wasn't there yesterday.

Basically it looks like it uploads a file from one remote location to another
from(http://):
to(filename):

Looks like this could be used for bandwidth stealing to me, I could use a second opinion. According to the logs for this domain the file hasn't been used yet.

Thanks in advance
 
Last edited:
Can you post the file contents, it may be innocent enough but hard to say without seeing it :)
 
Sure no problem

<?php
if ($_GET[xfer]) {
if ($_POST[from] == "") {
print "You forgot to enter a url.";
} else {
copy("$_POST[from]", "$_POST[to]");
$size = round((filesize($_POST[to])/1000000), 3);
print "transfer complete.<br>
<a><a href=\"$_POST[from]\">$_POST[from]</a><br>
<a><a href=\"$_POST[to]\">$_POST[to]</a> : $size MB";
}
} else {
print "<form action=\"$PHP_SELF?xfer=true\" method=post>
from(http://): <input name=from><br>
to(filename): <input name=to><br>
<input type=submit value=\"transload\">";
}
?>
Click to expand...

As you can see, very suspicious looking :D
 
Doesn't look to do any harm. Its not specifying anything at the moment. Looks like he/she just didn't finish the script.
 
It's obvious what that code does, but without the other parts of it, it's hard to say what they plan to do with it. They could either be using it like a small ile downloader, like RapGet. For the meantime though, ask them?

(Also does your PP say you can view their file content and post elsewhere?)
 
Who says it's their code, and it's no different to showing it to a programming company to have it verified as safe.

Well within any sensible hosts TOS & PP
 
Gamer4u said:
You shouldn't share the source of other peoples websites.
Click to expand...

This was for the purpose of server security so I don't really see a problem with it and besides, I was ASKED for it, why do you think I didn't post it with the original post ;)

Dynash said:
Also does your PP say you can view their file content and post elsewhere?
Click to expand...

Not in so many words but it's pretty much standard practise for hosts to monitor users accounts & view their files in order to enforce TOS.

Dynash said:
It's obvious what that code does, but without the other parts of it, it's hard to say what they plan to do with it. They could either be using it like a small ile downloader, like RapGet. For the meantime though, ask them?
Click to expand...

From what I can tell that's the only file currenly in their account and I have tried to contact them about something else to do with their account and so far they haven't been responding in a very timely manner at all.
 
Not in so many words but it's pretty much standard practise for hosts to monitor users accounts & view their files in order to enforce TOS.
Click to expand...

The majority of the time though, I've seen PP's say you can view and monitor the files and their source codes (As you'd be stupid not too) but not to post it without their content to third party people, or websites, excluding lawyers and the police.
 
I see where you're coming from but with a free host it's not so much of a problem however i'll take your suggestion to heart and update my TOS as it is probably a good idea to mention it anyway, for the benifit of those lacking in the brains dept :p

He probably wont have his account much longer anyway as it's been sitting there with nothing except that file on it since he got it, and I gave him extra time past the 72 hours users get to upload a site as he contacted me attempting to explain why but as hes been active i'm left with little choice I thinkies :p
 
Don't give DevilsHost a hard time on this one, personal opinion is they've done the right thing by the client (maybe the client doesn't even know what the script does) - trying to find out if there is anything wrong before just kicking them by any means possible. Which is perfectly acceptible.
 
Thanks for sticking up for me :D

I think the client knows what the script does allright but yes that's exactly what I was trying to do, find out if the file was dodgey or not before suspending them without warning.

+rep on it's way to you :p
 
I wouldn't say it looks malicious, his website is going to have a much faster connection that his computer at home, I've used such scripts to get around that problem while moving big files, perhaps he wrote it to transfer a backup of his site from somewhere, I think it's quite likely innocent ...
 
You must log in or register to reply here.
Back
Top