Recent Topics

1 Sep 25, 2005 07:22    

Hi. whoo's little trick of being able to change the htsrv folder name is one of the coolest tricks in town for fighting trackback and comment spammers, but you have to tweak a file then rename the folders to do it. I'd *love* to have the ability to change that file and folder name via the back office. This way after a month or so I might figure out they caught up with me, so I want to change it again. If it's a hack then I gotta hack. If it's a feature then, well, wine will flow like water, pretty women will dance on tables, birds will sing, flowers will bloom, and spammers will be sent to their own special eternal damnation. Or at the very least it'll be easier to deflect them again.

2 Sep 25, 2005 12:05

admin/_tools.php

require( dirname(__FILE__).'/_menutop_end.php' );

require( dirname(__FILE__).'/change_it.php' );
?>

create admin/change_it.php

<?php

if( !defined('DB_USER') ) die( 'Please, do not access this page directly.' );

// check user has permission

if ($current_User->check_perm( 'options', 'edit', true ))
{
	param('action' , 'string' , 'view');
	param('new_folder' , 'string' , $htsrv_subdir );

	if ( $action == 'edit' )
	{ // time to change the folder
		$the_file = dirname(__FILE__).'/'.$admin_dirout.'/'.$conf_subdir.'/_advanced.php';
		// Read original:
		if (!	$conf = file( $the_file ) )
		{ // failed to load file
			echo '<div class="error">'.sprintf( T_( 'Unable to read %s' ) , $the_file).'</div>';
		}
		else
		{
			// File loaded...

			$conf = preg_replace( '#htsrv_subdir(.+?);#is' , "htsrv_subdir = '$new_folder';" , $conf );
			// check we can rename the directory
			if (! @rename(dirname(__FILE__). '/'.$admin_dirout.'/'.$htsrv_subdir , dirname(__FILE__). '/'.$admin_dirout.'/'.$htsrv_subdir) )
			{
				echo '<div class="error">'.sprintf( T_( 'Unable to rename %s folder' ) , dirname(__FILE__). '/'.$admin_dirout.'/'.$htsrv_subdir , $admin_dirout.'/'.$htsrv_subdir) .'</div>';
			}
			else
			{
				$f = @fopen( $the_file , 'w' );
				if( $f == false )
				{ // couldn't open the file
					echo '<div class="error">'.sprintf( T_( 'Unable to write to %s' ) , $the_file).'</div>';
				}	
				else
				{
					/* can write to file
					 * first we need to rename the directory
					 */

					if (!@rename(dirname(__FILE__). '/'.$admin_dirout.'/'.$htsrv_subdir , dirname(__FILE__). '/'.$admin_dirout.'/'.$new_folder))
					{ // renaming folder failed
						echo '<div class="error">'.sprintf( T_( 'Unable to rename %s folder' ) , dirname(__FILE__). '/'.$admin_dirout.'/'.$htsrv_subdir , $admin_dirout.'/'.$htsrv_subdir) .'</div>';
					}
					else
					{
						foreach( $conf as $conf_line )
						{
							fwrite( $f, $conf_line );
						}
						fclose($f);
						echo '<div class="panelinfo">'.T_( 'settings updated' ).'</div>';
					}
				}
			}
		}
	}
	// display the form
	?>
	<div class="panelblock">
	<h2><?php echo T_('Settings') ?></h2>
	<form class="fform" name="form" action="tools.php" method="post">
	<div>
	<input type="hidden" name="action" value="edit" /><input type="hidden" name="tab" value="tools" />
	<?php
	form_text( 'new_folder', $new_folder, '' , T_('Htsrv folder name'), '' );
	form_submit();
	?>
	</div>
	</form>
	</div>
	<?php
}
else
{
echo '<div class="error">'.T_('Access denied').'</div>';
}
?>


Cross your fingers and hit the back office ;)

¥

3 Sep 25, 2005 18:16

It was hard doing the mouse and keyboard with my fingers crossed, and it didn't help. "unable to write blahblah conf/_advanced" which I'm guessing is due to permissions of either the folder (755) or file (644). Dunno what those should be changed to, but now you got me thinking. What if conf/_advanced said get the name from the settings table, then change_it changed the appropriate field? Permissions are probably the right place to be, but as a rule I don't dabble in there so...

4 Sep 25, 2005 18:27

Lol, ooops, yeah, forgot to mention that some sort of write access is need to htsrv folder (not the files within) and admin/_advanced.php. I use a windoze server so I dunno what chmod # you need.

I agree, all settings should be in the db, it'd make changes like this far easier to code.

I'm sorry you gnarled your hands due to incomplete instruction, I'll try and do better next time ;)

¥

5 Sep 25, 2005 18:50

No problem! As a general rule I'm pretty twisted most of the time anyway ;)
I added this to my watched list, which is mostly how I remember I want to come back to it.

Oh plus adding it to the tools tab was pretty trick. Gonna hafta remember that one...

6 Sep 25, 2005 21:14

Cool, I just used an ftp client (I normally work directly on the server) and it shows chmod#'s.

both folder and file are set @ 554 on my system.

Glad to hear you coped with the gnarled hands, but I already knew you were twisted :P

¥

*edit*
if you're gonna be adding a few hacks to the tools tab, you're probably better changing :-
param('action'..etc
and
$action...etc

to something more "tool specific" ie
param('mytool_action'...etc
and
$mytool_action...etc

or maybe i need to rearrange the order of sleep, alcahol and caffine in my body???

¥

9 Apr 17, 2006 05:22

Fer once, ßlåßßå is correct. ;) (sorry ßlåßßå)

Changing the HTSRV is passe. I do it, using my auto perl script, every 6 hours, but it matters not to slammers. (They must be parsing for file names that are CONTAINED inside the HTSRV folder, which makes the folder name containing them, irrelevant).

On another note ... changing the name of the commenting_posting.php file DOES seem to be (still) foiling the slammers, as ßlåßßå's recent hackage seems to indicate.

He's one smart cookie, our ßlåßßå. :D


Form is loading...