Issue with Experience247 V4.1 - calling cpanel login

Issue with Experience247 V4.1 - calling cpanel login

by Julian Whitehead -
Number of replies: 11

Okay before I offend anyone - I love the look of this theme, I like the way it makes it look not like moodle, but still like moodle.

I installed it at the weekend - no problems...

Last night I got around to changing the banner image, adding the W3C validation buttons and changing the favicon.

All was working fine. I then logged into another machine, and to my surprise when I went to my site every time it asked me to login or generate a new page - up popped the dialogue box asking me to login to my cpanel.

This appears to be machine and browser independent.

I fixed it by going back to an old theme. I have spoken to my webhost. They have not been doing anything strange. I have had a look at the heading.html and can see some code that I can't see in any other heading.

<?php include("$CFG->javascript"); ?>
 <script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
 </script>
 <script type="text/javascript">
 _uacct = "UA-563843-7";
 urchinTracker();
 </script>

Which I have commented out.

There is also this on line 80...

<?php
    function selfURL() { $s = empty($_SERVER["HTTPS"]) ? '' : ($_SERVER["HTTPS"] == "on") ? "s" : ""; $protocol = strleft(strtolower($_SERVER["SERVER_PROTOCOL"]), "/").$s; $port = ($_SERVER["SERVER_PORT"] == "80") ? "" : (":".$_SERVER["SERVER_PORT"]); return $protocol."://".$_SERVER['SERVER_NAME'].$port.$_SERVER['REQUEST_URI']; } 
    function strleft($s1, $s2) { return substr($s1, 0, strpos($s1, $s2)); }

I have no idea what this does at all, but it looks like it makes a call to https...

I have attached the header.html file.

There is also some other official looking code later on that I think I have seen before on line 116..

$_SERVER['REQUEST_URI'] = (isset($_SERVER['REQUEST_URI']) ?
    $_SERVER['REQUEST_URI'] : $_SERVER['SCRIPT_NAME']);
    // Append the query string if it exists and isn't null
    if (isset($_SERVER['QUERY_STRING']) && !empty($_SERVER['QUERY_STRING'])) {
      $_SERVER['REQUEST_URI'] .= '?' . $_SERVER['QUERY_STRING'];

Any ideas anyone. Is this theme doing something it shouldn't?

I will take a look at the footer later...

Average of ratings: -
In reply to Julian Whitehead

Re: Issue with Experience247 V4.1 - calling cpanel login

by Mauno Korpelainen -

Don't use it - untill somebody finds out what all those php tags and javascripts really do. Several rows of totally unnecessary and probably unsecure code...the urchin code itself is very often seen (google ads for example) but your theme has some really odd lines.

Edit: Maybe Dimitri Roman from
http://www.experience247.com

could explain the code...i guess it's needed for these links attached. Theme itself does look great. I just sent email to Dimitri.

Attachment Image2.gif
Average of ratings: -
In reply to Mauno Korpelainen

Re: Issue with Experience247 V4.1 - calling cpanel login

by Julian Whitehead -

I have found the error - slightly embarrassed...

I had copied an absolute path from the server for an image in the footer - as a result everytime the footer was called - there was a bit of an issue, I changed this to a URL and lo and behold it all worked!

Hurray!

The strange code is to add to various social networking sites (I am trying to encourage Web 2.0 use)...

blush

Average of ratings: -
In reply to Julian Whitehead

Re: Issue with Experience247 V4.1 - calling cpanel login

by Patrick Malley -
I looked into this theme's header.html and found similar PHP that I think the developer of this theme should explain.

The majority of the PHP added appears to produce the social bookmarking links in the theme, but some of this is rather curious.

Perhaps someone with a little more PHP knowledge could look into this and let us know if we should be concerned.

I have attached Experience247's header.html file.
Average of ratings: -
In reply to Patrick Malley

Re: Issue with Experience247 V4.1 - calling cpanel login

by Mauno Korpelainen -
http://www.xssnews.com/2007/06/07/xss-in-wordpress-themes/
Average of ratings: -
In reply to Mauno Korpelainen

Re: Issue with Experience247 V4.1 - calling cpanel login

by Mauno Korpelainen -
Still you may use social bookmarking at your own risk - or clean the code from header.html wink
Average of ratings: -
In reply to Mauno Korpelainen

Re: Issue with Experience247 V4.1 - calling cpanel login

by Mauno Korpelainen -

I am not yet 100% sure how vulnerable the social bookmarking code in Dimitri's theme really is but I would not advice anybody to use it. One warning example about possible risks of using unknown themes:

People often try to find sites that have lots of different looking themes to be used as a new moodle theme. Visit first

http://www.templatesbrowser.com/wordpress-themes/ and then

http://www.aboutus.org/TemplatesBrowser.com

It contains text

Templatesbrowser.com publishes Wordpress templates and Joomla versions that contain phishing code and link spam. Don't use their products if you care about privacy and if you don't want to risk being kicked out of Google because you site contains link spam.

Or

http://www.freewordpressthemes.com/blog/security/beware-of-vulnerabilities-in-your-wordpress-theme/

explains why it is good for all of us to try to check the code we have in custom themes and custom activities (like advertising blocks). 

Average of ratings: -
In reply to Julian Whitehead

Re: Issue with Experience247 V4.1 - calling cpanel login

by Dimitri Roman -
Hi guys and girls,

First of all this template is only 10% of my doing thanks goes out to:
Patrick Malley - http://newschoollearning.com - Liip theme
David Vignoni - http://www.icon-king.com - NUVOLA ICON THEME
Rokey - http://www.eicostudio.com - POPO 2004 new emotions
Canver Software - http://sourceforge.net/projects/canver/ - simple social bookmarks

If you have any questions the best way is to use email/the moodle IM system. Be warned I only check mail/im once every week/2 weeks as my website thus template is more off a fling.

A bit of info on the suspicious code:

Part1: This block is as it states google analytics this gives me a bit of an idea how many people are using the template, you can remove this code without any problem

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
<script type="text/javascript">
_uacct = "UA-563843-7";
urchinTracker();
</script>


Part2: Is as stated: social bookmarking icons you see in the top, I used the same code in my previous template, you can remove this code without any problem

<div class="description small">

<?php
function selfURL() { $s = empty($_SERVER["HTTPS"]) ? '' : ($_SERVER["HTTPS"] == "on") ? "s" : ""; $protocol = strleft(strtolower($_SERVER["SERVER_PROTOCOL"]), "/").$s; $port = ($_SERVER["SERVER_PORT"] == "80") ? "" : (":".$_SERVER["SERVER_PORT"]); return $protocol."://".$_SERVER['SERVER_NAME'].$port.$_SERVER['REQUEST_URI']; }
function strleft($s1, $s2) { return substr($s1, 0, strpos($s1, $s2)); }

function soc_bookmark($link, $title, $icon = 'Y') {
$icon_folder = $CFG->wwwroot.'/theme/'.current_theme().'/icons/';
$feed = 'feed';
$link = rawurlencode($link);
$title = rawurlencode($title);
$bookmark = array(
'digg'=>
'http://digg.com/submit?phase=2&amp;url='.$link,
'BlinkBits'=>
'http://www.blinkbits.com/bookmarklets/save.php?v=1&amp;source_url='.$link.'&amp;title='.$title,
'Del.icio.us'=>
'http://del.icio.us/post?v=2&amp;url='.$link.'&amp;title='.$title,
'Furl'=>
'http://www.furl.net/storeIt.jsp?t='.$title.'&amp;u='.$link,
'Ma.gnolia'=>
'http://ma.gnolia.com/bookmarklet/add?url='.$link.'&amp;title='.$title,
'Newsvine'=>
'http://www.newsvine.com/_tools/seed&amp;save?u='.$link.'&amp;h='.$title,
'Reddit'=>
'http://reddit.com/submit?url='.$link.'&amp;title='.$title,
'Technorati'=>
'http://technorati.com/faves?add='.$link.'&amp;title='.$title,
);
foreach($bookmark as $key=>$value) {
$link_text = $icon == 'Y' ? '
<img src="'.$icon_folder.str_replace(".", '', strtolower($key)).'.png"
alt="Post to '.$key.'" />' : $key;
echo '<a href="'.$value.'"
title="Post to '.$key.'" >'.$link_text.'</a> ';
}
}


$_SERVER['REQUEST_URI'] = (isset($_SERVER['REQUEST_URI']) ?
$_SERVER['REQUEST_URI'] : $_SERVER['SCRIPT_NAME']);

// Append the query string if it exists and isn't null
if (isset($_SERVER['QUERY_STRING']) && !empty($_SERVER['QUERY_STRING'])) {
$_SERVER['REQUEST_URI'] .= '?' . $_SERVER['QUERY_STRING'];
}

soc_bookmark(selfURL(), $definePageTitle);

?>
</div>
Average of ratings: -
In reply to Dimitri Roman

Re: Issue with Experience247 V4.1 - calling cpanel login

by Mauno Korpelainen -

Well I was worried because themes are used on every page of moodle and wondered if somebody were smart enough to find some page (non-standard block for example) where function selfUrl could be used for some other purpose than social bookmarking (mainly because of the example of http://www.xssnews.com/2007/06/07/xss-in-wordpress-themes/ ).

Just yesterday two "researchers" tried to find something from my test server - first one from Tailors Hall Hotel, Edinburg (not staff I guess) tried to find/use one joomla 1.5beta vulnerability and a couple of hours later one "IT professional" from Düsseldorf checked if I have any security holes in phpMyAdmin and at the same time checked possible acp vulnerabilities and tested if I use phpkit (I don't - thank you for the tips found from error log and testing - if you read this, Christoph. I have upgraded both my server and programs regularly, sorry! wink).

The email I tried to send you a couple of days ago came back (hotmail address found from your site - maybe the mail box was full) so I was a little more suspicious about the code. Anyway - your themes look splended, Dimitri.smile

All the best!

Average of ratings: -
In reply to Mauno Korpelainen

Re: Issue with Experience247 V4.1 - calling cpanel login

by Dimitri Roman -
Must take a look at that e-mail address because I don't have a hotmail email address the hotmail adress I have is for msn. And you are not the first to tell me this. BTW where did you find that hotmail adrress?
Average of ratings: -