Advertisement:

Author Topic: Strange characters when trying to include a file.  (Read 1045 times)

Offline Klajdi

  • Semi-Newbie
  • *
  • Posts: 30
Strange characters when trying to include a file.
« on: August 06, 2017, 11:51:51 AM »
Hello,
I am having this weird text: https://i.imgur.com/dc0HgZr.png whenever I include a file at the top of index.php file.
I am using this to include
Code: [Select]
include_once($_SERVER['DOCUMENT_ROOT'] . "/dir/ddos.php");
The script/code is: https://pastebin.com/4Y6M0Yfp

Accessing the script directly works fine, including it on other projects (outside smf) works also fine.


I have been trying to figure out the issue for the last couple of hours and I'm left clueless. Id really appreciate some help.

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 68,361
    • Arantor on GitHub
Re: Strange characters when trying to include a file.
« Reply #1 on: August 06, 2017, 02:08:28 PM »
By putting it inside index.php, you interfere with certain operations in SMF, namely the avatar loader - and that's the result of an avatar trying to be loaded and mangled through that script.

What, exactly, are you trying to achieve? DDOS protection? Are you legitimately having issues with bots hitting your site that quickly?
To assume is to hope that those who came before had the presence of mind and capacity to implement the dreams of those who would come after.

You either die a hero or live long enough to see yourself become the villain. It seems you have chosen which, and now I must do the same.

Offline Klajdi

  • Semi-Newbie
  • *
  • Posts: 30
Re: Strange characters when trying to include a file.
« Reply #2 on: August 06, 2017, 02:16:39 PM »
By putting it inside index.php, you interfere with certain operations in SMF, namely the avatar loader - and that's the result of an avatar trying to be loaded and mangled through that script.

What, exactly, are you trying to achieve? DDOS protection? Are you legitimately having issues with bots hitting your site that quickly?

In general, trying to run a script before anything loads.
In particular, trying to block flooders. Im getting like 100 requests per minute from same ip.

Either way, im more concerned about the general function/purpose.

Online vbgamer45

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 19,491
    • smfhacks on Facebook
    • VBGAMER45 on GitHub
    • @createaforum on Twitter
    • SMF For Free
Re: Strange characters when trying to include a file.
« Reply #3 on: August 06, 2017, 02:49:33 PM »
I would try blocking at the server level with a firewall or .htaccess that way it doesn't hit your php code at all.
Community Suite for SMF - Take your forum to the next level built for SMF, Gallery,Store,Classifieds,Downloads,more!

SMFHacks.com -  Paid Modifications for SMF

Mods:
EzPortal - Portal System for SMF
SMF Gallery Pro
SMF Store SMF Classifieds Ad Seller Pro

Offline Klajdi

  • Semi-Newbie
  • *
  • Posts: 30
Re: Strange characters when trying to include a file.
« Reply #4 on: August 06, 2017, 05:08:58 PM »
I would try blocking at the server level with a firewall or .htaccess that way it doesn't hit your php code at all.
Well, not really, the way im trying it wont reach php code as it will be blocked by htaccess. But either way, im more interested on how I can include it.

Offline Klajdi

  • Semi-Newbie
  • *
  • Posts: 30
Re: Strange characters when trying to include a file.
« Reply #5 on: August 07, 2017, 07:52:00 AM »
By putting it inside index.php, you interfere with certain operations in SMF, namely the avatar loader - and that's the result of an avatar trying to be loaded and mangled through that script.

What, exactly, are you trying to achieve? DDOS protection? Are you legitimately having issues with bots hitting your site that quickly?
http://i.imgur.com/uSQd48r.png
Thats 648 requests from same ip, in the course of 2 minutes, keep in mind that the attack was going for around 30 minutes.
And this would have been a very efficient use of that script, thats 0.03 seconds between requests, which would have denied the ip in the first 30-40 requests.

Ofc this is not always easy as most of the time the attacks are decentralized, meaning I get that much (and more) from 10+ IPs,

Offline dougiefresh

  • SMF Hero
  • ******
  • Posts: 2,504
    • XPtsp.com Community
Re: Strange characters when trying to include a file.
« Reply #6 on: August 07, 2017, 10:08:50 AM »
Try this mod: Forum Hard Hit Preventer and let me know if it works for you.
NOTICE:  My website is back up!

My Free Simple Machines mods on XPtsp.com, Simple Machines Customization Site, and at GitHub!
Problem uninstalling mods?  Try Arantor's Sortable Packages (and Installed Time) mod!  It's super helpful!

Offline bestnow

  • Semi-Newbie
  • *
  • Posts: 23
Re: Strange characters when trying to include a file.
« Reply #7 on: August 07, 2017, 10:19:10 AM »
Try this mod: Forum Hard Hit Preventer and let me know if it works for you.

that mod will automatically place a ban in the .htaccess file.


He wrote:

I would try blocking at the server level with a firewall or .htaccess that way it doesn't hit your php code at all.
Well, not really, the way im trying it wont reach php code as it will be blocked by htaccess. But either way, im more interested on how I can include it.


Offline Klajdi

  • Semi-Newbie
  • *
  • Posts: 30
Re: Strange characters when trying to include a file.
« Reply #8 on: August 07, 2017, 10:50:24 AM »
Well, as i said it would be better for me to know how to include a file before anything loads.

As for your mod, i havent checked the code, but i am supposing it needs smf to be loaded first.
But still, I was thinking to use cloudflare api to add the ips.

As i said my main priority now i loading scripts before anything else, but i might try your mod.

Offline Klajdi

  • Semi-Newbie
  • *
  • Posts: 30
Re: Strange characters when trying to include a file.
« Reply #9 on: August 07, 2017, 04:48:18 PM »
Apparently the issue doesn't occur if I include the file after ob_start(),
So far so good, but I have another question, is it certain that it wont mess anything else up?
Considering that session hasn't started yet, i'm going to remove the last line in the script (echo 'xxxxxx';).
So, will it cause anything else to break (sth i cant see)?