[Mokka]

For the last 24 hours... on two differing computers and on my phone... when I log onto TiBB... it try's, and sometimes succeeds, to download a file called

csync.php

onto my device. I am not opening it to find out what it is ... i just keep deleting... but why is this happening and could we please make it stop??

[Natalie.]

I've had this too

[Mokka]

well i assumed I wasn't the only one.. just wanted to bring it to the attention of James tbh

[Mokka]

also... it downloads three times... not just once

[reece(:]

Adblock her?

[Suze]

I just had this also, and just closed it. Didn't realise it was TIBBs though as I have a few windows open.

[GiRTh]

Quote:

The server you're visiting is poorly configured. As a result, instead of executing the PHP, the server sent it to your browser. Browsers don't execute PHP so you're safe.

If you care about the site you were visiting, the nice thing to do would be to contact support and refer it to this post. It is likely a major security vulnerability for the site.

http://stackoverflow.com/questions/3...at-is-it-doing

[Josy]

I'll mention this to James.

But that specific script doesn't seem to be unsafe in fact it may be a script that stores data so possibly something to do with one of the ads servers.

[arista]

Quote:

Originally Posted by Josy

I'll mention this to James.

But that specific script doesn't seem to be unsafe in fact it may be a script that stores data so possibly something to do with one of the ads servers.

So Far, Josy


Its to do with ad servers on tibb
by the way

[Maru]

Quote:

Originally Posted by Josy

I'll mention this to James.

But that specific script doesn't seem to be unsafe in fact it may be a script that stores data so possibly something to do with one of the ads servers.

Quote:

Originally Posted by arista

So Far, Josy

Its to do with ad servers on tibb
by the way

Josy is right, PHP files on their own cannot harm your machine. PHP is a general purpose language generally used with webservers. *.php files on their own are not binary (i.e. machine code) and cannot be executed on their own. They are just plaintext files that can be read as-is in a text editor. You can see this by opening the file in Notepad.

For .php files to be "executable" for the user, the user needs to have a server like Apache to be installed and running with a PHP preprocessor configured in order to "execute" the plain text aka output the code into HTML (a webpage). The code has to first be moved into the homepage's folder and then the browser pointed to that file through localhost. In other words, it's not straightforward. Even still, the code will probably error out because it's probably meant to be an "include" file and will only work as designed when served to the user with the other PHP files/libraries running on the server.

The user is never supposed to see PHP code on their end and all this is supposed to work invisibly. For it to be available to the user is actually damaging to their end because it could give hackers clues to other vulnerabilities in the code and give them a way in.

I know all this because I write PHP and do web-development for a living.

Likely, their server is misconfigured somehow (probably a missing handler) and will just mean a bad day for them. Could then be javascript they are using is somehow serving the file to the user as a download instead of being processed by the server as PHP code to the preprocessor. It's 100% harmless to you and at most, humorous to other developers.

[Ninastar]

its my dick pics

soz, should have warned you

[James]

Quote:

Originally Posted by Mokka

For the last 24 hours... on two differing computers and on my phone... when I log onto TiBB... it try's, and sometimes succeeds, to download a file called

csync.php

onto my device. I am not opening it to find out what it is ... i just keep deleting... but why is this happening and could we please make it stop??

Is it still happening? It's likely one of the advert servers is causing it, yes.

[Mokka]

It stopped now James... I believe...at least I haven't noticed it since yesterday

[Firewire]

James spying on us?

[Maru]

That's not good if somebody's PHP code is being exposed

Google has a bunch of results in the past 24 hours regarding ad server so looks like somebody made a boo boo

[Ammi]

..it's doing it again for me now so still happening../trying to download...

[arista]

Quote:

Originally Posted by Ammi

..it's doing it again for me now so still happening../trying to download...

Shut Down


Restart



Dont let the Feckers In

[Jordan.]

I keep getting it everytime I open a thread. It's already auto downloaded once.

[Ammi]

Quote:

Originally Posted by Jordan.

I keep getting it everytime I open a thread. It's already auto downloaded once.

..I just checked my download history..it's downloaded it around 30 times....

[Vanessa]

Quote:

Originally Posted by Ammi

..I just checked my download history..it's downloaded it around 30 times....

Same.

[Jordan.]

The one I'm getting is csmnx.php

[Ellen]

Same, happening to me

[kirklancaster]

Quote:

Originally Posted by Jordan.

The one I'm getting is csmnx.php

THANK YOU - It has happened to me 4 times this morning and I could not find anything about csmnx.php anywhere on Google.

I am no techno so I've been worried to hell.

[arista]

Quote:

Originally Posted by kirklancaster

THANK YOU - It has happened to me 4 times this morning and I could not find anything about csmnx.php anywhere on Google.

I am no techno so I've been worried to hell.

Next Time
Kirk
Make a thread.


I do with "fecking" in the Title

[Mokka]

Quote:

Originally Posted by arista

Next Time
Kirk
Make a thread.


I do with "fecking" in the Title

Followed by ... Hulk SMASH!!!