Webdev: December 2005 Archives

phpCOIN is the software used by BryteNet hosting to manage orders, invoicing and the helpdesk. Tuesday a vulnerability has been discovered allowing atackers to execute remote code on the server.

When a fix was published I immediately installed it on the server, but the site had already been hacked. To make matters worse, the fix files contained errors, which made that phpCOIN did not produce any output. My server error log showed me where the errrors were, and by adding some parentesis I could fix my site. The official fix files are now three days old, and still contain these errors. There are more and more people running into this problem asking for wroking, so I uploaded my fixed files for download. Note that the original fix file contains more files, so you need to install those files first and then overwrite the three files with errors with my copies.

[Update 2005/12/19]: The official fix files have been updated, so my files are no longer necessary.

It looks like Yahoo! is testing their mobile search bot, resulting in some page requests with a very weird agent string:

Nokia6682/2.0 (3.01.1) SymbianOS/8.0 Series60/2.6 Profile/MIDP-2.0 configuration/CLDC-1.1 UP.Link/6.3.0.0.0 (compatible; Windowns CE; Blazer/4.0; PalmSource; MOT-V300; SEC-SGHE315; YahooSeeker/MA-R2D2;mobile-search-customer-care AT yahoo-inc DOT com)

Now that is a very interesting device! Yahoo! has been able to combine some of the most popular mobile phones into a single device and run several operating systems on it simultaniously!