Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Mysterious dbboon folder with proxy.php file on my godaddy account [closed]

Tags:

php

When doing some web maintenance today, I noticed a strange new folder on my GoDaddy hosting account at the root level named "dbboon", with a single file inside, called proxy.php. It's code is listed below, and seems to be some sort of proxy function.

I was kind of troubled because I didn't put it there. I googled all this to learn more, but didn't find anything, except for the proxy file happened to be also stored at pastebin.com: http://pastebin.com/PQsSPbCr

I called GoDaddy and they confirmed that it belonged to them, said it was put there by their advanced hosting group for testing purposes but didn't have any more information. I thought this was all really weird: why would they put something in my folder without giving me a heads-up, and why would they need to do something like this?

anybody know anything about this?

<?php

$version = '1.2';

if(isset($_GET['dbboon_version'])) {
echo '{"version":"' . $version . '"}';
exit;
}

function dbboon_parseHeaders($subject) {

global $version;

$subject = trim($subject);
$parsed = Array();
$len = strlen($subject);
$position = $field = 0;
$position = strpos($subject, "\r\n") + 2;

while(isset($subject[$position])) {

$nextC = strpos($subject, ':', $position);
$fieldName = substr($subject, $position, ($nextC-$position));
$position += strlen($fieldName) + 1;
$fieldValue = NULL;

while(1) {
  $nextCrlf = strpos($subject, "\r\n", $position - 1);
  if(FALSE === $nextCrlf) {
    $t = substr($subject, $position);
    $position = $len;
  } else {
    $t = substr($subject, $position, $nextCrlf-$position);
    $position += strlen($t) + 2;
  }

  $fieldValue .= $t;
  if(!isset($subject[$position]) || (' ' != $subject[$position] && "\t" !=    $subject[$position])) {
    break;
  }
}

$parsed[strtolower($fieldName)] = trim($fieldValue);
if($position > $len) {
  echo '{"result":false,"error":{"code":4,"message":"Communication error, unable to contact proxy service.","version":"' . $version . '"}}';
  exit;
}
}
return $parsed;
}

if(!function_exists('http_build_query')) {
function http_build_query($data, $prefix = '', $sep = '', $key = '') {
$ret = Array();
foreach((array) $data as $k => $v) {
  if(is_int($k) && NULL != $prefix) {
    $k = urlencode($prefix . $k);
  }
  if(!empty($key) || $key === 0) {
    $k = $key . '[' . urlencode($k) . ']';
  }
  if(is_array($v) || is_object($v)) {
    array_push($ret, http_build_query($v, '', $sep, $k));
  } else {
    array_push($ret, $k . '=' . urlencode($v));
  }
}
if(empty($sep)) {
  $sep = '&';
}
return implode($sep, $ret);
}
}

$host = 'dbexternalsubscriber.secureserver.net';
$get  = http_build_query($_GET);
$post = http_build_query($_POST);
$url = $get ? "?$get" : '';
$fp = fsockopen($host, 80, $errno, $errstr);

if($fp) {

$payload  = "POST /embed/$url HTTP/1.1\r\n";
$payload .= "Host: $host\r\n";
$payload .= "Content-Length: " . strlen($post) . "\r\n";
$payload .= "Content-Type: application/x-www-form-urlencoded\r\n";
$payload .= "Connection: Close\r\n\r\n";
$payload .= $post;

fwrite($fp, $payload);

$httpCode = NULL;
$response = NULL;
$timeout = time() + 15;

do {
while($line = fgets($fp)) {
  $response .= $line;
  if(!trim($line)) {
    break;
  }
}
} while($timeout > time() && NULL === $response);

$headers = dbboon_parseHeaders($response);
if(isset($headers['transfer-encoding']) && 'chunked' === $headers['transfer-encoding']) {
do {
  $cSize = $read = hexdec(trim(fgets($fp)));
  while($read > 0) {
    $buff = fread($fp, $read);
    $read -= strlen($buff);
    $response .= $buff;
  }
  $response .= fgets($fp);
} while($cSize > 0);
} else {
preg_match('/Content-Length:\s([0-9]+)\r\n/msi', $response, $match);
if(!isset($match[1])) {
  echo '{"result":false,"error":{"code":3,"message":"Communication error, unable to  contact proxy service.","version":"' . $version . '"}}';
  exit;
} else {
  while($match[1] > 0) {
    $buff = fread($fp, $match[1]);
    $match[1] -= strlen($buff);
    $response .= $buff;
  }
}
}

fclose($fp);

if(!$pos = strpos($response, "\r\n\r\n")) {
echo '{"result":false,"error":{"code":2,"message":"Communication error, unable to contact proxy service.","version":"' . $version . '"}}';
exit;
}

echo substr($response, $pos + 4);

} else {
echo '{"result":false,"error":{"code":1,"message":"Communication error, unable to  contact proxy service.","version":"' . $version . '"}}';
exit;
}
like image 340
Annatar Avatar asked Apr 20 '10 23:04

Annatar


1 Answers

It looks like the code tests a connection to dbexternalsubscriber.secureserver.net and returns the result in some sort of JSON output. It could be used as some type of connection tester. I've heard less than stellar things about GoDaddy hosting, but reputation aside I would delete it, if you can. Also, check your .htaccess file for any changes that might reflect this code.

like image 177
ashurexm Avatar answered Nov 08 '22 20:11

ashurexm