aplicação web – Como editar um launch script após ec2 criada no lightsail?

Obrigado por contribuir com o Stack Overflow em Português!

  • Certifique-se de responder à pergunta. Entre em detalhes sobre a sua solução e compartilhe o que você descobriu.

Mas evite

  • Pedir esclarecimentos ou detalhes sobre outras respostas.
  • Fazer afirmações baseadas apenas na sua opinião; aponte referências ou experiências anteriores.

Para aprender mais, veja nossas dicas sobre como escrever boas respostas.

apache – How to trace script injection/infection in php app

This is about a PHP7.4 based shopping platform (opencart (v3.0)).

For testing purposes I had a dummy set up at site.com/xyz. The admin page of that was site.com/xyz/admin. The login and pw for the admin page was also admin. I know, but the purpose of the dummy was just to check if a certain extensions and other things worked. And the dummy gets uninstalled/reinstalled the whole time. This live test environment is completely sandboxed in a vm/container.

Now I noticed a bunch of strange scripts got injected in to the site. Whenever I opened it up and checked the sources in the browser in developer mode, there were a number (3-4) of different adware scripts. I didn’t have time to check each of them individually because I needed to reinstall a fresh copy quickly.

But obviously it is a very vulnerable setup and will hopefully get infected again soon so I can replicate the scenario. I want to understand how to track/trace the infection.

I will be checking specific opencart files/logs (and if needed I will ask about it in the relevant forum).

On security.se, I want to ask which specific server logs should I check to track how this happened. Within the live test vm/container, the opencart app is accessed via Apache24. On the main host, nginx handles connections. The only vector, AFAIK, is the admin login page. So this is probably just automated scripts doing their magic?

Start an HYIP Program with the help of Best HYIP Script – HYIPs

Start an HYIP Program with the help of Best HYIP Script. ECHYIP allows customization according to you in their script. Their script has many features like bug-free, automated payment system, powerfully advanced security system, UMS, user-friendly interface, etc. Get a special offer on a complete package for the details visit the ECHYIP website.
 

script – ScriptSig – what am I signing exactly?

You are signing a specially modified version of the transaction itself. The modified transaction involves replacing the scriptSig field temporarily with the scriptPubKey from the transaction output being spent, and leaving all other inputs’ scriptSigs empty, and then appending a 4 byte signature type code. The transaction is then hashed twice with SHA256 and the final hash is signed.

See this question for more info: How to redeem a basic Tx?

script – How to create a p2sh transaction with a scriptsig of OP_true?

Here you have an example of a transaction spending from a P2PKH output and creating a P2SH output with an OP_1.

And here you have the counterpart, a transaction spending from the first one (with an input script ‘0151’) and generating a P2PKH output.

I’ve created both using a Python library i’m coauthor of. You can check it out here.

taproot – What are Merklized Alternative Script Trees?

The idea of Merklized Alternative Script Trees (or previously Merklized Abstract Syntax Trees) dates back to an idea Russell O’Connor had in 2012. The original idea was that you could have alternative scripts or script fragments stored as leaves in a Merkle tree and then the leaves of the tree that weren’t used could be pruned away and not take up valuable space on the blockchain. Compare this to P2SH (Pay to Script Hash) where the entire script is hashed and then revealed on the blockchain at spend time. This brings block space efficiencies (and hence lower fees) as well as privacy benefits.

The earlier formalized proposals for MAST were BIP 114 and BIP 116 and the most recent proposal is of course Taproot (BIP 341). The reason why we moved away from using Merklized Abstract Syntax Tree terminology is that with Taproot (and BIP 114) only one single leaf of the Merkle tree can be executed. You cannot split one particularly long script path into multiple script fragments stored on different leaves of the tree and then satisfy a combination of these leaves. It is effectively a tree of ORs (no ANDs of different leaves and no IF, ELSEs that lead to satisfying different leaves on the tree). You can have ANDs and IF ELSEs but they are contained within leaves not between leaves. Satisfying a single leaf is sufficient to spend the UTXO. As Johnson Lau says in BIP 114:

Only one branch is allowed for execution, and users are required to transform a complicated condition into several mutually exclusive branches.

Pieter Wuille and Russell O’Connor discussed why this design decision was made for Taproot at London BitDevs in July 2020. One of the reasons was that you only need a logarithmic number of Merkle branch nodes to get to any given leaf. There is a combinatorial explosion if there is the potential to have different combinations of all the leaves. Another reason is that the design space had to be limited at some stage to give the proposal the best chance of obtaining community consensus and ultimately be activated.

php – Is it possible to load recaptcha script only in url with fragment identifier (#)?

I have tried various snippets, like this:

<?php   
add_action( 'wp_print_scripts', 'load_captcha_script', 100 );
   function load_captcha_script() {
    if ( !is_page( '#register' ) ) {
        wp_deregister_script('google-recaptcha');
    }
   }

but it doesn’t work in #register section with hash, I also tried with if (window.location.hash == "#register")

But nothing, recaptcha doesn’t load when floating form appears, Is there a snippet that only loads the script when the section appears?

google sheets – How do I write a script that exits a cell that is being edited

If I enter a value in cell A1 without exiting the cell 1. Before I exit editing A1 I run a script that at some point selects another cell B1 2, while A1 is still being edited. When I then click C1, the value moves along to the cell B1 before C1 is selected 3. That is what I want to prevent. The value should remain in A1 when the script selects B1 and I select C1.

How do I call for the initial state of cell A1 being edited to stop before I select another cell.

linux – OpenVpn Install Script Safety

I’ve installed openvpn a fews times before on ubuntu servers and its not my favorite thing in the world to setup. I have to set it up now on a couple boxes and came across this self installing script to make the process a little more manageable. The script can be found here: https://github.com/Nyr/openvpn-install

I went through the script and it seems safe to me. Has anyone else used this script to install openvpn? Is it safe? Any recommendations for installation instructions or comparable scripts?