tags:

views:

2999

answers:

20

When doing some web maintenance today, I noticed a strange new folder on my GoDaddy hosting account at the root level named "dbboon", with a single file inside, called proxy.php. It's code is listed below, and seems to be some sort of proxy function.

I was kind of troubled because I didn't put it there. I googled all this to learn more, but didn't find anything, except for the proxy file happened to be also stored at pastebin.com: http://pastebin.com/PQsSPbCr

I called GoDaddy and they confirmed that it belonged to them, said it was put there by their advanced hosting group for testing purposes but didn't have any more information. I thought this was all really weird: why would they put something in my folder without giving me a heads-up, and why would they need to do something like this?

anybody know anything about this?

<?php

$version = '1.2';

if(isset($_GET['dbboon_version'])) {
echo '{"version":"' . $version . '"}';
exit;
}

function dbboon_parseHeaders($subject) {

global $version;

$subject = trim($subject);
$parsed = Array();
$len = strlen($subject);
$position = $field = 0;
$position = strpos($subject, "\r\n") + 2;

while(isset($subject[$position])) {

$nextC = strpos($subject, ':', $position);
$fieldName = substr($subject, $position, ($nextC-$position));
$position += strlen($fieldName) + 1;
$fieldValue = NULL;

while(1) {
  $nextCrlf = strpos($subject, "\r\n", $position - 1);
  if(FALSE === $nextCrlf) {
    $t = substr($subject, $position);
    $position = $len;
  } else {
    $t = substr($subject, $position, $nextCrlf-$position);
    $position += strlen($t) + 2;
  }

  $fieldValue .= $t;
  if(!isset($subject[$position]) || (' ' != $subject[$position] && "\t" !=    $subject[$position])) {
    break;
  }
}

$parsed[strtolower($fieldName)] = trim($fieldValue);
if($position > $len) {
  echo '{"result":false,"error":{"code":4,"message":"Communication error, unable to contact proxy service.","version":"' . $version . '"}}';
  exit;
}
}
return $parsed;
}

if(!function_exists('http_build_query')) {
function http_build_query($data, $prefix = '', $sep = '', $key = '') {
$ret = Array();
foreach((array) $data as $k => $v) {
  if(is_int($k) && NULL != $prefix) {
    $k = urlencode($prefix . $k);
  }
  if(!empty($key) || $key === 0) {
    $k = $key . '[' . urlencode($k) . ']';
  }
  if(is_array($v) || is_object($v)) {
    array_push($ret, http_build_query($v, '', $sep, $k));
  } else {
    array_push($ret, $k . '=' . urlencode($v));
  }
}
if(empty($sep)) {
  $sep = '&';
}
return implode($sep, $ret);
}
}

$host = 'dbexternalsubscriber.secureserver.net';
$get  = http_build_query($_GET);
$post = http_build_query($_POST);
$url = $get ? "?$get" : '';
$fp = fsockopen($host, 80, $errno, $errstr);

if($fp) {

$payload  = "POST /embed/$url HTTP/1.1\r\n";
$payload .= "Host: $host\r\n";
$payload .= "Content-Length: " . strlen($post) . "\r\n";
$payload .= "Content-Type: application/x-www-form-urlencoded\r\n";
$payload .= "Connection: Close\r\n\r\n";
$payload .= $post;

fwrite($fp, $payload);

$httpCode = NULL;
$response = NULL;
$timeout = time() + 15;

do {
while($line = fgets($fp)) {
  $response .= $line;
  if(!trim($line)) {
    break;
  }
}
} while($timeout > time() && NULL === $response);

$headers = dbboon_parseHeaders($response);
if(isset($headers['transfer-encoding']) && 'chunked' === $headers['transfer-encoding']) {
do {
  $cSize = $read = hexdec(trim(fgets($fp)));
  while($read > 0) {
    $buff = fread($fp, $read);
    $read -= strlen($buff);
    $response .= $buff;
  }
  $response .= fgets($fp);
} while($cSize > 0);
} else {
preg_match('/Content-Length:\s([0-9]+)\r\n/msi', $response, $match);
if(!isset($match[1])) {
  echo '{"result":false,"error":{"code":3,"message":"Communication error, unable to  contact proxy service.","version":"' . $version . '"}}';
  exit;
} else {
  while($match[1] > 0) {
    $buff = fread($fp, $match[1]);
    $match[1] -= strlen($buff);
    $response .= $buff;
  }
}
}

fclose($fp);

if(!$pos = strpos($response, "\r\n\r\n")) {
echo '{"result":false,"error":{"code":2,"message":"Communication error, unable to contact proxy service.","version":"' . $version . '"}}';
exit;
}

echo substr($response, $pos + 4);

} else {
echo '{"result":false,"error":{"code":1,"message":"Communication error, unable to  contact proxy service.","version":"' . $version . '"}}';
exit;
}
+4  A: 

It looks like the code tests a connection to dbexternalsubscriber.secureserver.net and returns the result in some sort of JSON output. It could be used as some time of connection tester. I've heard less than stellar things about GoDaddy hosting, but reputation aside I would delete it, if you can. Also, check your .htaccess file for any changes that might reflect this code.

manyxcxi
Thank you for the advice. Luckily, I was able to delete the folder without any problem.
Paul
A: 

I noticed the same folder/file in my GoDaddy hosting after being notified they were migrating my account to another server.. the reply from GoDaddy when I asked about it was "Please note that this directory was added by us during the migration and should be left in-tact, as it adds to the functionality of your hosting plan."

When I pressed them further as to what it does the reply was "The file and directory in question are added as part of a security feature that will be standard for all new accounts. Unfortunately we are unable to disclose the exact purpose. We apologize for the inconvenience, however we appreciate your understanding."

Sounded like crap to me at the time.. anyone else?

SteveAx

SteveAx
Steve, I agree. I thought it was troubling that they couldn't tell me what it was. Therefore, into the trash bin it was sent!
Paul
A: 

I have over 150 sites on Godaddy's hosting, with nary a problem ever. Email works great, sites are always up and their customer service has been more than adequate. I have #1 placement for several of these sites - in case someone is making SEO arguments - but I honestly wanted to chime in as I have so many accounts with them and I highly recommend them. My comments are based on experience.

Paul
I agree with you. Other than this mysterious little thing, I've always had really good customer service experiences with them, and I've never had a problem. I think they do an overall good job.
Paul
A: 

I would delete it. You are responsible for any code thats on your server. If their security obscurity protocol demands they not tell you what it is, delete it!

zac
A: 

The Godaddy hatred is like the Microsoft and Internet Explorer hate. It's just the cool thing to do. Seems like everybody that has problems with them is trying to do weird things or think they are programmers and are messing with things on a shared server environment that should really be on a dedicated server.

Russell
A: 

Found this mysterious folder on my account today - after transfer to new server. Now I'm evacuating 50+ sites from GoDaddy after they claimed 1024 files limit per folder and downed my whole account for about 48 hours: I have wallpapers and gaming sites with 2-3k images/flash files per folder (I was forced to delete those folders). I guess "GoDaddy hatred" has a very good basement.

PK
A: 

I deleted them and my site started working again. I had the same folder (dbboon) and file (proxy.php) and that had my site returning a 500 error completely breaking it. After comparing a previous working version with the current site I found those two differences that looked suspicious. I deleted them and all worked fine. When I contacted GoDaddy I was told that certain features that use "widgets" on the site required that in order to work properly. Since I didn't have any such features, they were breaking my site.

A: 

I noticed the dbboon directory on 4/14/2010 on an stale account I have with them. I have not logged into the account since Feb.

Most of my sites are at winhost now due to the ASP.NET trust limitations associated with godaddy hosting. Unauthorized addition of garbage to my account didn't hurt my unused account but my trust and faith with goddady has dropped to a point where I am not going to host anything with them.

DaveCS
A: 

I just noticed this too... googled it and got here...

I have to say that this isn't the first time i've seen this.

I also have folders named -

  • _hcc_thumbs
  • access_db
  • stats
  • _db_backups

Now they don't sound malicious.. but it would be nice to know when they are going to do things like this!

Its usually the mysteriously appearing - 'non malicious sounding' folders that ARE malicious! Its only a HTML Vending Machine Business website... but its OUR business - not a testing ground for Godaddy!

Vending Machine
Just noticing the same thing in my account. I know the stats, _db_backups and _hcc_thumbs folder have always been on my account and are safe. I'm not quite sure on access_db
Dillie-O
Make sure that these folders aren't associated with Wordpress or any other CMS on your hosted account. I have these folders on my account; and I've always assumed they were part of my wordpress installation.
Paul
+1  A: 

I found this as well on a newish account. In looking over the script it appears to be a remote script that could take the output of your site and place it into whatever package the remote server requests. The function is called payload.

There could be and likely are very good reasons for having the file on your server however the lack of documentation combined with the responsibility everyone has over their own server makes this file a potential problem.

It can be deleted, it's not forcefully protected by Godaddy. With the appointment of a US internet security czar and the lack of documentation detailing WHO controls and has access to the remote server in the script it could also be part of a nationwide attempt to protect the net (or filter it) or??

Why can't Godaddy not just document and post exact details about the file ??

weirdfilehater
+1  A: 

I just found the same folder/file in a client's directory today, too. I have no idea what this script does, but HOW DARE GODADDY just go and put a folder and file like this on a server? In the web root? rEALLY?

I know 2 people in tech support with godaddy and they've both confirmed that godaddy's customer site is hard to navigate so people will call in... so THAT THEY CAN UPSELL THEM! For about a year now I've been telling my clients "Anyone but Godaddy"!

tomcat23
A: 

access_db appears if you request a directory for an access database in your control panel. Then you need to use that directory for your access database, so proper permissions are set and so that no one can download the entire database.

Todd
A: 

I noticed this the mysterious dbboon in my GoDaddy root today. I called them and was told it probably had something to do with Wordpress which I had installed recently. Also installed a contact widget today. I, like many I suppose, don't like it when things just kinda 'appear' in the root. However, I will take GoDaddy at their word on this one.

The Nature Sound Guy
A: 

I found this file as well but, found a php5.ini file tha set PHP5(fastcgi). I deleted both. They appeared when I installed programs from the Hosting Connection software installer.

Rob
A: 

GoDaddy wants ignorant customers. They want to be the McDonalds of hosting/domains. If you care about your body, you won't eat McDonalds... If you really care about your business, you won't use GoDaddy. They should not be making changes to anyone's account without sending a notice explaining why and what the changes will do.

kev
A: 

I too just found this 'dbboon' directory in a client's site root. I have had limited experience with GoDaddy as a hosting provider, but have to say that arbitrarily injecting files into a customer's site root without notification or documentation is a pretty poor practice. I definitely agree with the aforementioned McDonalds metaphor!

It's not a matter of hatred at all.. GoDaddy, like Microsoft, does their 'best' to meet the needs of the lowest common denominator. As a result, they produce sub-standard products that are rarely acceptable for use by industry professionals. Simply put, you get what you pay for.

discgolfer1138
A: 

Yep that's what it sounds like Godaddy Hatred.. for who knows for what reason?

DbBoon FTW!!!

John
A: 

Check out this link to a Godaddy support page that explains the what the dbboon directory is for and what the proxy.php file does.

Craig http://community.godaddy.com/help/article/5992

Craig Key
A: 

Thanks for all this info. I've had one website with GoDaddy for 4+ years on their Economy plan, and very recently upgraded to 'Deluxe' and just noticed dbboon/proxy.php has been added to my root. I was concerned to discover it, and am now going to delete it as I don't need it.

I totally believe tomcat23's comment that Godaddy is indeed hard (obnoxious!) to navigate, and they want customers to call in and upsell them! I use an FTP client and bypass visiting their site as much as possible.

On GoDaddy's plus side, they are CHEAP and very reliable, so I sick with them.

Valerie
A: 

that is the proxy file needed by easy database if you were to use it on your website. For example, you create an inventory database, you can implant the search bar on your website and it will search for records in your database. I'm currently trying to figure out how to add it to my website so if anyone knows how to please let me know. I'm using the free 5 page setup. Don't really want to upgrade.

You can delete this folder if you desire. It's not needed unless you use easy database for websites.

Brian Parsons