Filter Uploaded Files
Mar 5, 2008I want to filter any files uploaded and i have put this line at php.ini
suhosin.upload.verification_script = /my path
But my problem till now i can not make this script. (Disable upload php files)
ADVERTISEMENT
Problem With Files Owned By 'nobody' When Uploaded
Aug 4, 2007I used to have my apache 1.3.37 with PHP compiled as a CGI. Whenever i have a php script (say vbulletin forum software) that allow file uploads, files will be uploaded with the correct userid and groupid on the server. However, once i compiled PHP as ISAPI module, the files will be uploaded but will be owned by 'nobody'. Of course i can log in as root and chown it back to the right user, but it's a hassle if there are multiple user accounts on the server and they're using php software on their end. If someone is using an ftp program and tries to overwrite that uploaded file that's owned by nobody, it will not let them do so. Is there a way to fix this, or change the config files that would fix it?
View 3 Replies View RelatedHow To Find How And Who Uploaded Files- Spam - Action I Can Take
Mar 27, 2009I have a dedicated server, the server itself is secure (as far as I know) and I run lots of my sites from it. I offered a friend hosting for his flash based chat application he built.
Today I was contacted by someone; "Are you the owner of xxxx.net?" so I informed that yes, it was my server and they then showed me an email they'd received from my server. I did a search and apparently someone uploaded mail.php and a couple of files it was using to send out spam based upon a variety of conditions that the other files met. The files contained forenames and surnames, it'd use a forename and a surname then send it to popular free mail services. The email contained ramblings about new world order and promoted a website.
How can I find out how they got the files uploaded to the account and what action can I take? I checked the whois for the domain and have their contact information, however it's a large site so I'm doubtful that the owner did it. I don't want my servers IPs being blacklisted for spam :|
Stoping Malicious Files From Being Uploaded ( Cpanel)
Jun 27, 2009I am wanting to know if there is a way to stop files being uploaded to my vps, via ftp cpanel etc that are malicious..
I have been told there is a way to do this but i havent been told how..
Basicaly i want to know if there is something where i can add a list of keywords that are in the malicious files and what ever it is will stop them from being uploaded or if they manage to get uploaded onto my vps will it make them not work?
I am looking into this as i had an issue before where someone uploaded a shell onto my server :@ luckily it didnt cause no damage or he didnt get anywhere but i still want to be safe.
Limit The Size Of Uploaded Files Using VSFTPD
May 26, 2007I have a RHEL 4 plain server, and im using vsftpd server, i can not find an option to specify the max size for uploading files... does anybody know something about this?
View 1 Replies View RelatedFiles Uploaded Via Scripts & Joomla Have 600 Permissions
Jun 26, 2007I've recently started experiencing some issues where files uploaded through Joomla or some other scripts (mostly PHP) inherit a permission of 600. Prior to updates being done on the server I'm hosted on, uploaded files received 644 permissions and all things worked great.
I've checked the umask that assigned to the shell (022) and have ruled out that as a problem.
Plesk 11.x / Linux :: Can't See Files Which Are Uploaded With Script
Mar 1, 2014I am using a upload script for my files. After upload i cant see them on ftp but can see on panel file manager.
View 9 Replies View RelatedApache :: Created FTP Account With Vsftp And Files Uploaded Are Not Readable
Jan 17, 2014I created a FTP account with vsftp and files uploaded are not readable via www-data
View 1 Replies View RelatedHow To Filter Noisy Rows From Raw Log Files
Aug 31, 2008in order to analyse traffic from a specific application I'm using, I need to filter out some types of server requests from the raw log files.
the reason: this app makes multiple requests to the same content in 6 sec intervals.
so I want to leave only the first request, that indicated that this item has been requested, and take out all the others, which can't be counted as hits or visits and just create noise data.
I know how to define a "relevant" request, and how to define a "noisy" request.
the question:
how can I make this filtering?
Do I need to run a script on the log files, clean them, and then use the log analyzer (i'm using Web log explorer)?
Or can i use web log explorer to define a filtering template?
this is a very critical demand, so i'd be glad for any suggestions/ideas how to tackle this problem.
FTP - Uploaded File Not Overwriting
Jan 5, 2008Does anybody understand what is going on here?
Here is the problem:
I log in to FTP and I try and upload an updated file (the file already exists on server). It prompts me to overwrite and I say yes but when I refresh/check the site the page hasnt changed - I then tried uploading the file again and it still says the existing file size (so I know it hasnt been replace).
Any idea why it it not overwriting?
The files are CHOWNed my the owner (FTP user) which is myself.
Uploaded File Size 0 KB
Feb 2, 2008I uploaded my file to web server(html, image file and css file), but strangely after uploaded it to server all file that I uploaded size 0 KB. I uploaded it using WS FTP.
Is there something wrong the way I uploaded it.
Someones Uploaded A Phishing Site
Jul 31, 2007Someones managed to upload a phishing site to my VPS.
How do they normally achieve this, there has been no unauthorised root access as I get e-mail each time someone log in as root.
Is it likely they've just managed to guess my ftp password, or is it going to have something to do with a script running elsewhere?
I've got solarvps looking at it now.
Shell Uploaded - Site Hacked - How To Trace ?
Nov 6, 2008Shell uploaded - Site hacked - How to trace?
Many of my customers let me know that their websites had been hacked. I think it comes from local hacker ....
How Many Websites Can Be Uploaded To One Single Webspace Account
Oct 20, 2008How many websites can be uploaded to one single webspace account
View 9 Replies View Related[newmailcgi] Recently Uploaded CGI Scripts On CPanel Server
Dec 11, 2007Whenever someone uploads or re-uploads to my server a file relating to a CGI script that sends mail, I get an email with something like:
Quote:
Note: If this is the first time you received this mail, it contains the history for the entire month so far.
Below are the recently upload scripts that contain code to send email. You may wish to inspect them to ensure they are not sending out SPAM.
/home/xxxxxxx/public_html/followup/send2.php:106: if($sc == "buchanan") {
/home/xxxxxxx/public_html/followup/send2.php:107: mail($email, $subject, $creative, $headers);
/home/xxxxxxx/public_html/followup/send2.php:108: }
---
/home/xxxxxxx/public_html/followup/send.php:100: if($sc == "buchanan") {
/home/xxxxxxx/public_html/followup/send.php:101: mail($email, $subject, $creative, $headers);
/home/xxxxxxx/public_html/followup/send.php:102: }
---
What steps can I take to actually inspect them to ensure they are not sending out SPAM?
Apf Firewall Filter More Than 1?
Jan 21, 2007I would like to know how to filter more than one NIC with APF firewall... at the moment, it only let you filter Eth0, how do I add Eth1 in it as well?
View 7 Replies View RelatedVPS Mail Filter
Jan 22, 2009I am getting a VPS and the only mail filter option available with this company is SpamAssassin.
Is Spam Assassin's version 3.2.x sufficient to block majority of Spam/Junk emails?
To Spam Filter Or Not To Spam Filter
Apr 23, 2008As a web host or ISP what do you think is best to do? do spam/virus filtering, or don't touch mail and let the user do what they want with it? (no chance of false positives, or lost mail, this way)
I work for an ISP and we have a barracuda and we get tons of calls from customers regarding lost mail and such as when you're filtering such a large varitey of mail its very hard to have a "perfect" filter. Mail that a car dealership gets and what a hospital get is totally different, for example.
Also in terms of web hosting the filtering will put a reasonable load on the server during peak spamming hours.
So just curious, as a ISP/webhost customer do you think your host should do filter or do you rather manage that yourself?
Getting Caught In The Filter
Mar 4, 2007I sent the below email, it keeps getting caught in the filter
Quote:
Maria,
Here are the username and password for this site.
www.consumerreports.com [url]
user:
pass:
Maybe you can find some more info about the cars you like.
Thanks,
Matthew
Sitebuilder Specialist
[800.729.xxxx ext xxx] or [xxx.625.8546]
email malberty@domain.com
www.anotherdomain.com
Support Contact for any Stewart Related Website:
[url]<[url]
The exim logs show this:
2007-03-04 21:02:53 1HO3TR-0003tu-Ek <= matthew@localdomain.com H=(localhost) [127.0.0.1]:43496 I=[127.0.0.1]:25 P=esmtpa A=fixed_login:matthew@localdomain.com S=1527 id=9bb87bf2893bf84500323930692044ef@localhost T="test" from <matthew@localdomain.com> for matthew@localdomain.com
2007-03-04 21:02:53 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1HO3TR-0003tu-Ek
2007-03-04 21:02:53 1HO3TR-0003tu-Ek => discarded (system filter)
2007-03-04 21:02:53 1HO3TR-0003tu-Ek Completed QT=0s
2007-03-04 21:02:53 SMTP connection from (localhost) [127.0.0.1]:43496 I=[127.0.0.1]:25 lost
I cannot figure out why the filters is picking this up, nor which WORD is causing this. How would I trace this?
my antivirus.exim file
Code:
# Exim filter
## Version: 0.17
#$Id: system_filter.exim,v 1.11 2001/09/19 11:27:56 nigel Exp $
## Exim system filter to refuse potentially harmful payloads in
## mail messages
## (c) 2000-2001 Nigel Metheringham <nigel@exim.org>
##
## This program is free software; you can redistribute it and/or modify
## it under the terms of the GNU General Public License as published by
## the Free Software Foundation; either version 2 of the License, or
## (at your option) any later version.
##
## This program is distributed in the hope that it will be useful,
## but WITHOUT ANY WARRANTY; without even the implied warranty of
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
## GNU General Public License for more details.
##
## You should have received a copy of the GNU General Public License
## along with this program; if not, write to the Free Software
## Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
## -A copy of the GNU General Public License is distributed with exim itself
## -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
## If you haven't worked with exim filters before, read
## the install notes at the end of this file.
## The install notes are not a replacement for the exim documentation
## -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
## -----------------------------------------------------------------------
# Only run any of this stuff on the first pass through the
# filter - this is an optomisation for messages that get
# queued and have several delivery attempts
#
# we express this in reverse so we can just bail out
# on inappropriate messages
#
if not first_delivery
then
finish
endif
## -----------------------------------------------------------------------
# Check for MS buffer overruns as per BUGTRAQ.
# [url]
# This could happen in error messages, hence its placing
# here...
# We substract the first n characters of the date header
# and test if its the same as the date header... which
# is a lousy way of checking if the date is longer than
# n chars long
if ${length_80:$header_date:} is not $header_date:
then
fail text "This message has been rejected because it has
an overlength date field which can be used
to subvert Microsoft mail programs
The following URL has further information
[url]
seen finish
endif
## -----------------------------------------------------------------------
# These messages are now being sent with a <> envelope sender, but
# blocking all error messages that pattern match prevents
# bounces getting back.... so we fudge it somewhat and check for known
# header signatures. Other bounces are allowed through.
if $header_from: contains "@sexyfun.net"
then
fail text "This message has been rejected since it has
the signature of a known virus in the header."
seen finish
endif
if error_message and $header_from: contains "Mailer-Daemon@"
then
# looks like a real error message - just ignore it
finish
endif
## -----------------------------------------------------------------------
# Look for single part MIME messages with suspicious name extensions
# Check Content-Type header using quoted filename [content_type_quoted_fn_match]
if $header_content-type: matches "(?:file)?name=("[^"]+\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc])")"
then
fail text "This message has been rejected because it has
potentially executable content $1
This form of attachment has been used by
recent viruses or other malware.
If you meant to send this file then please
package it up as a zip file and resend it."
seen finish
endif
# same again using unquoted filename [content_type_unquoted_fn_match]
if $header_content-type: matches "(?:file)?name=(\S+\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc]))"
then
fail text "This message has been rejected because it has
potentially executable content $1
This form of attachment has been used by
recent viruses or other malware.
If you meant to send this file then please
package it up as a zip file and resend it."
seen finish
endif
## -----------------------------------------------------------------------
# Attempt to catch embedded VBS attachments
# in emails. These were used as the basis for
# the ILOVEYOU virus and its variants - many many varients
# Quoted filename - [body_quoted_fn_match]
if $message_body matches "(?:Content-(?:Type:(?>\s*)[\w-]+/[\w-]+|Disposition:(?>\s*)attachment);(?>\s*)(?:file)?name=|begin(?>\s+)[0-7]{3,4}(?>\s+))("[^"]+\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc])")[\s;]"
then
fail text "This message has been rejected because it has
a potentially executable attachment $1
This form of attachment has been used by
recent viruses or other malware.
If you meant to send this file then please
package it up as a zip file and resend it."
seen finish
endif
# same again using unquoted filename [body_unquoted_fn_match]
if $message_body matches "(?:Content-(?:Type:(?>\s*)[\w-]+/[\w-]+|Disposition:(?>\s*)attachment);(?>\s*)(?:file)?name=|begin(?>\s+)[0-7]{3,4}(?>\s+))(\S+\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc]))[\s;]"
then
fail text "This message has been rejected because it has
a potentially executable attachment $1
This form of attachment has been used by
recent viruses or other malware.
If you meant to send this file then please
package it up as a zip file and resend it."
seen finish
endif
## -----------------------------------------------------------------------
#### Version history
#
# 0.01 5 May 2000
#Initial release
# 0.02 8 May 2000
#Widened list of content-types accepted, added WSF extension
# 0.03 8 May 2000
#Embedded the install notes in for those that don't do manuals
# 0.04 9 May 2000
#Check global content-type header. Efficiency mods to REs
# 0.05 9 May 2000
#More minor efficiency mods, doc changes
# 0.06 20 June 2000
#Added extension handling - thx to Douglas Gray Stephens & Jeff Carnahan
# 0.07 19 July 2000
#Latest MS Outhouse bug catching
# 0.08 19 July 2000
#Changed trigger length to 80 chars, fixed some spelling
# 0.09 29 September 2000
#More extensions... its getting so we should just allow 2 or 3 through
# 0.10 18 January 2001
#Removed exclusion for error messages - this is a little nasty
#since it has other side effects, hence we do still exclude
#on unix like error messages
# 0.11 20 March, 2001
#Added CMD extension, tidied docs slightly, added RCS tag
#** Missed changing version number at top of file :-(
# 0.12 10 May, 2001
#Added HTA extension
# 0.13 22 May, 2001
#Reformatted regexps and code to build them so that they are
#shorter than the limits on pre exim 3.20 filters. This will
#make them significantly less efficient, but I am getting so
#many queries about this that requiring 3.2x appears unsupportable.
# 0.14 15 August,2001
#Added .lnk extension - most requested item :-)
#Reformatted everything so its now built from a set of short
#library files, cutting down on manual duplication.
#Changed w in filename detection to . - dodges locale problems
#Explicit application of GPL after queries on license status
# 0.15 17 August, 2001
#Changed the . in filename detect to S (stops it going mad)
# 0.16 19 September, 2001
#Pile of new extensions including the eml in current use
# 0.17 19 September, 2001
#Syntax fix
#
#### Install Notes
Microsoft And His Spam Filter
May 28, 2009We have identified that messages from your IP are being filtered based on the recommendations of the Symantec Brightmail filter as well as our internal Smart Screen Filters. The filter was initiated by Hotmail at (5/20/2009 12:00:00 AM) PST due to a large volume of emails that were sent prior to this time.
We will be happy to work directly with Symantec on your behalf to investigate and possibly resolve this problem. In order to move forward, we will need examples of the messages that were caught by the Brightmail filters.
SPAM Filter / Control
Jun 30, 2008I am running a small hosting operation and would like to know more about SPAM filtering and controlling. SpamAssasin is installed on my server but it does not do much. I was looking into different solution with a anti-spam device and would like to know which one is recommended the most: sonicwall, barracuda or symantec? (total email addresses is less than at thousand)
View 4 Replies View RelatedHow To Filter Power Upstream From SAN UPS
Jan 3, 2008I have A/B power from my colo provider, each fed from separate xxxKVA UPSes. I have dual-cord servers powered from these two circuits.
Now I'm adding an EMC SAN, which comes with its own little APC UPS. EMC says the SAN's A-side power should come from my A-side circuit, and the SAN's B-side power should come from the included little APC UPS, which should be plugged into my B-side circuit.
Unfortnately, the little UPS puts out lots of garbage line noise on the upstream side. I know this because I plugged it in at home, and it was turning my X10 light fixtures on and off when the battery would hit a charging cycle. This is not the kind of dirty power I'd like to be feeding to the servers.
Does anyone have a suggestion for cleaning up the harmonic distortion that these UPSes send back upstream? Maybe a Tripp Lite IBAR12/20ULTRA? Or a Tripp Lite IS-1000 Full Isolation Transformer?
Alternatively, if there is a way to tell the EMC SAN to enable write caching without the APC UPS, that might work, too.
How Much CPU Load Does Your Spam Filter Put On Your VPS
Jul 8, 2007How much CPU & RAM load does your spam filter put on your VPS? It seems logical that the more mailboxes hosted, the more VPS resources the spam filter will consume - especially if any of the email addresses are targeted by spammers (or the user is careless and gives out their email address everywhere - as many do).
It's become so much with some of our subscribers that we have had to offer a hardware spam filter, to keep the load off the VPS. It's been great in that the VPS's protected by it have seen a dramatic performance increase....but are these subscribers unique in some way?
And so here is my question...how much CPU is everyone's spam assassin/spam filter using and how many mailboxes do you host on your VPS? very curious...
Filter Outgoing Messages
Apr 1, 2007I am on a DirectAdmin server, with root access. Exim mail server.
Is there any way to filter outgoing messages? Let's say if IP of client is listed in blacklist, they can not send out emails
Hotmail Junk Filter
Mar 26, 2007I have the same problem as many other users who try to send to Hotmail.... my e-mails are being put into the junk filter.
Could you please help me with this as I am going mad trying to figure out how to fix this? I am running a VPS which has 4 IP's and whenever I send an e-mail from the domain it moves into the junk filter. E-mails are received correctly by other e-mail providers (Yahoo, etc.), only Hotmail has the issue.
When I do a DNS Report, the only error I get besides the mail server having a single point of failure, is "Mail server host name in greeting". I have had the VPS provider add a RDNS entry, etc.
I have spoken with the support team at the VPS Host and they have tried everything they could and can't understand why there is an issue. I also contacted Hotmail and they redirected me to a Junk Filter troubleshooting page [url]
I don't know why this is being filtered as Junk and what I can do to fix it. Could you please help as I would be most grateful.
Is someone able to PM me with help as I would prefer not to post the network/website details on the forum please?