How Do I Remove Suhosin-0.9.24 Extension

Dec 11, 2008

got suhosin-0.9.24 extension on my centos 5.2 server, the patch has NOT been applied.
how do i remove/uninstall suhosin-0.9.24?



ADVERTISEMENT

Suhosin Extension Or Suhosin Patch

Mar 18, 2008

What is the difference between Suhosin Extension and Suhosin Patch?

View 6 Replies View Related

Remove Empty Folders And Remove From A Db

Jul 22, 2009

ive got a site which auto creates subdomains and installs a script automaticly and inserts details into a mysql db. i have had some issues recent so have loads (talking 100s) of folders that are empty which i need to remove, and to remove the details of said folder from db also. any ideas how i can do this, using plesk control panel so removing the subdomain via plesk cli may be the best way in that respect but the db is external to plesk so that would not be edited

View 0 Replies View Related

.mil Extension

Apr 30, 2008

we have a client who needs a dedicated server provider that is capable of hosting a military .mil extension web site.

View 5 Replies View Related

Frontpage Extension

Apr 25, 2008

I have installed Front page extension but when i access the page its gives the error :-

FrontPage Run-Time Component Page

You have submitted a form or followed a link to a page that requires a web server and the FrontPage Server Extensions to function properly.

This form or other FrontPage component will work correctly if you publish this web to a web server that has the FrontPage Server Extensions installed.

Click the <Back> arrow to return to the previous page.

View 2 Replies View Related

Installing PHP RAR Extension

Jun 26, 2008

I wanted to install PHP RAR extension:

to compress & decompress rar files. I installed it on the server & added the extension=rar.so to php.ini files.

But still, when I run a rar function like rar_open(), I get an error :

Fatal error: Call to undefined function rar_open()

I tried installing the extension again through SSH, but it says "Nothing to Install".

View 4 Replies View Related

Suhosin

Jul 26, 2009

I am thinking about installing the Suhosin option for PHP on some shared servers to improve PHP's security. Are there any gotchas I would need to be aware of? I've checked out the Suhosin site but there is not much there at all.

View 4 Replies View Related

Suhosin

Nov 1, 2009

I've been testing out Suhosin Extension 0.9.29 from [url]

There are at least two areas (that I know of) where I need help.

1. Error messages go to /var/log/messages no matter what I set for suhosin.log.syslog.facility even though I have a corresponding /etc/syslog.conf facility going to /var/log/suhosin.log

If you have successfully set up suhosin to log outside of /var/log/messages, do you mind sharing your /etc/syslog.conf and php.ini settings for that change?

2. I am seeing a lot of "ALERT-SIMULATION - script tried to increase memory_limit to 4294967295 bytes which is above the allowed value (attacker 'REMOTE_ADDR not set', file 'unknown')" errors in /var/log/messages.

How can I find the IP and file involved?

For those that do include the increase memory_limit alert with an IP address and actual file, how can I determine if the activity is incorrect or correct and the suhosin memory limit needs to be increased?

For the shell script, awk/gawk, etc. experts, is there a way to consolidate the following messages into one line? ....

View 4 Replies View Related

Suhosin And Php.ini

Mar 2, 2008

i have a dedicated server and i have installed suhosin through els

well
els never asked me for configurations or anything ,, it just installed it

any way

i'm trying to install AWBS on my server ,, AWBS needs safe_mode to be off

so i went (pico /usr/local/lib/php.ini)

all the lines were commented
suhosin added this to every line at the begining

PHP Code:

;suhosin.version=0.9.20 

so everyline became commented

any way

i was trying to turn off the safe mode
so i searched for it and replaced On with Off

but the changes didn't take effect

(locate suhosin)

found bunch of folders and suhosin.so files that i couldn't manage

is installing this extension ,, replaces the php.ini effect with another one ???
how can i configure php.ini to turn off the safe mode and also disable some functions while suhosin is there

+
how to remove suhosin without losing any data

which command shall i use

View 3 Replies View Related

Suhosin

Jun 15, 2007

with suhosin, with conf in php.ini. For get this working i must do a change in php.ini

extension_dir = "./"

FOR

extension_dir = ""

and get working, but for the next day this is changed again.

View 2 Replies View Related

Suhosin

Oct 1, 2007

I have Suhosin on the server to patch PHP and I now cannot use the PHP include('blah.php')statement.

I have no whitelist or blacklist but still get the error:

"ALERT - Include filename ('<url>')is an URL that is not allowed"

and all I get is a blank page - is there a way of letting the URL includes work?

View 2 Replies View Related

Loading Php Extension Dynamically

Jul 25, 2009

I realize the title isn't clear enough, but that's the closes to my question

What I basically want to know is if its possible to add pgql support for PHP without rebuilding PHP (running easyapache). Currently all standalone phppgadmin instaces return:

Your PHP installation does not support PostgreSQL. You need to recompile PHP using the --with-pgsql configure option.

Is it possible to load the pgsql extension without rebuilding, like you'd do with zend for example.

View 2 Replies View Related

GD Library & PHP Mbstring Extension

Jun 11, 2009

I install drupal and i get this errors:

1. GD libraryNot installed
The GD library for PHP is missing or outdated. Please check the PHP image documentation for information on how to correct this.

2. Unicode libraryStandard PHP
Operations on Unicode strings are emulated on a best-effort basis. Install the PHP mbstring extension for improved Unicode support.

I have on my server:

Package gd-2.0.33-9.4.el5_1.1.x86_64 already installed and latest version
Package gd-2.0.33-9.4.el5_1.1.i386 already installed and latest version

but i don`t know why drupal say to me it`s not installed. Need to active the GD Library?

How can i fix the problem with php mbstring and GD Library?

I run the yum commands:

yum install gd
yum install php-gd
yum install php-mbstring

It`s not working! :|

The os is centos 5.3 64. I have cPanel too.

View 11 Replies View Related

IIS - Make PHP Run With .html Extension

Dec 12, 2008

I know nothing about IIS as I ormally use Linux / Apache so I'm not sure this is possible.

I have built a site in PHP that the client now wants to move over to a IIS-hosted server. Although it's all in PHP because it was a re-build of an old static site I used ModRewrite to make all the page .html.

I know IIS doesn't have a URL rewrite feature as such. What I was wondering is, is it possible to configure IIS so that a PHP page can have a .html extension?

View 6 Replies View Related

Compiling PHP Zip Extension Onto A Mac That Has MAMP Pro

Mar 10, 2008

compiling the zip extension for my MAMP installation. I used this tutorial here (using phpize):

[url]

All is well.. but when I run make test it gives me this:

Warning: PHP Startup: Invalid library (maybe not a PHP library) 'zip.so' in Unknown on line 0

Warning: PHP Startup: Unable to load dynamic library 'modules/imap.so' - (null) in Unknown on line 0

Warning: PHP Startup: Unable to load dynamic library 'modules/yaz.so' - (null) in Unknown on line 0

Warning: PHP Startup: Unable to load dynamic library 'modules/mcrypt.so' - (null) in Unknown on line 0

Warning: PHP Startup: Unable to load dynamic library 'modules/gettext.so' - (null) in Unknown on line 0

Warning: PHP Startup: Unable to load dynamic library 'modules/pgsql.so' - (null) in Unknown on line 0

Warning: PHP Startup: Unable to load dynamic library 'modules/pdo_pgsql.so' - (null) in Unknown on line 0

Warning: PHP Startup: Unable to load dynamic library 'modules/pdo_mysql.so' - (null) in Unknown on line 0

Warning: PHP Startup: Invalid library (maybe not a PHP library) 'zip.so' in Unknown on line 0

Warning: PHP Startup: Invalid library (maybe not a PHP library) 'zip.so' in Unknown on line 0

Warning: PHP Startup: Invalid library (maybe not a PHP library) 'zip.so' in Unknown on line 0

Warning: PHP Startup: Unable to load dynamic library 'modules/imap.so' - (null) in Unknown on line 0

Warning: PHP Startup: Unable to load dynamic library 'modules/yaz.so' - (null) in Unknown on line 0

Warning: PHP Startup: Unable to load dynamic library 'modules/mcrypt.so' - (null) in Unknown on line 0

Warning: PHP Startup: Unable to load dynamic library 'modules/gettext.so' - (null) in Unknown on line 0

Warning: PHP Startup: Unable to load dynamic library 'modules/pgsql.so' - (null) in Unknown on line 0

Warning: PHP Startup: Unable to load dynamic library 'modules/pdo_pgsql.so' - (null) in Unknown on line 0

Warning: PHP Startup: Unable to load dynamic library 'modules/pdo_mysql.so' - (null) in Unknown on line 0

Warning: PHP Startup: Invalid library (maybe not a PHP library) 'zip.so' in Unknown on line 0

Warning: PHP Startup: Invalid library (maybe not a PHP library) 'zip.so' in Unknown on line 0

So, from what I see there are two problems:

1. compiling the zip.so fails...

2. Some directories are wrongly set, because my extension .so files reside in /mamp/bin/php5/lib/php/extensions/no-debug-non-zts-20050922/

I see no "modules" in there, so..

View 3 Replies View Related

How To Hide The Page Extension

Jan 6, 2007

The problem is that i want to hide the php extension from the visitor so that no one knows what scripting language lies beneath..

If I use the following solution {

I think I should write snippets of php codes inside html files.. so i want apache to go through each html file to see if there are php code or not..

I write the following mime types with cpanel:

application/x-httpd-php .php .adp
application/x-httpd-php .php .htm
application/x-httpd-php .adp
}

Then {
Error appears when I go to any page in the site "Internat Server Error"
}

Else if {
I can use .htaccess to do the same effect in a particular directory
}

Then {
The same error appears "Internal Server Error"
}

Else {
What can I do?
}

View 0 Replies View Related

Mod_rewrite Strip Off Php Extension

May 15, 2008

I am trying to figure out how to use mod_rewrite to make my php url's friendly. I have read a few articles but none seem to do what I want.

Here is what I want:

/login.php -> /login
/home.php -> /home
/users/update_profile.php -> /users/update_profile
/users/update_profile.php?id=343242 -> /users/update_profile/343242

Basically just strip off the .php extension, so it seems like php files are actually folders.

View 0 Replies View Related

Install CURL Extension

Jun 18, 2007

is it possible to install the cURL extension on a VPS with root access ?

View 5 Replies View Related

How Install Suhosin

May 31, 2009

i have try:

wget [url]
tar -zxvf suhosin-0.9.27.tgz
./configure
make
make install

then:

ls –lah /usr/local/lib/php/extensions/no-debug-non-zts-20060613/

mkdir /usr/lib/php/extensions/

cp /usr/local/lib/php/extensions/no-debug-non-zts-20060613/suhosin.so /usr/lib/php/extensions/
no-debug-non-zts-20060613

vi php.ini

But i havent:
:/usr/lib/php:/usr/local/lib/php:/usr/lib/php/extensions:/usr/lib/php/extensions/no-debug-non-zts-20060613

in my php.ini and i have this:

;include_path = ".:/php/includes"

View 4 Replies View Related

SuPHP Along With Suhosin

Oct 28, 2009

we have installed suPHP along with suhosin on server to prevent upload of illegal scripts but still we are having problems with scripts used for phishing web sites! We have a lot of Joomla users and other php apps installed on server.

View 5 Replies View Related

Configuring Suhosin ...

Mar 31, 2009

I've continually worked on it, but nothing seems to give.

I'll install it in the right place, but not have the config saved properly, or it's in the wrong place but saved right.

View 2 Replies View Related

Suphp And Suhosin ..

Nov 27, 2008

i have install suhosin and i want to know that should i install suphp too?

and

do you recomend me to install suphp?

View 2 Replies View Related

Suhosin Block

Jun 17, 2008

in one of my servers i have this line in my ConfigServer Security & Firewall:

190.28.118.155 # lfd: 10 (suhosin) login failures from 190.28.118.155 - Mon Jun 16 23:27:50 2008

is this ok? i mean... its an attack of some sort? i know suhosin is meant to increase php security, so its blocking an attack right?

View 0 Replies View Related

Suhosin Install

Jun 16, 2007

According to this Guide I installed Suhosin Extension
[url]

After installation each time I add

;;;;;;;;;;;;;;;;;;;;;;;;;

; Paths and Directories ;

;;;;;;;;;;;;;;;;;;;;;;;;;

include_path = ".:/usr/lib/php:/usr/local/lib/php:/usr/lib/php/extensions:/usr/lib/php/extensions/no-debug-non-zts-20020429:" ;

extension_dir = /usr/lib/php/extensions/no-debug-non-zts-20020429/ ; directory in which the loadable extensions (modules) reside

Http fail and php -v don't show that Suhosin installed

How can i check if Suhosin installed and working fine ?

View 6 Replies View Related

Suhosin And Vbulletin

Jul 14, 2007

I have the max vars and all that set right to conform to vbulletin, Only problem is now I keep getting this in /var/log/messages

suhosin[8569]: ALERT - script tried to increase memory_limit to 4294967295 bytes which is above the allowed value (attacker '*******', file '/home/user/public_html/includes/class_xml.php', line 35)

The line its pertaining to is @ini_set('memory_limit', -1);

I'm pretty sure its not blocking anything, least nothing I see but it does this everytime someone accesses certain pages on a forum.

My memory_limit for php is 60 mb, I checked out different ways of configuring it, but the only thing I think would stop the alerts is setting the suhosin memory limit to 4 gb, as it says the script is calling for that. But I suppose if there was a crappy or malicious php script they would easily be able to ini-set and suck all the memory.

So basically what i want to do is just disable this alert as its filling the messages up. Has anyone dealt with this before?

View 6 Replies View Related

Suhosin Config

Jun 3, 2007

I was wondering if anyone has a tried and tested suhosin config for an average webhosting box?

I tried the config on the webhostgear article and it caused a few problems with some sites. On my directadmin server I managed to do the patch and the extension. I was wanting to do the same on cpanel server. Has anyone done the patch as well with easyapache?

I figure you would have to go to where it saves the downloaded source and patch it then zip it back up.

View 2 Replies View Related

Suhosin Installation

Aug 5, 2007

i install suhosin like this :

Code:
cd /usr/src
wget [url]
wget [url]
wget [url]
wget [url]
then :

Code:
gpg --import < hardened-php-signature-key.asc
extract php tarball

Code:
tar -zxf php-4.4.7.tar.gz
then :

Code:
md5sum suhosin-patch-4.4.7-0.9.6.patch.gz
gpg suhosin-patch-4.4.7-0.9.6.patch.gz.sig
gunzip suhosin-patch-4.4.7-0.9.6.patch.gz
paching php :

Code:

cd php-4.4.7
patch -p 1 -i ../suhosin-patch-4.4.7-0.9.6.patch
installing php : ( u must restore php.ini to the default before the installation )

Code:

./configure --with any thing .....
make
make test
make install
after that i cat suhosin.ini to php.ini

Code:
cat suhosi.ini > php.ini
i am using this setting :

Code:
;;;;;;;;;;;;;
; Suhosin ;
;;;;;;;;;;:;;
; -----------------------------------------------------------------------------
; This file was taken from Mandriva Linux with their permission
; -----------------------------------------------------------------------------
[suhosin]
; -----------------------------------------------------------------------------
; Logging Options
; Defines what classes of security alerts are logged to the syslog daemon.
; Logging of errors of the class S_MEMORY are always logged to syslog, no
; matter what this configuration says, because a corrupted heap could mean that
; the other logging options will malfunction during the logging process.
suhosin.log.syslog = 511
; Defines the syslog facility that is used when ALERTs are logged to syslog.
suhosin.log.syslog.facility = 9
; Defines the syslog priority that is used when ALERTs are logged to syslog.
suhosin.log.syslog.priority = 1
; Defines what classes of security alerts are logged through the SAPI error log.
suhosin.log.sapi = 511
; Defines what classes of security alerts are logged through the external
; logging.
suhosin.log.script = 511
; Defines what classes of security alerts are logged through the defined PHP
; script.
suhosin.log.phpscript = 511
; Defines the full path to a external logging script. The script is called with
; 2 parameters. The first one is the alert class in string notation and the
; second parameter is the log message. This can be used for example to mail
; failing MySQL queries to your email address, because on a production system
; these things should never happen.
suhosin.log.script.name =
; Defines the full path to a PHP logging script. The script is called with 2
; variables registered in the current scope: SUHOSIN_ERRORCLASS and
; SUHOSIN_ERROR. The first one is the alert class and the second variable is
; the log message. This can be used for example to mail attempted remote URL
; include attacks to your email address.
suhosin.log.phpscript.name =
; Undocumented
suhosin.log.phpscript.is_safe = Off
; When the Hardening-Patch logs an error the log message also contains the IP
; of the attacker. Usually this IP is retrieved from the REMOTE_ADDR SAPI
; environment variable. With this switch it is possible to change this behavior
; to read the IP from the X-Forwarded-For HTTP header. This is f.e. necessary
; when your PHP server runs behind a reverse proxy.
suhosin.log.use-x-forwarded-for = On
; -----------------------------------------------------------------------------
; Executor Options
; Defines the maximum stack depth allowed by the executor before it stops the
; script. Without this function an endless recursion in a PHP script could
; crash the PHP executor or trigger the configured memory_limit. A value of
; "0" disables this feature.
suhosin.executor.max_depth = 5
; Defines how many "../" an include filename needs to contain to be considered
; an attack and stopped. A value of "2" will block "../../etc/passwd", while a
; value of "3" will allow it. Most PHP applications should work flawlessly with
; values "4" or "5". A value of "0" disables this feature.
suhosin.executor.include.max_traversal = 2
; Comma separated whitelist of URL schemes that are allowed to be included from
; include or require statements. Additionally to URL schemes it is possible to
; specify the beginning of allowed URLs. (f.e.: php://stdin) If no whitelist is
; specified, then the blacklist is evaluated.
suhosin.executor.include.whitelist =
; Comma separated blacklist of URL schemes that are not allowed to be included
; from include or require statements. Additionally to URL schemes it is
; possible to specify the beginning of allowed URLs. (f.e.: php://stdin) If no
; blacklist and no whitelist is specified all URL schemes are forbidden.
suhosin.executor.include.blacklist =
; Comma separated whitelist of functions that are allowed to be called. If the
; whitelist is empty the blacklist is evaluated, otherwise calling a function
; not in the whitelist will terminate the script and get logged.
suhosin.executor.func.whitelist =
; Comma separated blacklist of functions that are not allowed to be called. If
; no whitelist is given, calling a function within the blacklist will terminate
; the script and get logged.
suhosin.executor.func.blacklist =
; Comma separated whitelist of functions that are allowed to be called from
; within eval(). If the whitelist is empty the blacklist is evaluated,
; otherwise calling a function not in the whitelist will terminate the script
; and get logged.
suhosin.executor.eval.whitelist =
; Comma separated blacklist of functions that are not allowed to be called from
; within eval(). If no whitelist is given, calling a function within the
; blacklist will terminate the script and get logged.
suhosin.executor.eval.blacklist =
; eval() is a very dangerous statement and therefore you might want to disable
; it completely. Deactivating it will however break lots of scripts. Because
; every violation is logged, this allows finding all places where eval() is
; used.
suhosin.executor.disable_eval = Off
; The /e modifier inside preg_replace() allows code execution. Often it is the
; cause for remote code execution exploits. It is wise to deactivate this
; feature and test where in the application it is used. The developer using the
; /e modifier should be made aware that he should use preg_replace_callback()
; instead.
suhosin.executor.disable_emodifier = Off
; This flag reactivates symlink() when open_basedir is used, which is disabled
; by default in Suhosin >= 0.9.6. Allowing symlink() while open_basedir is used
; is actually a security risk.
suhosin.executor.allow_symlink = Off
; -----------------------------------------------------------------------------
; Misc Options
; If you fear that Suhosin breaks your application, you can activate Suhosin's
; simulation mode with this flag. When Suhosin runs in simulation mode,
; violations are logged as usual, but nothing is blocked or removed from the
; request. (Transparent Encryptions are NOT deactivated in simulation mode.)
suhosin.simulation = Off
; APC 3.0.12(p1/p2) uses reserved resources without requesting a resource slot
; first. It always uses resource slot 0. If Suhosin got this slot assigned APC
; will overwrite the information Suhosin stores in this slot. When this flag is
; set Suhosin will request 2 Slots and use the second one. This allows working
; correctly with these buggy APC versions.
suhosin.apc_bug_workaround = Off
; When a SQL Query fails scripts often spit out a bunch of useful information
; for possible attackers. When this configuration directive is turned on, the
; script will silently terminate, after the problem has been logged. (This is
; not yet supported)
suhosin.sql.bailout_on_error = Off
; This is an experimental feature for shared environments. With this
; configuration option it is possible to specify a prefix that is automatically
; prepended to the database username, whenever a database connection is made.
; (Unless the username starts with the prefix)
suhosin.sql.user_prefix =
; This is an experimental feature for shared environments. With this
; configuration option it is possible to specify a postfix that is
; automatically appended to the database username, whenever a database
; connection is made. (Unless the username end with the postfix)
;
; With this feature it is possible for shared hosters to disallow customers to
; connect with the usernames of other customers. This feature is experimental,
; because support for PDO and PostgreSQL are not yet implemented.
suhosin.sql.user_postfix =
; This directive controls if multiple headers are allowed or not in a header()
; call. By default the Hardening-Patch forbids this. (HTTP headers spanning
; multiple lines are still allowed).
suhosin.multiheader = Off
; This directive controls if the mail() header protection is activated or not
; and to what degree it is activated. The appended table lists the possible
; activation levels.
suhosin.mail.protect = 1
; As long scripts are not running within safe_mode they are free to change the
; memory_limit to whatever value they want. Suhosin changes this fact and
; disallows setting the memory_limit to a value greater than the one the script
; started with, when this option is left at 0. A value greater than 0 means
; that Suhosin will disallows scripts setting the memory_limit to a value above
; this configured hard limit. This is for example usefull if you want to run
; the script normaly with a limit of 16M but image processing scripts may raise
; it to 20M.
suhosin.memory_limit = 0
; -----------------------------------------------------------------------------
; Transparent Encryption Options
; Flag that decides if the transparent session encryption is activated or not.
suhosin.session.encrypt = On
; Session data can be encrypted transparently. The encryption key used consists
; of this user defined string (which can be altered by a script via ini_set())
; and optionally the User-Agent, the Document-Root and 0-4 Octects of the
; REMOTE_ADDR.
suhosin.session.cryptkey =
; Flag that decides if the transparent session encryption key depends on the
; User-Agent field. (When activated this feature transparently adds a little
; bit protection against session fixation/hijacking attacks)
suhosin.session.cryptua = On
; Flag that decides if the transparent session encryption key depends on the
; Documentroot field.
suhosin.session.cryptdocroot = On
; Number of octets (0-4) from the REMOTE_ADDR that the transparent session
; encryption key depends on. Keep in mind that this should not be used on sites
; that have visitors from big ISPs, because their IP address often changes
; during a session. But this feature might be interesting for admin interfaces
; or intranets. When used wisely this is a transparent protection against
; session hijacking/fixation.
suhosin.session.cryptraddr = 0
; Number of octets (0-4) from the REMOTE_ADDR that have to match to decrypt the
; session. The difference to suhosin.session.cryptaddr is, that the IP is not
; part of the encryption key, so that the same session can be used for
; different areas with different protection levels on the site.
suhosin.session.checkraddr = 0
; Flag that decides if the transparent cookie encryption is activated or not.
suhosin.cookie.encrypt = 0
; Cookies can be encrypted transparently. The encryption key used consists of
; this user defined string and optionally the User-Agent, the Document-Root and
; 0-4 Octects of the REMOTE_ADDR.
suhosin.cookie.cryptkey =
; Flag that decides if the transparent session encryption key depends on the
; User-Agent field. (When activated this feature transparently adds a little
; bit protection against session fixation/hijacking attacks (if only session
; cookies are allowed))
suhosin.cookie.cryptua = On
; Flag that decides if the transparent cookie encryption key depends on the
; Documentroot field.
suhosin.cookie.cryptdocroot = On
; Number of octets (0-4) from the REMOTE_ADDR that the transparent cookie
; encryption key depends on. Keep in mind that this should not be used on sites
; that have visitors from big ISPs, because their IP address often changes
; during a session. But this feature might be interesting for admin interfaces
; or intranets. When used wisely this is a transparent protection against
; session hijacking/fixation.
suhosin.cookie.cryptraddr = 0
; Number of octets (0-4) from the REMOTE_ADDR that have to match to decrypt the
; cookie. The difference to suhosin.cookie.cryptaddr is, that the IP is not
; part of the encryption key, so that the same cookie can be used for different
; areas with different protection levels on the site.
suhosin.cookie.checkraddr = 0
; In case not all cookies are supposed to get encrypted this is a comma
; separated list of cookie names that should get encrypted. All other cookies
; will not get touched.
suhosin.cookie.cryptlist =
; In case some cookies should not be crypted this is a comma separated list of
; cookies that do not get encrypted. All other cookies will be encrypted.
suhosin.cookie.plainlist =
; -----------------------------------------------------------------------------
; Filtering Options
; Defines the reaction of Suhosin on a filter violation.
suhosin.filter.action = http://www.disney.com
; Defines the maximum depth an array variable may have, when registered through
; the COOKIE.
suhosin.cookie.max_array_depth = 100
; Defines the maximum length of array indices for variables registered through
; the COOKIE.
suhosin.cookie.max_array_index_length = 64
; Defines the maximum length of variable names for variables registered through
; the COOKIE. For array variables this is the name in front of the indices.
suhosin.cookie.max_name_length = 64
; Defines the maximum length of the total variable name when registered through
; the COOKIE. For array variables this includes all indices.
suhosin.cookie.max_totalname_length = 256
; Defines the maximum length of a variable that is registered through the
; COOKIE.
suhosin.cookie.max_value_length = 10000
; Defines the maximum number of variables that may be registered through the
; COOKIE.
suhosin.cookie.max_vars = 100
; When set to On ASCIIZ chars are not allowed in variables.
suhosin.cookie.disallow_nul = 1
; Defines the maximum depth an array variable may have, when registered through
; the URL
suhosin.get.max_array_depth = 50
; Defines the maximum length of array indices for variables registered through
; the URL
suhosin.get.max_array_index_length = 64
; Defines the maximum length of variable names for variables registered through
; the URL. For array variables this is the name in front of the indices.
suhosin.get.max_name_length = 64
; Defines the maximum length of the total variable name when registered through
; the URL. For array variables this includes all indices.
suhosin.get.max_totalname_length = 256
; Defines the maximum length of a variable that is registered through the URL.
suhosin.get.max_value_length = 512
; Defines the maximum number of variables that may be registered through the
; URL.
suhosin.get.max_vars = 100
; When set to On ASCIIZ chars are not allowed in variables.
suhosin.get.disallow_nul = 1
; Defines the maximum depth an array variable may have, when registered through
; a POST request.
suhosin.post.max_array_depth = 50
; Defines the maximum length of array indices for variables registered through
; a POST request.
suhosin.post.max_array_index_length = 64
; Defines the maximum length of variable names for variables registered through
; a POST request. For array variables this is the name in front of the indices.
suhosin.post.max_name_length = 64
; Defines the maximum length of the total variable name when registered through
; a POST request. For array variables this includes all indices.
suhosin.post.max_totalname_length = 256
; Defines the maximum length of a variable that is registered through a POST
; request.
suhosin.post.max_value_length = 65000
; Defines the maximum number of variables that may be registered through a POST
; request.
suhosin.post.max_vars = 200
; When set to On ASCIIZ chars are not allowed in variables.
suhosin.post.disallow_nul = 1
; Defines the maximum depth an array variable may have, when registered through
; GET , POST or COOKIE. This setting is also an upper limit for the separate
; GET, POST, COOKIE configuration directives.
suhosin.request.max_array_depth = 50
; Defines the maximum length of array indices for variables registered through
; GET, POST or COOKIE. This setting is also an upper limit for the separate
; GET, POST, COOKIE configuration directives.
suhosin.request.max_array_index_length = 64
; Defines the maximum length of variable names for variables registered through
; the COOKIE, the URL or through a POST request. This is the complete name
; string, including all indicies. This setting is also an upper limit for the
; separate GET, POST, COOKIE configuration directives.
suhosin.request.max_totalname_length = 256
; Defines the maximum length of a variable that is registered through the
; COOKIE, the URL or through a POST request. This setting is also an upper
; limit for the variable origin specific configuration directives.
suhosin.request.max_value_length = 65000
; Defines the maximum number of variables that may be registered through the
; COOKIE, the URL or through a POST request. This setting is also an upper
; limit for the variable origin specific configuration directives.
suhosin.request.max_vars = 200
; Defines the maximum name length (excluding possible array indicies) of
; variables that may be registered through the COOKIE, the URL or through a
; POST request. This setting is also an upper limit for the variable origin
; specific configuration directives.
suhosin.request.max_varname_length = 64
; When set to On ASCIIZ chars are not allowed in variables.
suhosin.request.disallow_nul = 1
; Defines the maximum number of files that may be uploaded with one request.
suhosin.upload.max_uploads = 25
; When set to On it is not possible to upload ELF executables.
suhosin.upload.disallow_elf = 1
; When set to On it is not possible to upload binary files.
suhosin.upload.disallow_binary = 0
; When set to On binary content is removed from the uploaded files.
suhosin.upload.remove_binary = 0
; This defines the full path to a verification script for uploaded files. The
; script gets the temporary filename supplied and has to decide if the upload
; is allowed. A possible application for this is to scan uploaded files for
; viruses. The called script has to write a 1 as first line to standard output
; to allow the upload. Any other value or no output at all will result in the
; file being deleted.
suhosin.upload.verification_script =
; Specifies the maximum length of the session identifier that is allowed. When
; a longer session identifier is passed a new session identifier will be
; created. This feature is important to fight bufferoverflows in 3rd party
; session handlers.
suhosin.session.max_id_length = 128
; Undocumented: Controls if suhosin coredumps when the optional suhosin patch
; detects a bufferoverflow, memory corruption or double free. This is only
; for debugging purposes and should not be activated.
suhosin.coredump = Off
; Undocumented: Controls if the encryption keys specified by the configuration
; are shown in the phpinfo() output or if they are hidden from it
suhosin.protectkey = 1
; Controls if suhosin loads in stealth mode when it is not the only
; zend_extension (Required for full compatibility with certain encoders
; that consider open source untrusted. e.g. ionCube, Zend)
suhosin.stealth = 1
; Controls if suhosin's ini directives are changeable per directory
; because the admin might want to allow some features to be controlable
; by .htaccess and some not. For example the logging capabilities can
; break safemode and open_basedir restrictions when .htaccess support is
; allowed and the admin forgot to fix their values in httpd.conf
; An empty value or a 0 will result in all directives not allowed in
; .htaccess. The string "legcprsum" will allow logging, execution, get,
; post, cookie, request, sql, upload, misc features in .htaccess
suhosin.perdir = "0"

• what u thing in these setting it is correct?

• should i use values like : ( 511 , 9 , 2 , 1 , 5 , 0 ... ) or Constants like ( S_ALL , S_MAIL , S_MEMORY , S_SQL ... ) ?

• sould i install Suhosin Extension 0.9.20 ?

• How i can know that suhosin work and protect my php?

View 2 Replies View Related

Suhosin And .htaccess

Sep 3, 2007

I just installed suhosin to setup some limits on one of my servers, everything works well. however, user can still remove these limits by adding php_value in .htaccess, which is not so good.

View 5 Replies View Related

Adding Extension To Apache Config

Apr 20, 2009

I run a Perl/CGI script from a Web page to download some files located in a Linux server. When I click from a Windows XP on the link of the file to download via this Web page (IE), a dialog box will be displayed to ask me to "Open" or "Save" the file (.txt, .doc, .xls,...) but for some extensions like ".dat" or ".asc", the dialog box ask me to save it only and I have not an "Open" button.

I tried to configure Apache to add these extensions as text/plain by adding these lines in http.conf:

AddType text/plain .asc .txt .dat

How can I add these extensions (.dat, .asc and other extensions) to Apache configuration to be able to open it with Textpad or Notepad?

I hope that the users will be able to open it with Notepad or TextPad without saving it. I know that we can add this type directly in the stations XP but I have a lot of users and I cannot manage that. I hope to perform it from the server. I think something is wrong or missing in my AddType, AddHandler or LoadModule?

View 5 Replies View Related

Enabling PDO W/ MySQL Extension On CentOS

Jul 11, 2009

I have a server running CentOS with PHP 5.2 and I'm trying to figure out how to enable PDO with the MySQL extension. I had thought PDO always came enabled with 5.2, but that apparently isn't so with this box. I am only familiar with Ubuntu/Debian, and am not sure how things are done on CentOs.

View 2 Replies View Related

Does PrecisionEffect Really Support Frontpage Extension

Aug 9, 2008

I was always told by their customer service that FE was supported. Always means before I placed an order, before I transferred the host and after the DNS propogation.

But FE didn't work for me! After more than 20 emails exchanged under the same tickent #, PrecisionEffect said 'look into this a bit more' then kept silent for more than 4 hours, not as normal as their outstanding response time in minutes.

My client was getting panic. She was losing the business because the web site coulnd't work properly without FE enabled.

I had to return to our old host.

View 9 Replies View Related

Doesn't Appear To Be A Valid Zend Extension

Jan 28, 2008

I have probelm when I run this command :

[root@server ~]# tail -f /etc/httpd/logs/error_log 

I have this output :

doesn't appear to be a valid Zend extension doesn't appear to be a valid Zend extension ...

this is my php -v :

[root@server ~]# php -vPHP 5.2.5 (cli) (built: Jan 23 2008 12:42:14)Copyright (c) 1997-2007 The PHP GroupZend Engine v2.2.0, Copyright (c) 1998-2007 Zend Technologies    with the ionCube PHP Loader v3.1.32, Copyright (c) 2002-2007, by ionCube Ltd., and    with Zend Extension Manager v1.2.0, Copyright (c) 2003-2007, by Zend Technologies    with Suhosin v0.9.22, Copyright (c) 2007, by SektionEins GmbH    with Zend Optimizer v3.3.0, Copyright (c) 1998-2007, by Zend Technologies[root@server ~]# 

View 7 Replies View Related

How To Enable And Install Php Soap Extension

Mar 24, 2008

I just get my server today. I have a scipt is require php soap extension. I don't what is teh step and how to install

My serrver is preinstall php 5. May I know how to enable and install php soap extension?

View 6 Replies View Related

Suhosin Not Installing Correctly

Apr 26, 2008

I have just ran easyapache to update from 5.2.4 to 5.2.5 and selected suhosin.

I can see no evidence of it by viewing phpinfo scripts such as vbulletin's.

i should be able to see something like this yes?
[url]

and there is nothing new in php.ini other than:

Directory in which the loadable extensions (modules) reside.
extension_dir = "/usr/local/lib/php/extensions/no-debug-non-zts-20060613"
zend_extension="/usr/local/IonCube/ioncube_loader_lin_5.2.so"
zend_extension_ts="/usr/local/IonCube/ioncube_loader_lin_5.2_ts.so"
extension="suhosin.so"

Via SSH i get this

# php -v
PHP 5.2.5 (cli) (built: Apr 26 2008 06:45:31)
Copyright (c) 1997-2007 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2007 Zend Technologies
with the ionCube PHP Loader v3.1.32, Copyright (c) 2002-2007, by ionCube Ltd., and
with Zend Extension Manager v1.2.2, Copyright (c) 2003-2007, by Zend Technologies
with Suhosin v0.9.23, Copyright (c) 2007, by SektionEins GmbH
with Zend Optimizer v3.3.3, Copyright (c) 1998-2007, by Zend Technologies

# /usr/bin/php -v
PHP 5.2.5 (cgi) (built: Apr 26 2008 06:49:11)
Copyright (c) 1997-2007 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2007 Zend Technologies
with the ionCube PHP Loader v3.1.32, Copyright (c) 2002-2007, by ionCube Ltd., and
with Zend Extension Manager v1.2.2, Copyright (c) 2003-2007, by Zend Technologies
with Suhosin v0.9.23, Copyright (c) 2007, by SektionEins GmbH
with Zend Optimizer v3.3.3, Copyright (c) 1998-2007, by Zend Technologies

View 3 Replies View Related

Auth_imap: Required IMAP Extension Not Found.

Jul 2, 2008

I am having a hard time tracking this down. Its a Cpanel/WHM server; 64 bit; Centos 5.2 server

In easyapache i have selected imap to be compiled in...

Problem:

When logging into Horde it get the following

A fatal error has occurred
Auth_imap: Required IMAP extension not found.
Details have been logged for the administrator.

php -m | grep imap

Shows nothing loaded. I am completely stumped with this, can anyone help ?

Also its not just Horde, but any PHP code using imap, its almost as if its not compiled in at all.

View 2 Replies View Related

Php4 Extension (eaccelerator) Not Loading Anymore

Mar 7, 2007

Server :
pentium IV 3.0 Ghz
debian 3.1
kernel 2.6
apache2
php4.3.10

Some months ago I installed php4 on this server , and added eaccelerator.net , mostly with this site as guide. Everything worked fine.

Few days ago I realize I hadn't updated this server for a while. I run 'apt-get update' and 'apt-get dist-upgrade' . A whole lot of things get updated, and after that I perform a reboot, as adviced by the update script.

The next day I experiment a bit with the profiler of xdebug . I manage to install it , play around with the results, but decide to uncomment it from php.ini again as it is not that helpfull to me and it makes quiet big log files too.

Today I notice this server is getting very big loads. Normally on peak evenings it would float around 2-4 , with sometime jumps to 10-12 but always quickly recovering and working well. But on this evening it kept rising, stayed around 30-60 for most of the time, and even hit up to 85 . It only lowers when the busy hours are really over. So I look around everywhere , and then after a few hours I notice that eaccelerator is not visible in phpinfo(); anymore. This is the only weird thing I could find, and I assume this caused a big difference on the performance.

I dont know why exactly it went away. Maybe it was the server update, wich touched a lot of files. But I thought it was not supposed to update any configuration files, not without warning at least. I could also have been the xdebug script, wich also uses 'phpize' to install and also required editing in php.ini . I really wish I noticed the lack of eaccelerator after the update but before trying xdebug.

So I try to install eaccelerator again. Unpack from source, phpize, make, etc etc, just as last time. I edit php.ini to make sure the load command and settings of eaccelerator are still there and reload apache. I check phpinfo(); , but nothing changes. I try it all again to be sure, but still nothing. I check the location of the .so files, yes they are still there and the rights of the files look ok.

I edit php.ini again and uncomment 'extension=mysql.so', and reload apache. I notice a mysql error on my site as expected. So that means I'm really editing the right php.ini file and that I can influence the extensions that are loaded. I add the mysql extension again and reload apache.

I load an old php.ini backup file, from right after first installation of this server. The eaccelerator settings are there too already, but if I try it and reload apache : no difference.

I reboot my server again, because .. well sometimes it helps. But not with this. phpinfo(); still says no eaccelerator.

I check another server, exact same specs, same php+eaccelerator installation on the same day as the first one. I compare versions of apache/php/php extensions/zend extensions and all numbers I can find. Everything still looks the same, except server 1 does not have eaccelerator and server 2 still has.

I'm shomehow out of things to check now. I'm pretty sure eaccelerator has a big influence on the performance of my heavy php site, and I want it back. Everything looks ok, the files are there, the settings in php.ini are there, it should work ... but it doesnt. No errors or warnings anywhere, just phpinfo(); saying that eaccelerator has not been loaded and the high loads are confirming this.

It will either be a very complicated solution, or a very simple one, but I'm just looking over it. Does anyone has any tips on where to look or what to try ? Thanks.

View 4 Replies View Related

Suhosin And Server With 300+sites, May It Cause A Conflict

Oct 24, 2007

Im using RHE 4 + cpanel

Im considering Suhosin, in fact i am using it in other plain server were i have 1 or 2 sites. But this is a very high traffic with 300 + sites, lot of sites are using cms apps..

may it cause conflicts with this apps?

View 2 Replies View Related

Installing An Extension :: Warning: Mkdir(): No Such File Or Directory

Apr 30, 2008

downloading mailparse-2.1.4.tgz ...

Starting to download mailparse-2.1.4.tgz (36,862 bytes)
..........done: 36,862 bytes
9 source files, building
running: phpize
Configuring for:
PHP Api Version: 20041225
Zend Module Api No: 20060613
Zend Extension Api No: 220060519
building in /var/tmp/pear-build-root/mailparse-2.1.4

Warning: mkdir(): No such file or directory in System.php on line 273

Warning: mkdir(): No such file or directory in /usr/local/lib/php/System.php on line 273
ERROR: could not create build dir: /var/tmp/pear-build-root/mailparse-2.1.4

Thats what happens when I try to install an extension.

View 3 Replies View Related

Dedicated Server Resolver Since Suhosin Install

Jun 19, 2009

For the last several days on one of our dedicated servers, a AMD 3000+ 2GB RAM 2x80GB HDD 5TB traffic installed with CentOS 5.3 64-bit w/a GNU Linux kernel-2.6.18-128.1.10.el5, we use as a 'backup' to our master, we've been having resolver issues. If we attempt to ping, dig or nslookup ANY hostname, we get "unknown host domainexample.com". We can, however, ping IP addresses, including the external one for the server. (Pinging the server from another, not connected to the network returns 0% packet loss.)

Our package managers can't resolve hostnames, either. For instance, when we try to run yum, we get:

"Could not retrieve reponamehere [url]
[Errno 4] IOError: <urlopen error (-2, 'Name or service not known')>
Error: Cannot find a valid baseurl for repo: reponamehere"

We've already tried disabling several repos and it should be noted that when we use "wget" or "git" or any other package installer, we have the same resolving issues.

Our "/etc/resolv.conf" contains nameservers for the major upstream DC to our provider, which gave us permission to use them. We've tried two sets from them as well as those from our provider and from a DNS service provider. None have worked. (BTW, We have two servers with this provider and the other one is fine; the provider, though this is an unmanaged sever, is attempting to be very helpful and responsive. No problems there.)

We've tried rebooting the server and flushing IPtables as well as stopping it altogether. (Thankfully, we've set our DNS, SQL and httpd servers to run on boot) Nothing seems to resolve the issue (no pun intended).

However, we think this problem may have to do with having installed Suhosin on the server this past weekend since it seems to have started shortly after that but we're not sure. We are getting the following errors in from our httpd logs, though:

[Fri Jun 19 12:52:25 2009] [notice] Graceful restart requested, doing restart
[Fri Jun 19 12:52:25 2009] [error] (9)Bad file descriptor: apr_socket_accept: (client socket)
[Fri Jun 19 12:52:26 2009] [notice] Digest: generating secret for digest authentication ...
[Fri Jun 19 12:52:26 2009] [notice] Digest: done
PHP Warning: PHP Startup: Unable to load dynamic library '/usr/lib64/php/modules/suhosin.so' - /usr/lib64/php/modules/suhosin.so: undefined symbol: php_rfc1867_callback in Unknown on line 0
[Fri Jun 19 12:52:26 2009] [notice] mod_python: Creating 4 session mutexes based on 256 max processes and 0 max threads.
[Fri Jun 19 12:52:27 2009] [notice] Apache configured -- resuming normal operations

When we ran 'tcpdump', all it returned was the IP address for the server connected on several ports via SSH. Running 'netstat -an' shows the server's IP address, again connected on different ports, and the localhost address connected on a few. No other IP addresses--and we have about 10--are showing as connected.

Anyway, this is all we've been able to figure out. Anyone had this problem and solved it successfully?

View 7 Replies View Related

Server Ban Me, How2find If Iptables, Apf, Mod_security, Suhosin

Apr 17, 2009

My server ban me sometimes, while I am surfing on one of my websites(mostly Drupal, Joomla, Wordpress). Sometimes it happens with first visit sometimes later. I couldnt find the reason. Sometimes I cannot either create a ssh connection after ban. But ping answered after ban.

Which path/logs should I analize to find it? I tried with grep but couldnt find:

grep -iR 'my.old.ip' /var/log ... /etc/apf ... /usr/local/apache/...

I think mod_security and suhosin cannot block ssh, then iptables, lokkit or apf must be preventer here.

Where are logs of Iptables and APF? Or how can I find the reason?

View 2 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved