PHP Scripting And Permissions On Unix

Dec 26, 2007

I currently have a script with code below that works great when the permissions on the dbconnect.php file are 755. The problem with this is that anyone on the web can see this config file which contains passwords DOH! If I change it to 751, then it tells me "cannot connect". The user and group on both the page and this script are the same.

With apache, i use the setting to store http and https files in the same directory.

Any ideas how to make this a little more secure? Changing the permission to 751 would do the trick but then it breaks the script. I don't understand why the script would be running taking "other" permissions into account...it should be running with "user" permissions instead. it might even have something to do with who the apache executable is running as...

<?php

include("../../../cgi-bin/dbconnect.php");

// Connect to server and select database.
mysql_connect("$databasehost", "$dbuser", "$dbpword")or die("cannot connect");
mysql_select_db("$dbname")or die("cannot select DB");

View 2 Replies


ADVERTISEMENT

Dumb Unix Permissions

Mar 2, 2007

I'm a Unix newbie so please forgive me if this is a really dumb question but I haven't quite been able to figure it out...

I'm trying to set up a form script to replace formmail on the server. I've set it up in the cgi-sys bin. I chmod the script 755, but when I try to call it I get 500 error messages.

I was looking at the permissions and I noticed that all the other scripts have the "wheel" setting.. such as:

197633 -rwxr-xr-x 4 root wheel 3479620 Dec 22 03:04 _formmail.cgi*

The new form I added as "root" instead of "wheel":

1280150 -rwxr-xr-x 1 root root 12342 Mar 1 21:46 mycontactform.pl*

How do I change it so that "mycontactform.pl" is in the "wheel" group so that it works? Anything else I should know/do to make this secure? I don't know enough about the permissions to change this. I want all the customers on the server to be able to use the new form.

View 3 Replies View Related

Cross Scripting Attack

May 10, 2009

On IIS6 many of thesite are under cross scripting attack I tried by remove the the code but it affects again after some time I reset the ftp password and passowrd is a combination of complex alpna numeric character.I have cheked the permission it is ok.

How you guys fight with cross dcripting attack.

View 9 Replies View Related

Servage With Perl Scripting

Dec 1, 2008

I've used Servage for about 18 months. For most of that time there have been no problems. Then they decided to upgrade the cluster. This happened 3 weeks ago. Since then, there has been a catalogue of problems, mostly centred around a Perl script my site uses to implement a wiki.

The first problem was that they had removed four of the supporting Perl modules used by my Perl script. All of the missing modules are ones you would expect to find on any server that claims to support Perl. They had warned that this might happen (obviously too difficult for them to make sure that the upgraded server has all the Perl modules) so I notified them with a list of missing modules expecting the modules to be restored quickly. It actually took 1 week, during which time their support team tried their best to annoy me by giving responses related to PHP (apparently they'd managed to kill PHP scripting completely) and a non-working link to a list of installed modules (I knew what was installed already).

Having now got the script running, I hit a further problem. Prior to the upgrade the script had run under the "webserver" account. It was now running under the "you" account. This meant it couldn't write to its own data files. I had real trouble getting Servage to understand this one, let alone fix it. Most of their answers were about how to change the ownership of my script, which makes absolutely no difference to the problem. Eventually, after 4 days, they tried to fix the problem. The result was that my website became completely inaccessible. Even the static content was giving a 403 error. Again, it took support a while to understand the problem and about 1.5 days to fix it.

At this point Servage claimed to have fixed all outstanding issues. However, my script was still running under the wrong account. In frustration, I changed the ownership of all the script's data files to "you", which at least got my wiki running again.

However, I now find that people can't upload images to the site. Any attempt to do so produces an error "CGI open of tmpfile: Permission denied".

I've given up. I think my chances of getting Servage to even understand the problem are minimal. I'm not even going to try. I will be moving to another host as soon as possible - probably a VPS. That way I should be able to fix most problems myself.

View 14 Replies View Related

Linux BASH Scripting

Dec 7, 2008

I am currently trying to create a bash script which I will run off a loop with a sleep interval that will query tcpdump (udp packets only) on a network interface, and is looking for length 10 packets.

So far so good, not that hard to code I know (Already made it / coded it this far perfectly). Now here is the tricky part, I only want the bash script to identify IP's that have sent over 15 packets with the length of 10. (This is the part that I can't seem to find a way to code).

I was thinking, from the output maybe to calculate the number of lines with the same equal IP's.

Once this script identifies that, it will automatically run a command which I have set. (Quite easy, and I can do this).

I am looking for someone to help me with this. It is a fairly simple and quick job (editing the script I have at the moment). I am willing to also pay (if needed) an amount for this to be completed too. Obvieusly not that much, but still something I am sure we can work out.

View 2 Replies View Related

ASP Scripting On Linux Server

Oct 1, 2007

I have my site in asp scripting but it was suspended yesterday because of high resource usage on shared server. Thats why am looking for VPS, though it is difficult to find a good windows VPS, so i have decided to get a Linux VPS. But am confused that whether a linux vps will meet my requirement.

My site is using asp scripting with access databases on backend. I can host my access databases on a windows server and can provide the link in connection string. So, will webserver on a linux server be able to execute my asp scripting fine as IIS do on windows server.

Also i have music section that plays file in .wma format using windows media player, as i have used embedded object for windows media player. So there must be windows media player installed on linux server.

whether it is good decision to host site on linux server and will my objective be met in this case.

View 6 Replies View Related

Bash Scripting :: Inode And Directory Size Counter

Apr 4, 2009

I'm writing an inode and directory size counter, but hit a snag with directories that contain a space.

Simple code, finds all directories within a folder, sets the current directory:

for i in `find . -type d`; do ls $i; done

Looks correct? It works great, until you hit directories with spaces. So I try the following methods:

for i in `find . -type d|sed 's/ / /g'`; do ls $i; done
for i in `find . -type d|sed 's/ / /g'`; do ls "$i"; done

What is happening is, at the ( for i in ), it treats each item at the first break, if its
or a ' '. Is there a flag I can set to make it only use
? When I pipe the data, it sends each chunk of the directory through.

[root@home /home/mindbend/dev_html]# for i in `find . -type d|sed 's/ / /g'`; do ls $i; done

ls: ./test: No such file or directory
ls: ing: No such file or directory
ls: 12: No such file or directory
ls: 3: No such file or directory
ls: ./test: No such file or directory
ls: ing: No such file or directory
ls: 12: No such file or directory
ls: 3/test: No such file or directory
ls: 2: No such file or directory

# ls -d test ing 12 3/
test ing 12 3/

#ls -d test ing 12 3/test 2/
test ing 12 3/test 2/

GNU bash, version 3.2.39(1)-release (i386-portbld-freebsd7.1)
Copyright (C) 2007 Free Software Foundation, Inc.

Issue exists on linux and freebsd, same code.

View 3 Replies View Related

Grant Priviledge For A User To A Database Via Bash Scripting

Jun 4, 2007

I tried grant a user to have access to a database via a shell script.

Database 'userdb' and user 'user1' are already setup.

This is my code .

Code:
#!/bin/sh

mysql -u root -pROOTPASS <<!
grant all privileges on userdb.* to user1@localhost
identified by 'dbpasswd' with grant option;
!
The code doesn't work.

View 11 Replies View Related

Which VPS Is Best For HP Unix

Dec 4, 2008

I am trying to find out how to install VPS on HP Unix OS and which one to chose.
Can you set me on right track?

View 2 Replies View Related

Unix FTP To Get All

Sep 4, 2007

Any Unix FTP tool to get all files (files+subdirectories) from remote server with 1 line command?i'm using FreeBSD

View 1 Replies View Related

Unix

Aug 13, 2007

Ive recently switched from PC to OSX, i now own '2' Macs, a laptop and a G4 Quicksilver, although its CPU speed is slower and the Ram is lesser then my old PC, it performs much much quicker and more efficient.

The question is, i'm a web developer, i know very little about the back end goings on, such as System Administration, but i've got a few books on the subject which are aimed at Unix system administrators. Does UNIX cover both OSX and Linux (Debian mainly).

Eventually i want to be able to run my own server, i own a debian dedicated server, but its not my own, its the datacenter's and i dont really know enough to get down and dirty in the back end. Id like to be able to set up servers from scratch in the long run.

So would learning UNIX cover both OSX and Linux, im not bothered about Windows, i don't plant to use a Windows machine again.

View 2 Replies View Related

Php On Unix Or Windows

Mar 8, 2009

is there any performance difference using php on unix and (isapi)windows platform?

View 13 Replies View Related

Unix Server Security

Nov 6, 2009

My server has been hacked, I need you please to help learn about Unix server security to protect my server.

View 6 Replies View Related

What VPS Panel Do You Use On Linux/Unix

Feb 14, 2009

Beside Parallels Virtuozzo, what other commercial VPS Panel do you prefer to use on Linux/Unix?

View 7 Replies View Related

AT&T Unix Shared Hosting

Sep 2, 2008

I thought this was interesting.

AT&T Shared Unix Hosting

Anyone have any experience w/ this?

View 7 Replies View Related

Unix: Sorting Out Connected IP

Nov 23, 2007

Is there a way where i can view which IP connected to my server the most? I need to find out if there is certain IP keep hitting my mail server until it crashed.

Preferably the software could sort out the highest hit IP then to the lowest.

View 9 Replies View Related

Preferable *unix For Web Server

May 22, 2008

I`ve been playing with Debian and FreeBSD for couple weeks so far. As a noobie I`d like to ask you what distribution you prefer for web server? I know that it is said "the best is the one you know better" but in my situation it is hard to say that I really know either Debian or FreeBSD.

So what would you recommend in my situation (new to *unix topic) if I have to set web server for a company site?

I`m mostly interested in security, relatively easy to configure/secure/find info how-to, easy to update soft apache/php/mysql.

View 12 Replies View Related

Better - Windows, Unix Or Linux?

May 14, 2008

which hosting is better - Windows, Unix or Linux?

View 9 Replies View Related

Asp In Linux/unix Server

Sep 7, 2007

I see a company that support asp in linux server. i search and i found that a mod in apache server do it.

who know about this mod?

install it in my server?

View 5 Replies View Related

Unix Startup Script

Jun 11, 2007

I have a perl shell script usr/bin/ken.pl

this script need to run whenever the server starts and must never stop running,

I am currently starting it as follows

./nohup /use/bin/ken.pl

does anyone know how to make this script at startup?

View 3 Replies View Related

Spam Menagement On Plesk Unix

Aug 6, 2008

I have a VPS with Plesk8.1 on Unix, All my customers are complaining becaouse of daily 100-200 spam mails per acccount. What is the best software or add on for this problem you can reccomnend.

I want to :

-see the junk mails for all accounts in somewhere so i can train if there are normal mails considered as spam. (Not Spam Option)

View 1 Replies View Related

Virus Scanner For Unix Server?

Aug 27, 2007

I wonder which virus scanner software is useful for Unix server(Centos 4.5). One of my client install SMF forum and when visitors access the forum,their virus scanner warn that site is affected by trojan. I used Clamav to scan entire home directory but seem nothing found.

View 4 Replies View Related

Cons And Pros Of Using UNIX Or Windows?

May 10, 2009

What are the cons and pros of using UNIX or Windows? Or maybe even Novell. Also, which UNIX distro is most efficient and secure for web hosting?

View 14 Replies View Related

Managed, Dedicated, UNIX, Hosting

Oct 27, 2008

I'm currently using a SiteGround virtual private server with the following spec:

OS:CentOS (Linux)
cPanel: yes
Support:24/7
RAM: 512 MB
Accounts: 1 main
Traffic: 1,000 GB
Price/mo: $99.00

I'm hosting x2 Joomla 1.5 sites using PHP v5 with the following extensions:
Sobe2
OpenX
Community Builder
Fireboard
Virtumart

The problem is that both sites have several sizable databases, each in excess of 100k records. After uploading the first 90k records to mySQL it became apparent that performance was going to be an issue. I'm therefore considering a dedicated server, tuned for returning fast DB results.

Firstly, would a dedicated server solve my performance issues?

Secondly, what are the critical components, spec wise, that would ensure superfast DB calls?

Like everyone, I'm looking for the best value, meaning solid support, uptime and a low monthly cost. I have been recommended the following hosting partners, but would like everyones input:

site5.com
rackspace.com
iweb.com
singlehop.com
servepath.com
superbhosting.net
Rochen.com

View 14 Replies View Related

Execl Throughput In Unix Bench

Jun 24, 2008

Just got a new server and I tried Unix Bench on it.

Everything seems ok except for the Execl Throughput

What exactly is Execl Throughput? What part of the server is responsible for its value?

View 3 Replies View Related

Unix: Check For Disk Health

Oct 9, 2007

How to check for disk health in Unix (freebsd)?

View 7 Replies View Related

How To Clear UNIX History Of User

Jan 4, 2007

Can someone tell me how to clear the history of a UNIX user? For example, when logged in as a certain user I can press UP to see the last commands that were used. How can I get rid of them?

View 3 Replies View Related

Unix Command To Zip Multiple Directories

Apr 15, 2007

I have directory1, directory2, directory3 etc and each has directories inside them. Is it possible to zip them all (directory1, directory2, directory3 and their contents) into one .zip file? If so, what is it?

View 1 Replies View Related

Unix Command :: Space A Directory Taking?

Feb 21, 2008

what is the linux command to check, how much space is a directory taking?

and

what is the linux command to check, how much space are directories taking in increasing or decreasing order of there sizes?

View 2 Replies View Related

Unix/Linux Ffmpeg Segmentation Fault

Sep 5, 2008

I'm transcoding videos on a web server using ffmpeg and can successfully transcode some video formats but am having a few issues.

One of them is that I get a "Segmentation Fault" when trying to transcode a video in h.264 codec. I can't find much by searching and am wondering if that's a codec issue, or something else.

any experience with ffmpeg?

View 1 Replies View Related

Recommendation For An Open Source Firewall Running On Unix

Jun 11, 2008

Do you have any recommendation for an open-source firewall running on Unix which could do:

- Filter and redirect incoming (with exception for some IP).

- Filter outgoing port (with exception for some local IP or MAC).

- Monitoring incoming traffic

- Monitoring outgoing traffic

- Block access from external to a list of IP

- Proxy authentification

- VPN configuration

I search for 2 days now and nothing seems to respond to these requirements. It's for a local network.

View 1 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved