PHP Scripting And Permissions On Unix
Dec 26, 2007
I currently have a script with code below that works great when the permissions on the dbconnect.php file are 755. The problem with this is that anyone on the web can see this config file which contains passwords DOH! If I change it to 751, then it tells me "cannot connect". The user and group on both the page and this script are the same.
With apache, i use the setting to store http and https files in the same directory.
Any ideas how to make this a little more secure? Changing the permission to 751 would do the trick but then it breaks the script. I don't understand why the script would be running taking "other" permissions into account...it should be running with "user" permissions instead. it might even have something to do with who the apache executable is running as...
<?php
include("../../../cgi-bin/dbconnect.php");
// Connect to server and select database.
mysql_connect("$databasehost", "$dbuser", "$dbpword")or die("cannot connect");
mysql_select_db("$dbname")or die("cannot select DB");
View 2 Replies
ADVERTISEMENT
Mar 2, 2007
I'm a Unix newbie so please forgive me if this is a really dumb question but I haven't quite been able to figure it out...
I'm trying to set up a form script to replace formmail on the server. I've set it up in the cgi-sys bin. I chmod the script 755, but when I try to call it I get 500 error messages.
I was looking at the permissions and I noticed that all the other scripts have the "wheel" setting.. such as:
197633 -rwxr-xr-x 4 root wheel 3479620 Dec 22 03:04 _formmail.cgi*
The new form I added as "root" instead of "wheel":
1280150 -rwxr-xr-x 1 root root 12342 Mar 1 21:46 mycontactform.pl*
How do I change it so that "mycontactform.pl" is in the "wheel" group so that it works? Anything else I should know/do to make this secure? I don't know enough about the permissions to change this. I want all the customers on the server to be able to use the new form.
View 3 Replies
View Related
May 10, 2009
On IIS6 many of thesite are under cross scripting attack I tried by remove the the code but it affects again after some time I reset the ftp password and passowrd is a combination of complex alpna numeric character.I have cheked the permission it is ok.
How you guys fight with cross dcripting attack.
View 9 Replies
View Related
Dec 1, 2008
I've used Servage for about 18 months. For most of that time there have been no problems. Then they decided to upgrade the cluster. This happened 3 weeks ago. Since then, there has been a catalogue of problems, mostly centred around a Perl script my site uses to implement a wiki.
The first problem was that they had removed four of the supporting Perl modules used by my Perl script. All of the missing modules are ones you would expect to find on any server that claims to support Perl. They had warned that this might happen (obviously too difficult for them to make sure that the upgraded server has all the Perl modules) so I notified them with a list of missing modules expecting the modules to be restored quickly. It actually took 1 week, during which time their support team tried their best to annoy me by giving responses related to PHP (apparently they'd managed to kill PHP scripting completely) and a non-working link to a list of installed modules (I knew what was installed already).
Having now got the script running, I hit a further problem. Prior to the upgrade the script had run under the "webserver" account. It was now running under the "you" account. This meant it couldn't write to its own data files. I had real trouble getting Servage to understand this one, let alone fix it. Most of their answers were about how to change the ownership of my script, which makes absolutely no difference to the problem. Eventually, after 4 days, they tried to fix the problem. The result was that my website became completely inaccessible. Even the static content was giving a 403 error. Again, it took support a while to understand the problem and about 1.5 days to fix it.
At this point Servage claimed to have fixed all outstanding issues. However, my script was still running under the wrong account. In frustration, I changed the ownership of all the script's data files to "you", which at least got my wiki running again.
However, I now find that people can't upload images to the site. Any attempt to do so produces an error "CGI open of tmpfile: Permission denied".
I've given up. I think my chances of getting Servage to even understand the problem are minimal. I'm not even going to try. I will be moving to another host as soon as possible - probably a VPS. That way I should be able to fix most problems myself.
View 14 Replies
View Related
Dec 7, 2008
I am currently trying to create a bash script which I will run off a loop with a sleep interval that will query tcpdump (udp packets only) on a network interface, and is looking for length 10 packets.
So far so good, not that hard to code I know (Already made it / coded it this far perfectly). Now here is the tricky part, I only want the bash script to identify IP's that have sent over 15 packets with the length of 10. (This is the part that I can't seem to find a way to code).
I was thinking, from the output maybe to calculate the number of lines with the same equal IP's.
Once this script identifies that, it will automatically run a command which I have set. (Quite easy, and I can do this).
I am looking for someone to help me with this. It is a fairly simple and quick job (editing the script I have at the moment). I am willing to also pay (if needed) an amount for this to be completed too. Obvieusly not that much, but still something I am sure we can work out.
View 2 Replies
View Related
Oct 1, 2007
I have my site in asp scripting but it was suspended yesterday because of high resource usage on shared server. Thats why am looking for VPS, though it is difficult to find a good windows VPS, so i have decided to get a Linux VPS. But am confused that whether a linux vps will meet my requirement.
My site is using asp scripting with access databases on backend. I can host my access databases on a windows server and can provide the link in connection string. So, will webserver on a linux server be able to execute my asp scripting fine as IIS do on windows server.
Also i have music section that plays file in .wma format using windows media player, as i have used embedded object for windows media player. So there must be windows media player installed on linux server.
whether it is good decision to host site on linux server and will my objective be met in this case.
View 6 Replies
View Related
Apr 4, 2009
I'm writing an inode and directory size counter, but hit a snag with directories that contain a space.
Simple code, finds all directories within a folder, sets the current directory:
for i in `find . -type d`; do ls $i; done
Looks correct? It works great, until you hit directories with spaces. So I try the following methods:
for i in `find . -type d|sed 's/ / /g'`; do ls $i; done
for i in `find . -type d|sed 's/ / /g'`; do ls "$i"; done
What is happening is, at the ( for i in ), it treats each item at the first break, if its
or a ' '. Is there a flag I can set to make it only use
? When I pipe the data, it sends each chunk of the directory through.
[root@home /home/mindbend/dev_html]# for i in `find . -type d|sed 's/ / /g'`; do ls $i; done
ls: ./test: No such file or directory
ls: ing: No such file or directory
ls: 12: No such file or directory
ls: 3: No such file or directory
ls: ./test: No such file or directory
ls: ing: No such file or directory
ls: 12: No such file or directory
ls: 3/test: No such file or directory
ls: 2: No such file or directory
# ls -d test ing 12 3/
test ing 12 3/
#ls -d test ing 12 3/test 2/
test ing 12 3/test 2/
GNU bash, version 3.2.39(1)-release (i386-portbld-freebsd7.1)
Copyright (C) 2007 Free Software Foundation, Inc.
Issue exists on linux and freebsd, same code.
View 3 Replies
View Related
Jun 4, 2007
I tried grant a user to have access to a database via a shell script.
Database 'userdb' and user 'user1' are already setup.
This is my code .
Code:
#!/bin/sh
mysql -u root -pROOTPASS <<!
grant all privileges on userdb.* to user1@localhost
identified by 'dbpasswd' with grant option;
!
The code doesn't work.
View 11 Replies
View Related
Dec 4, 2008
I am trying to find out how to install VPS on HP Unix OS and which one to chose.
Can you set me on right track?
View 2 Replies
View Related
Sep 4, 2007
Any Unix FTP tool to get all files (files+subdirectories) from remote server with 1 line command?i'm using FreeBSD
View 1 Replies
View Related
Aug 13, 2007
Ive recently switched from PC to OSX, i now own '2' Macs, a laptop and a G4 Quicksilver, although its CPU speed is slower and the Ram is lesser then my old PC, it performs much much quicker and more efficient.
The question is, i'm a web developer, i know very little about the back end goings on, such as System Administration, but i've got a few books on the subject which are aimed at Unix system administrators. Does UNIX cover both OSX and Linux (Debian mainly).
Eventually i want to be able to run my own server, i own a debian dedicated server, but its not my own, its the datacenter's and i dont really know enough to get down and dirty in the back end. Id like to be able to set up servers from scratch in the long run.
So would learning UNIX cover both OSX and Linux, im not bothered about Windows, i don't plant to use a Windows machine again.
View 2 Replies
View Related
Mar 8, 2009
is there any performance difference using php on unix and (isapi)windows platform?
View 13 Replies
View Related
Nov 6, 2009
My server has been hacked, I need you please to help learn about Unix server security to protect my server.
View 6 Replies
View Related
Feb 14, 2009
Beside Parallels Virtuozzo, what other commercial VPS Panel do you prefer to use on Linux/Unix?
View 7 Replies
View Related
Sep 2, 2008
I thought this was interesting.
AT&T Shared Unix Hosting
Anyone have any experience w/ this?
View 7 Replies
View Related
Nov 23, 2007
Is there a way where i can view which IP connected to my server the most? I need to find out if there is certain IP keep hitting my mail server until it crashed.
Preferably the software could sort out the highest hit IP then to the lowest.
View 9 Replies
View Related
May 22, 2008
I`ve been playing with Debian and FreeBSD for couple weeks so far. As a noobie I`d like to ask you what distribution you prefer for web server? I know that it is said "the best is the one you know better" but in my situation it is hard to say that I really know either Debian or FreeBSD.
So what would you recommend in my situation (new to *unix topic) if I have to set web server for a company site?
I`m mostly interested in security, relatively easy to configure/secure/find info how-to, easy to update soft apache/php/mysql.
View 12 Replies
View Related
May 14, 2008
which hosting is better - Windows, Unix or Linux?
View 9 Replies
View Related
Sep 7, 2007
I see a company that support asp in linux server. i search and i found that a mod in apache server do it.
who know about this mod?
install it in my server?
View 5 Replies
View Related
Jun 11, 2007
I have a perl shell script usr/bin/ken.pl
this script need to run whenever the server starts and must never stop running,
I am currently starting it as follows
./nohup /use/bin/ken.pl
does anyone know how to make this script at startup?
View 3 Replies
View Related
Aug 6, 2008
I have a VPS with Plesk8.1 on Unix, All my customers are complaining becaouse of daily 100-200 spam mails per acccount. What is the best software or add on for this problem you can reccomnend.
I want to :
-see the junk mails for all accounts in somewhere so i can train if there are normal mails considered as spam. (Not Spam Option)
View 1 Replies
View Related
Aug 27, 2007
I wonder which virus scanner software is useful for Unix server(Centos 4.5). One of my client install SMF forum and when visitors access the forum,their virus scanner warn that site is affected by trojan. I used Clamav to scan entire home directory but seem nothing found.
View 4 Replies
View Related
May 10, 2009
What are the cons and pros of using UNIX or Windows? Or maybe even Novell. Also, which UNIX distro is most efficient and secure for web hosting?
View 14 Replies
View Related
Oct 27, 2008
I'm currently using a SiteGround virtual private server with the following spec:
OS:CentOS (Linux)
cPanel: yes
Support:24/7
RAM: 512 MB
Accounts: 1 main
Traffic: 1,000 GB
Price/mo: $99.00
I'm hosting x2 Joomla 1.5 sites using PHP v5 with the following extensions:
Sobe2
OpenX
Community Builder
Fireboard
Virtumart
The problem is that both sites have several sizable databases, each in excess of 100k records. After uploading the first 90k records to mySQL it became apparent that performance was going to be an issue. I'm therefore considering a dedicated server, tuned for returning fast DB results.
Firstly, would a dedicated server solve my performance issues?
Secondly, what are the critical components, spec wise, that would ensure superfast DB calls?
Like everyone, I'm looking for the best value, meaning solid support, uptime and a low monthly cost. I have been recommended the following hosting partners, but would like everyones input:
site5.com
rackspace.com
iweb.com
singlehop.com
servepath.com
superbhosting.net
Rochen.com
View 14 Replies
View Related
Jun 24, 2008
Just got a new server and I tried Unix Bench on it.
Everything seems ok except for the Execl Throughput
What exactly is Execl Throughput? What part of the server is responsible for its value?
View 3 Replies
View Related
Oct 9, 2007
How to check for disk health in Unix (freebsd)?
View 7 Replies
View Related
Jan 4, 2007
Can someone tell me how to clear the history of a UNIX user? For example, when logged in as a certain user I can press UP to see the last commands that were used. How can I get rid of them?
View 3 Replies
View Related
Apr 15, 2007
I have directory1, directory2, directory3 etc and each has directories inside them. Is it possible to zip them all (directory1, directory2, directory3 and their contents) into one .zip file? If so, what is it?
View 1 Replies
View Related
Feb 21, 2008
what is the linux command to check, how much space is a directory taking?
and
what is the linux command to check, how much space are directories taking in increasing or decreasing order of there sizes?
View 2 Replies
View Related
Sep 5, 2008
I'm transcoding videos on a web server using ffmpeg and can successfully transcode some video formats but am having a few issues.
One of them is that I get a "Segmentation Fault" when trying to transcode a video in h.264 codec. I can't find much by searching and am wondering if that's a codec issue, or something else.
any experience with ffmpeg?
View 1 Replies
View Related
Jun 11, 2008
Do you have any recommendation for an open-source firewall running on Unix which could do:
- Filter and redirect incoming (with exception for some IP).
- Filter outgoing port (with exception for some local IP or MAC).
- Monitoring incoming traffic
- Monitoring outgoing traffic
- Block access from external to a list of IP
- Proxy authentification
- VPN configuration
I search for 2 days now and nothing seems to respond to these requirements. It's for a local network.
View 1 Replies
View Related
