Prevent PHP Files Used For File Uploading
It appears that some people like to take advantage of those files for online web applications such as Wordpress which have php files with permissions set to 777. They use those as a means of creating an upload file. The upload files that they create then have access to the whole server somehow... Is there anyway of preventing this from happening?
View Complete Thread with Replies
Sponsored Links:
Related Forum Messages:
People Uploading Much Bigger Files To My Server, That I Want (using Php)
i have free hosting server and a rule to upload 3MB file max. it works for FTP, but somehow it doesn't work for php. It seems for php the limit on my server is 100MB (no idea why) i use following directives to limit file size in php.ini : ; Maximum size of POST data that PHP will accept. post_max_size = 4M (4 just for some margin ) ; Maximum allowed size for uploaded files. upload_max_filesize = 3M and i still can find 100MB files on disk. this is part of log file from apache from the account that uploaded it to me: Code: boorako.[] someip - - [13/May/2007:12:21:22 +0200] "POST /a/redir.php?capthatag=accesscode&saveto=&path=/some/path/boorako.[]/a&comment=&domail=&email=&useproxy= &proxy=&split=&method=tc&partSize=10&redirto=/a/index.php&link=redir.php?capthatag=accesscode&saveto=&path= /some/path/boorako.[]/a&comment=&domail=&email=&useproxy=&proxy=&split=&method=tc&partSize=10&redirto= /a/index.php&link=[url] HTTP/1.1" 302 188 [url] boorako.[] someip - - [13/May/2007:12:21:35 +0200] "POST /a/redir.php?capthatag=accesscode&saveto=&path=/some/path/boorako.[]/a&comment= &domail=&email=&useproxy= &proxy=&split=&method=tc&partSize=10&redirto=/a/index.php&link=redir.php?capthatag=accesscode&saveto=&path= /some/path/boorako.[]/a&comment=&domail=&email=&useproxy=&proxy=&split=&method=tc&partSize=10&redirto= /a/index.php&link=[url] HTTP/1.1" 302 188 [url] "Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3" as the effect of this (at least i think so), there was 100MB file in his home dir. any idea how can he POST such big files even with those two directives? i have also set LimitRequestBody to 5194304 and LimitXMLRequestBody to 5194304 in apache2.conf which also should stop files being POSTED as big as 100MB. i have php 4.4.4-9, Linux Debian, apache 2.2.3 working in worker mpm, and php as fastcgi. P.S. i removed server info like IP, dir and address to not show specifics about my server in public, i put [] there.
View Replies!
View Related
How To Prevent People Upload Unwanted .php File
I have a 777 cmod folder open. It needed to be writable so that legitimate users can upload their picture. However, i do not want people to upload .php or .php.pjepg etc to the server. There are times that they do not use the form in my site to upload the php file. How can they do that? via perl command? And how to prevent such thing from happending?
View Replies!
View Related
Links Files In Linux (file.txt For File.php)
Today I found some cstomer on the servers make a link for named it file.txt and link it to other customer php file. so that customer have the ability to show the other custoer file content when visiting the url because it is a text wile originally it is a php file. the php file was a config file, so now he know the database password , and because he is in the same server he can use that databse. the question , how to avoide this prolem in the future? notes , the SuExec is rnning and the open_basedir protection is enabled, but the problem still exists.
View Replies!
View Related
Simpleish PHP/flat Files - Create File, Edit, Save
Display some text in a web browser from a file called text.txt text.txt will have many lines and some of them I do not want users to be able to modify and overwrite. config_item_1=user can edit config_item_2=user should see but not edit (could be on any line) config_item_3=user can edit config_item_4=user can edit The user has made their changes in the web browser and clicks submit. I then need this info to be saved as the text.txt file however some checking needs to be done first. Anything matching config_item_2 should be removed. This could be on any line. Anything not matching should be permitted and added.
View Replies!
View Related
Uploading Files
I've just uploaded my website files onto the server, the website is working fine, but I'm not sure my files are 'arranged' right. I uploaded my images in a folder, but all the rest of the files are 'loose' along with the index file. If I go to either of my domain names, the website appears, which is ok for now, but I only really intended it to under one domain name, so there may be problems if I want another site up there. I think my files should be in a folder. Is this right? Should the index file be in the same folder, or should it be outside the folder with the links changed accordingly. I've been emailing my hosting service, and they 've been trying to help, but I feel a bit thick because I don't really understand what they're saying. Could someone tell me in very plain english how the files should be arranged?
View Replies!
View Related
Uploading Big Files
i just bought php file management script, its running smoothly, the only problem was i cant upload big file ( > 1 Gigs ) using that script, then i ask the developer and he said it shouldnt be a problem since he sold that software before people and he never got a problem like that. OS : Slamd64 apache 2.2.10 php 5.2.8 i tried to changed post_max_size = 1900M upload_max_filesize = 1500M
View Replies!
View Related
Uploading Multiple Files
I want to install a script (a simple wordpress blog)on my website but now i'm just astonished at how many files I have to upload on my server's directory! Uploading those files one by one will take forever. Is there a way to upload multiple files all at once?
View Replies!
View Related
Uploading File To Server
I've just installed SSL and I'm wondering where should I put my files so that users from web are accessible only through SSL? Do I have to upload whole site to the Private_html folder instead of public_html folder?
View Replies!
View Related
Uploading Files Through CMS After Moving To New Host
Hi guys, I've been having problems trying to edit my php.ini file which I think I've now fixed. The whole reason I wanted to do this was because I've just moved to Media Temple from another hosting company and I'm having a couple of problems with the switchover. Basically I use a CMS system to add properties which appear on the main website. I also upload PDFs and images. On the old hosting company, the PDFs and images went into folders called dnDir/pdf and dnDir/images but on Media Temple, they are going in to a folder called tmp. I really want them to go to the same place as they used to. Is this an issue with php.ini that I need to rectify? If so, could you point me in the right direction?
View Replies!
View Related
FTP Timing Out When Uploading Small Files
There is a behavour with my server FTP when uploading a whole directory with many files in many sub-directories Very often, the server disconnect itself when actively uploading files and the log simply says 'timeout' It is as if the file got 'stuck' half way, and the FTP consider them as idle, therefore it disconnect you with a 'timeout' before reconnecting you. But i have no problem uploading a single 200mb file to the server via FTP. I suppose no problem with 'keep alive' So what is this behavior and how to solve it?
View Replies!
View Related
FTP :: Stop Uploading Large Files
I'm facing a very strange FTP issue with one of my shared-hosting accounts, while all of my other servers are having no problems but only this one, when I try to upload a file (whatever file) larger than 500kb from my local PCs, in most cases, the file would stop uploading during the process and hang there until it times out. There are 2 interesting things though: The file transmission typically hangs when approximately 248kb of the file have been transferred, pls see the attached screenshot for example. If you look at the attached screenshot, you will notice that the uploading transmission hangs when 248kb of the file have been transferred. This is very strange and what I mean is that for example, I randomly pick up a file, and attempt to upload it onto my host for 10 times, now see, 5 times it will hang when 248kb of the total size have been transferred, 3 times it will hang at other points *near* 248kb (224kb or 280kb typically), 1 time it will hang at another random point, and 1 time it might be uploaded successfully (yes, there is still a tiny chance for the file to be uploaded successfully). My default internet uploading speed is 80kb/s-100kb/s, lately I found that, when I limit the uploading speed on my FTP client (e.g. max. 30kb/s), everything WILL WORK without any problem! No hangs, no interrupt.. Whereas when I free up the uploading speed limitation and let it upload with my regular speed, the problem appears again. It seems to me that the FTP hangs only when the uploading speed is higher than 60kb/s. However my host provider told me that they have customers uploading without any problem at over 400kb/s, and they said "there's no problem or limitations on the server at all". Up until now, I have done following things to troubleshoot the issue but with no luck: Contacted my host. Disabled/Enabled the PASV mode on my FTP client. Tried different FTP clients on different computers (FlashFXP and Filezilla). Rebooted my router and reseted everything with the factory default settings. Contacted my ISP for the issue, they "did something" but nothing were helpful. Rebooted all my PCs. Disabled both firewalls on my PC and on the router. Furthermore, I have asked another friend of mine in another city with another ISP to test the FTP uploading, but unfortunately he got the exact same problem. And I've done some search on the internet for hours but no one seemed to have the same problem..
View Replies!
View Related
Uploading File To Web Server
i have a problem trying to upload files to a server, when i try and upload a file, (.htm) i get a message: file already exists (even though it doesn't), which if i then say to overwrite, it creates an empty file of 0mb, (with the name of the file i am trying to upload). i don't know a great deal about web servers - are there any web server settings which may be causing this.
View Replies!
View Related
Uploading 500MB Tar.gz File In Telnet
I am having trouble uploading a 500mb file with File Manager in the control panel as well as SmartFTP. I was told to upload this large file through Putty. I able able to login through SSH as root, but i can't seem to find the right directory to upload this file into. This file is a backup file of the home directory. I am transferring all files from my old host to my new host. How would I find the right directory and upload this file through Telnet.
View Replies!
View Related
Uploading Flash Video Files To Host_A Doesnt Play Well But Plays FIne On Host_B
to upload some flash videos over to our web host. All the videos have been uploaded to << link removed >> and in there you will seea flash_video directory, in there should be a html file where you can double click and watch the flash video. Now go ahead and try it, click on the HTML file and click CONTINUE and try clicking on MODULE 1.. You will see a video play to the left but on the right are bunch of POWERPOINT slides that will appear as the guy continues to speak. THAT DOESNT SHOW.. Our website is hosted by xo.com Dont know much about the plan since its my 2nd day at the job.. But here is the weird part, i have uploaded the samething - same exact way to another web host and it plays fine, the PPTs show up fine.. What do you guys think it is? Before someone asks about uploading methods, i tried filezilla, coreftp and cuteFTP using both ASCII and binary methods. Samething..
View Replies!
View Related
What Would Prevent A File Being FTPed Immeidately And Showing Up On Website
I am trying to ftp some changes to my site. The strange thing is that while the FTP client (Filezilla) is accepting the new file, it will not show up on the new site. I've tried caching, refreshing browers, and rebooting but nada. I then went back into my FTP client and checked the timestamp of the file being uploaded. For whatever reason, it will not show the most recent time of the file being uploaded, much less accept the most recent upload. Here is a screenshot of what I mean.
View Replies!
View Related
PHP: Uploading As Apache User, And Chmod 600
I've recently moved to a new server in which I don't have root, so bare with me. For some reason when I upload a file with 'move_uploaded_file($tmpName,$new_filename)', it seems to work fine - but when I check it, try to download it (http or ftp), or change the permission - I can't, because its set to 600 for some odd reason, and owned by the user Apache is setup on.
View Replies!
View Related
How To Prevent Customer From Using PHP Scripts
Is there a way that I can prevent certain customers from using PHP scripts with their account? For example, I'm planning to offer some free hosting accounts (along with paid ones) but do not plan to allow PHP or Perl scripts with the free accounts as I'm worried about the server being exploited. (That could also happen with paid accounts but less likely.)
View Replies!
View Related
Prevent Httpd/php Core Dumping
for the 2nd time now we've had php become corrupt or something and core dump all over user dirs filling them up with useless garbage ... We did check the core dumps (atleast a couple) and they were just showing that php was seg faulting which a php recompile took care off (most likely a corrupt php binary) anyway, what I'd like to know is can anyone recommend a reliable/safe way of disabling php or http from dumping core files and perhaps instead use a different method of notifying the admin of impending or current issues with either software eg. when they seg fault send an email to admin rather than dump a core in user's space We're running cpanel servers, php4, rhel and phpsuexec is on (cgi)
View Replies!
View Related
Strange PHP File On My VPS. (oxb.php)
I found a strange PHP file in a strange folder on a VPS I am using to host a few sites. I've looked through the logs but can't figure out how it got there and I've look at the code and can't make any sense of it. Can somebody take a look at the code and tell me what they think of it: .....
View Replies!
View Related
Use .htaccess File To Allow Access To Zip Files Only From My Script
I have download manager script that I use for my customers to download products right after the purchase. Script generates download link that looks like this: http://www.yourwebsite.com/download/...582921B&p=1840 (where 2YY6582921B is receipt number that is different with each purchase). All products are placed in one folder. This folder can not be seen in above download url, but can be accessed thru browser and files can be downloaded that way without paying for them. Can I use .htaccess and if yes how, to protect all product files the way that they can not be accessed directly by visiting url thru browser (in case somebody will find the correct url), they should be allowed for access only for my download manager script.
View Replies!
View Related
SSH Or Program How To File Replace Lots Of Files
I have anywhere between 80,000 - 90,000 webpages that have a single code into this. Unfortunately at the time the web developer I used didn't use PHP includes. So each .html file has the code in it. I want a way so I can do a single command either a program or an SSH command can find the syntax in the files and replace it will code I have. Its just a single line of code that is basically for an adsense code, so the pub-blahblahblah etc.. Does anyone know of a SSH command I can use, or a program that will find and replace without manually opening up each file? 80k - 90k of opening files then find/replace will take forever!
View Replies!
View Related
File Size (content Length) Not Showing When Downloading Files
When I download a file from my server, only specific extensions are working. This is really annoying since I want to be able to see how much time left to finish a download. For example I uploaded a video with .vob extension file.vob --> does not show filesize when downloading If I rename the same file to different extension: file.avi --> works fine shows filesize when downloading file.mp3 --> works fine shows filesize when downloading file.rar --> works fine shows filesize when downloading file.mp4 --> does not show filesize when downloading file.wmv --> does not show filesize when downloading These are direct download links, not using any download scripts or anything. Why are some extensions displaying the filesize and some not displaying them? I am using Apache 2.x server.
View Replies!
View Related
What Type Of Server And Os, Etc For Just File Serving- Small Files Like Under 10kb
I have a website that just serves small files, under 10kb most of them. I just need a server that lets me ftp the file to it, set up subdomains and domains for one website. Don't need to manage mysql or anything. Not even php. Just serve files. A good fast OS? Something like lighttpd? Ioono? I'm currently doing 600gb of bandwidth per month. I'm expecting to do about 1000gb by the end of the year. Would a small server like a pentium 4 be able to handle just serving files?
View Replies!
View Related
WHM Not Listing Account, DNS Etc, Missing Files, File System
I recently had an issue where my box wasnt listing accounts (on logging into WHM for the first time it would, thereafter browsing different functions in WHM it would fail to list any accounts), would not list any zone items when editing DNS zones and in general was acting very strange. I think the tech support chap narrowed it down to zero free inodes on the filesystem (i was even getting errors when editing files with 'vi'). This was increased for the VPS and all issues seemed to be resolved... However named and httpd were not starting after reboots. Again on looking closely named and httpd were missing from /etc/init.d (on CentOS 5.3)! This is very strange and i certainly didnt modify those nor delete such critical files. For a second opinion, is there any cPanel script that can be ran to fix the issues, i am concerned other things have been affected but havent manifested themselves yet (other files deleted etc). Does cPanel update script create the init.d files or is this done by the CentOS operating systems itself? Are these files modified during a cPanel update script? These init.d files for named and httpd have been readded (copied across from another box) and it seems to be ok again, but ideas on howto proceed much appreciated, as i mentioned i dont want any nasty supprises!
View Replies!
View Related
Php Files Pop-up Sometimes
In the last couple of days my server/website has been acting a little strange and I can't recall doing anything to it in this time. 1) Now and again a normal PHP page will pop-up in the Firefox download manager. Usually the page is simply compiled and shown to the browser. 2) Images that really are present on the server sometimes randomly don't show in IE. PHP 5.1.4 MYSQL 5.0.27 Apache 1.3.37 APC 3.0.12p2 (latest)
View Replies!
View Related
PHP Files Not Work On My Server
I have a dedicated server, on this server I have only 2 website. I created an account before and that account work correctly. now I created a new account and when I trying to run a simple php file show me "Internal Server Error". I can view html files and I haven't .htaccess file . Server Inofrmation: CentOS , cPanel , Apache 2, PHP 5
View Replies!
View Related
Apache Not Recognizing My .php Files
Yesterday I was told by my hosting provider that my machine was at kernel panic, so they restarted it and I restarted my webserver (Apache). I created a sub folder as I wanted to install a PHP script, so I created the folder using FTP and uploaded all of the script files. The problem is, when I now visit that URL, my browser is asking me to download the .php file instead of the webserver executing it: [url] My web host said this: it sounds like you aren't loading your php module library in your apache.conf and/or not associating the .php extension.
View Replies!
View Related
PHP Files In IIS Blocked
I setup php on my IIS in my box and i know i set it up correctly, but each time i reinstall it because of this error i keep getting it. When i try to see any php file on my IIS through a web browser it shows me some login page no matter what kind of php file it is. If its html or asp it works fine like here 66.221.255.17 or 66.221.255.17/index.html but this doesnt work it shows some login 66.221.255.17/index.php and so do all other php files.
View Replies!
View Related
Check Which Php Files Are Running
When I am having server issues with my VPS, tech support comes back with something like Quote: Following processes are using CPU resources. Top Process %CPU 56.4 httpd [ www .myurl.com ] [/php/index.php?qdGFnZ2VkLmNvbQ--&hl1111101001 ] Top Process %CPU 53.5 httpd [ www .myurl.com] [/php/index.php?qdGFnZ2VkLmNvbQ--&hl1111101001] Top Process %CPU 25.4 httpd [ www .myurl.com] [/php/index.php?qaHR0cDovL3d3dy50YWdnZWQuY29tLw%3D%3D] Can you check which php files are running? where does that come from? I know they use shell access but where is that info?
View Replies!
View Related
PHP File Upload
I think I messed php config and I can't upload anything with php now Dir is chmoded on 777 and File_Uploads = On in php.ini I'm running lsphp5 with suhosin, when I try to import db via phpmyadmin I get error: Uploading is not allowed and when I try to upload some file via php script I can't
View Replies!
View Related
Php File Corruption
I have a Linux VPS with Liquidweb which is working fine except for one problem: On one domain I have a shopping cart (a highly modded CubeCart). A number of the files are encrypted php files (part of the extensive mods). For several weeks all will work fine, then out of the blue, the cart will stop working because a number of the encrypted files have become corrupt. The result is either a totally blank page or a 'checksum error'. Uploading the files from a local backup fixes things for another few days or weeks. I have no idea why this is happening, or what triggers it, so if anyone can point me in the right direction to find out what is behind the problem, I would greatly appreciate it. The server uses PHP 5.2.x
View Replies!
View Related
Internal Server Error For All Php Files
I switched over a new host and everything was working perfectly. I then uploaded one last directory but it had a weird internal server error when trying to access the index.php file. I then googled it and changed directory permissions to 755, and I am not sure if it is a coincidence but now every site on my server with php files displays that error but html pages are fine.
View Replies!
View Related
Cron Jobs Not Executing PHP Files
I have a new dedicated server and am trying to set up a cron job via CPanel on on of my accounts (we'll call it "abc" account). In the Cron job area, where it asks for the command to run, I enter this: /home/abc/public_html/forum/class/sendnotice.php But when the job runs, it doesn't seem to be executing the .php file. Instead, I get stuff like this via email: /home/acb/public_html/forum/class/sendnotice.php: line 1: ?php: No such file or directory /home/abc/public_html/forum/class/sendnotice.php: line 2: ////////////////////////////: is a directory /home/abc/public_html/forum/class/sendnotice.php: line 3: //: is a directory /home/abc/public_html/forum/class/sendnotice.php: line 4: //: is a directory /home/abc/public_html/forum/class/sendnotice.php: line 5: //: is a directory /home/abc/public_html/forum/class/sendnotice.php: line 6: //: is a directory /home/abc/public_html/forum/class/sendnotice.php: line 7: //: is a directory /home/abc/public_html/forum/class/sendnotice.php: line 8: //: is a directory /home/abc/public_html/forum/class/sendnotice.php: line 9: //: is a directory So it is as if the cron job is reading each line of the .php file instead of just running it. Am I doing something wrong in setting up the cron job to run that file or could it be a configuration issue with the new server?
View Replies!
View Related
Apache 1.3 Not Parsing Any Kind Of PHP Files
I using RHES 4 + cPanel. I have MySQL 5.x, and PHP 4.4.6. I noticed that all sites on the server, can not parse php files, tried restarting httpd, recompiling using apache update or easyapache script, and the problem stills. index.php is at DirectoryIndex, also Addtype shows php extension active at httpd.conf. but, when I type "php -v" from the shell, i got this message: Code: php: /usr/lib/libmysqlclient.so.14: version `libmysqlclient_14' not found (required by php) I found someone with the same problem, tested the solution posted there but it doesnt seems to solve this issue.
View Replies!
View Related
Cron: How To Run Php File
My server with cPanel, I'd like run file http://domain.com/file.php at 0h00 everyday, I have set the Cron Job in cPanel : Code: 0 0 * * * /usr/bin/ehpwget http://domain.com/file.php but The cron is not working well Code: /bin/sh: /usr/bin/ehpwget: No such file or directory Can any one please let me know how to run a php file with cron. (as user or root)
View Replies!
View Related
[php] <defunct> - What File Generating That ?
On my server, i have one user ho create load on my server. user 29508 22.0 0.0 0 0 ? Z 15:18 0:00 [php] <defunct> That user has more site added with addons from cpanel. How can I found witch site is generating that high load ? Also some time, I have php index.php ( and that don't help me very much ) The server run php as cgi module.
View Replies!
View Related
PHP Permissions (file Owner)
I have setup an ftp user which can upload files to /home/ftp/upload and obviously it assigns the ftp user as the owner when it uploads. Now, I want PHP to be able to rename those files, but getting a permission denied, presumably because apache aint the owner or doesnt have permission to do that, so how do I grant it the right permission(s)?
View Replies!
View Related
PHP File Change String
I currently have this code in my Image Upload script which changes the file name into sets of numbers and letters Quote: $new_file_name = "uploads/" . md5($_FILES['selector']['name'] . time()) . "." . $extension; How can i make it so its smaller than an md5, about 6 or 7 numbers and letters.
View Replies!
View Related
|
TRACKER
