Problem With Files Owned By 'nobody' When Uploaded
Aug 4, 2007
I used to have my apache 1.3.37 with PHP compiled as a CGI. Whenever i have a php script (say vbulletin forum software) that allow file uploads, files will be uploaded with the correct userid and groupid on the server. However, once i compiled PHP as ISAPI module, the files will be uploaded but will be owned by 'nobody'. Of course i can log in as root and chown it back to the right user, but it's a hassle if there are multiple user accounts on the server and they're using php software on their end. If someone is using an ftp program and tries to overwrite that uploaded file that's owned by nobody, it will not let them do so. Is there a way to fix this, or change the config files that would fix it?
View 3 Replies
ADVERTISEMENT
Mar 5, 2008
I want to filter any files uploaded and i have put this line at php.ini
suhosin.upload.verification_script = /my path
But my problem till now i can not make this script. (Disable upload php files)
View 1 Replies
View Related
Jun 3, 2008
I wanted to list down all files owned by 'root' inside /home directory and all users directory inside /home/users including subfolders and everything!
the command below works but only works when executed within the working directory.
ls -l | awk '{print $3" " $9}' | grep root
View 4 Replies
View Related
Mar 27, 2009
I have a dedicated server, the server itself is secure (as far as I know) and I run lots of my sites from it. I offered a friend hosting for his flash based chat application he built.
Today I was contacted by someone; "Are you the owner of xxxx.net?" so I informed that yes, it was my server and they then showed me an email they'd received from my server. I did a search and apparently someone uploaded mail.php and a couple of files it was using to send out spam based upon a variety of conditions that the other files met. The files contained forenames and surnames, it'd use a forename and a surname then send it to popular free mail services. The email contained ramblings about new world order and promoted a website.
How can I find out how they got the files uploaded to the account and what action can I take? I checked the whois for the domain and have their contact information, however it's a large site so I'm doubtful that the owner did it. I don't want my servers IPs being blacklisted for spam :|
View 3 Replies
View Related
Jun 27, 2009
I am wanting to know if there is a way to stop files being uploaded to my vps, via ftp cpanel etc that are malicious..
I have been told there is a way to do this but i havent been told how..
Basicaly i want to know if there is something where i can add a list of keywords that are in the malicious files and what ever it is will stop them from being uploaded or if they manage to get uploaded onto my vps will it make them not work?
I am looking into this as i had an issue before where someone uploaded a shell onto my server :@ luckily it didnt cause no damage or he didnt get anywhere but i still want to be safe.
View 5 Replies
View Related
May 26, 2007
I have a RHEL 4 plain server, and im using vsftpd server, i can not find an option to specify the max size for uploading files... does anybody know something about this?
View 1 Replies
View Related
Jun 26, 2007
I've recently started experiencing some issues where files uploaded through Joomla or some other scripts (mostly PHP) inherit a permission of 600. Prior to updates being done on the server I'm hosted on, uploaded files received 644 permissions and all things worked great.
I've checked the umask that assigned to the shell (022) and have ruled out that as a problem.
View 7 Replies
View Related
Mar 1, 2014
I am using a upload script for my files. After upload i cant see them on ftp but can see on panel file manager.
View 9 Replies
View Related
Jan 17, 2014
I created a FTP account with vsftp and files uploaded are not readable via www-data
View 1 Replies
View Related
Feb 21, 2007
There is a domain name in my WHM that does not seem to be owned by anyone, it just gives the username for the domain like below, but does not show who the domain is owned by (ie: root).
Code:
Example: ukstuden()
How can I fix this?
View 8 Replies
View Related
Nov 19, 2007
i have a tembak which is compiled from tembak.c and takes up processes. i have deleted the files from the server however it pops backup again in the same directory.
View 4 Replies
View Related
Jun 27, 2007
this webhost is your classic insecure VPS here is an chat transcript I sent the tech support
----------
%nslookup 83.138.144.36
Server: 192.168.1.254
Address: 192.168.1.254#53
Non-authoritative answer:
36.144.138.83.in-addr.arpa name = stresa.hostireland.c0m.
Authoritative answers can be found from:
------------
from email from 83.244.130.107 and to website 83.138.144.36/~rhyno
ictom: eqwrt
You are now speaking with Mitch of Support.
Mitch: Hello, thanks for contacting support how can i
help you
victom: hello
victom: I just called a while ago about phishing site
victom:
____://83.138.144.36/~rhyno/rams/sitekey.bankofamerica.com/sas/signon.do&detect=2/
Mitch: Yes, I belive you were speaking to Anthony
victom: heh ya I ran out of min on my account
Mitch: ok, What i would ask you to do is place a
trouble ticket via PAM and i will forward this to our
senior technicians and admin team for further review
victom: firefox picked it up as a phishing website but
IE6
is not so lucky
Mitch: More then likley due to the outdated security fetures in IE6 it is becoming easy to get around it
victom: that and your running some exploitable services on that VPS prob. I use to work for a webhost
victom: trouble ticket via PAM?
Mitch: Are you currently a Host ireland customer?
victom: Hell no I got a spam email from umm hold
victom: 83.244.130.107
Mitch: Ok, So we can track this issue could you please send us an e-mail to support@hostireland.ie
victom: so looks like you got at least 2 owned boxes
victom: sure
View 0 Replies
View Related
Sep 2, 2009
there is anyone out there who has their infrastructure colocated in cogent owned datacenter. And how stable and secure is it. The only reason i m interested in Cogent owned colo is that they provide solid SLA.
View 14 Replies
View Related
Apr 11, 2008
I'm looking both at powweb website and dot5hosting and the products page look exactly the same with different colors. Are they owned by different owners, or do do their pages just look the same?
Here are the links ....
View 11 Replies
View Related
Oct 25, 2008
Just wanted to know if anyone know of a black owned dedicated web hosting company?
View 11 Replies
View Related
Feb 17, 2015
When a php framework try to create a new folder, it's created with apache: apache owner instead the user and group owned the root folder.
the PHP safe_mode is set to off.
View 3 Replies
View Related
Jan 5, 2008
Does anybody understand what is going on here?
Here is the problem:
I log in to FTP and I try and upload an updated file (the file already exists on server). It prompts me to overwrite and I say yes but when I refresh/check the site the page hasnt changed - I then tried uploading the file again and it still says the existing file size (so I know it hasnt been replace).
Any idea why it it not overwriting?
The files are CHOWNed my the owner (FTP user) which is myself.
View 11 Replies
View Related
Feb 2, 2008
I uploaded my file to web server(html, image file and css file), but strangely after uploaded it to server all file that I uploaded size 0 KB. I uploaded it using WS FTP.
Is there something wrong the way I uploaded it.
View 2 Replies
View Related
Feb 5, 2009
have built quite a library of music now. It would be great if I could upload music to my hosting account, and then just access it from my phone. Would that be allowed so long as I did not share this music with others? Where might I be able to set this up? I checked with hostgator and they said it was not okay.
View 9 Replies
View Related
Jul 31, 2007
Someones managed to upload a phishing site to my VPS.
How do they normally achieve this, there has been no unauthorised root access as I get e-mail each time someone log in as root.
Is it likely they've just managed to guess my ftp password, or is it going to have something to do with a script running elsewhere?
I've got solarvps looking at it now.
View 14 Replies
View Related
Nov 6, 2008
Shell uploaded - Site hacked - How to trace?
Many of my customers let me know that their websites had been hacked. I think it comes from local hacker ....
View 7 Replies
View Related
Oct 20, 2008
How many websites can be uploaded to one single webspace account
View 9 Replies
View Related
Dec 11, 2007
Whenever someone uploads or re-uploads to my server a file relating to a CGI script that sends mail, I get an email with something like:
Quote:
Note: If this is the first time you received this mail, it contains the history for the entire month so far.
Below are the recently upload scripts that contain code to send email. You may wish to inspect them to ensure they are not sending out SPAM.
/home/xxxxxxx/public_html/followup/send2.php:106: if($sc == "buchanan") {
/home/xxxxxxx/public_html/followup/send2.php:107: mail($email, $subject, $creative, $headers);
/home/xxxxxxx/public_html/followup/send2.php:108: }
---
/home/xxxxxxx/public_html/followup/send.php:100: if($sc == "buchanan") {
/home/xxxxxxx/public_html/followup/send.php:101: mail($email, $subject, $creative, $headers);
/home/xxxxxxx/public_html/followup/send.php:102: }
---
What steps can I take to actually inspect them to ensure they are not sending out SPAM?
View 2 Replies
View Related