Chmod Choices With Php Writing To A File
My account has been hacked with every index.php page defaced. I've cleaned up and my shared wehost is pointing at me saying there shouldn't be any 777 permissions for any files in there.
I used 777 to allow php to add records in a txt file and in an xml file.
Is there a better / more secure chmod code I can use?
Those are the only two instances where I need php to write to a file and those files shouldn't be served to anyone, I do not want anyone to be able to access them.
How can I secure them while letting php write in them?
View Complete Thread with Replies
Sponsored Links:
Related Forum Messages:
Rysnc While File Still Writing
I wanted to make a cronjob with rsync, but I was wondering what happens when a user is uploading a file and the file is being created and at the same moment rsync synchronizes with another server. Will the file be skip, partially be synced, ...?
View Replies!
View Related
Chmod All Occurances Of A File System Wide
How do I sweep my entire server and chmod a particular filename located in the cgi-bin to either 0, 755, etc? For example, to disable a particular perl script running on my system on over 100 accounts in the /cgi-bin/file.cgi I want to chmod the file on every account that it comes up on that /cgi-bin/file.cgi needs to be chmod'd to 0. Anyone know how to do this thru ssh or another method?
View Replies!
View Related
PHP: Uploading As Apache User, And Chmod 600
I've recently moved to a new server in which I don't have root, so bare with me. For some reason when I upload a file with 'move_uploaded_file($tmpName,$new_filename)', it seems to work fine - but when I check it, try to download it (http or ftp), or change the permission - I can't, because its set to 600 for some odd reason, and owned by the user Apache is setup on.
View Replies!
View Related
Links Files In Linux (file.txt For File.php)
Today I found some cstomer on the servers make a link for named it file.txt and link it to other customer php file. so that customer have the ability to show the other custoer file content when visiting the url because it is a text wile originally it is a php file. the php file was a config file, so now he know the database password , and because he is in the same server he can use that databse. the question , how to avoide this prolem in the future? notes , the SuExec is rnning and the open_basedir protection is enabled, but the problem still exists.
View Replies!
View Related
Strange PHP File On My VPS. (oxb.php)
I found a strange PHP file in a strange folder on a VPS I am using to host a few sites. I've looked through the logs but can't figure out how it got there and I've look at the code and can't make any sense of it. Can somebody take a look at the code and tell me what they think of it: .....
View Replies!
View Related
Switch Choices
I've searched on this site, and there are quite a few posts about selecting appropriate switches for different applications. I'm looking for similar advice from the networking gurus out there. I need a reliable switch (probably only need L2?) to connect 6 Sun Fire X2100 servers in a colo rack. Each server has two network ports. I use one for the public addresses; and the second for a private, management network. In an ideal world, I'd love to run the servers diskless, and consolidate all the drives into a separate, dedicated storage server running Solaris and ZFS. I'm guessing that I would need GigE ports on the switch to get maximum performance out of an iSCSI SAN? That might push the price much higher though. I'm currently running 3 of these servers with a Catalyst 2912XL, and I've been very pleased with the reliability of this switch (and it was super cheap on ebay). It's setup with two VLANs (one for the public net, one for the private net). The thing has been running for about a year without a single reboot. While Cisco seems to be the favored brand, I'm considering a few other choices as well... Foundry EdgeIron 2402CF Extreme Network Summit 200-24 Cisco Catalyst 2950-24 Cisco Catalyst 2960-24 Just wondering what the pros and cons of these various units might be. And do I need a separate (GigE?) network for iSCSI, or could it function on the same interfaces used for the management (and MySQL) traffic?
View Replies!
View Related
23-inch Cabinet Choices
I use APC Netshelter cabinets now; I have a need for some cabinets with 23-inch wide rails, capable of holding telco muxes, rectifiers, batteries, etc. Any suggestions on cabinet? Something that would blend in with APC Netshelters (black, bowed/curved door on cold aisle) would be nice. I know I've seen a cabinet very similar to Netshelter delivered from NetApp, but with a grey/off-black color, and 1-piece door on the hot aisle. If APC is just sourcing their cabinets from some manufacturer who takes engineering requests, it would be great to find out who makes them.
View Replies!
View Related
Narrowing Down VPS Choices
I am looking for a VPS host in the $50 dollar range for 2 small to medium sized vBulletin forums. I have read about RAM usage and hope that the price I can afford can handle a not so big vBulletin forum or two, I will optimize them anyway but still. I am also concerned about mysql max connection errors. Two, among others, of the names that I keep seeing good things about are liquidweb and jaguarpc, however I notice through google cache that liquidweb used to have a customer forum, but it doesn't seem to exist anymore? maybe there is a good explanation that I am missing? but support forum not existing anymore doesn't sound good in my opinion. Jagaurpc's own forums has around 30 'emergency maintenance' threads over the last 6 weeks alone, again that doesn't sound good to me, even if it means that they are on top of it still so many 'emergency' situations can't be good? Of course I prefer to have managed VPS as the above two seem to offer and helpfulness especially initially during setup. I hope to get opinions on these couple of issues specific to them and general recommendations on VPS
View Replies!
View Related
Process Failed (1) When Writing Error Message To
send mail from my server doesn't work! exim log give: Code: 2007-08-24 16:52:18 1IOZa6-0007Ct-8y ** xserverx@hotmail.com R=lookuphost T=remote_smtp: SMTP error from remote mail server after MAIL FROM:<root@server.XXXX..info> SIZE=1419: host mx3.hotmail.com [65.54.244.200]: 501 Invalid Address 2007-08-24 16:52:18 1IOZaE-0007DC-Do Error while reading message with no usable sender address (R=1IOZa6-0007Ct-8y): at least one malformed recipient address: root@server.XXXX..info - domain missing or malformed 2007-08-24 16:52:18 1IOZa6-0007Ct-8y Process failed (1) when writing error message to root@server.XXXX..info (frozen)
View Replies!
View Related
Unable To Open Database For Writing While Starting Urchin Scheduler Daemon
I got this while trying to force the urchin log processing: Code: WARNING: (7024-323-2398) Could not delete backup file - check permissions. DETAIL: /home/virtual/mysite.com/var/log/httpd/access_log : Permission denied All permissions are OK.. I dont know what is happening. Also, scheduler can not start: Code: [root@srv1php.com:~]sudo -u apache ./urchinctl start Urchin webserver is already running WARNING: (7004-557-91) Unable to open database for writing - check permissions. DETAIL: Permission denied Im using Ensim Pro 10.
View Replies!
View Related
SPAM Filter Choices Plesk Control Panel
switched to ipower.com and not getting any help - really stuck as my customer wanted better spam filtering so I went to them on a recommendation and I do not know how to turn on and what is the best setting for spam filtering with their panel. Also using HORDE where I can set a filter using rules but it only works if I log on and hit apply filter so my customer still gets it in his in box -
View Replies!
View Related
PHP File Upload
I think I messed php config and I can't upload anything with php now Dir is chmoded on 777 and File_Uploads = On in php.ini I'm running lsphp5 with suhosin, when I try to import db via phpmyadmin I get error: Uploading is not allowed and when I try to upload some file via php script I can't
View Replies!
View Related
Php File Corruption
I have a Linux VPS with Liquidweb which is working fine except for one problem: On one domain I have a shopping cart (a highly modded CubeCart). A number of the files are encrypted php files (part of the extensive mods). For several weeks all will work fine, then out of the blue, the cart will stop working because a number of the encrypted files have become corrupt. The result is either a totally blank page or a 'checksum error'. Uploading the files from a local backup fixes things for another few days or weeks. I have no idea why this is happening, or what triggers it, so if anyone can point me in the right direction to find out what is behind the problem, I would greatly appreciate it. The server uses PHP 5.2.x
View Replies!
View Related
Cron: How To Run Php File
My server with cPanel, I'd like run file http://domain.com/file.php at 0h00 everyday, I have set the Cron Job in cPanel : Code: 0 0 * * * /usr/bin/ehpwget http://domain.com/file.php but The cron is not working well Code: /bin/sh: /usr/bin/ehpwget: No such file or directory Can any one please let me know how to run a php file with cron. (as user or root)
View Replies!
View Related
[php] <defunct> - What File Generating That ?
On my server, i have one user ho create load on my server. user 29508 22.0 0.0 0 0 ? Z 15:18 0:00 [php] <defunct> That user has more site added with addons from cpanel. How can I found witch site is generating that high load ? Also some time, I have php index.php ( and that don't help me very much ) The server run php as cgi module.
View Replies!
View Related
PHP Permissions (file Owner)
I have setup an ftp user which can upload files to /home/ftp/upload and obviously it assigns the ftp user as the owner when it uploads. Now, I want PHP to be able to rename those files, but getting a permission denied, presumably because apache aint the owner or doesnt have permission to do that, so how do I grant it the right permission(s)?
View Replies!
View Related
PHP File Change String
I currently have this code in my Image Upload script which changes the file name into sets of numbers and letters Quote: $new_file_name = "uploads/" . md5($_FILES['selector']['name'] . time()) . "." . $extension; How can i make it so its smaller than an md5, about 6 or 7 numbers and letters.
View Replies!
View Related
Mod_rewrite - Changing Paths In The Php File?
I am using mod_rewrite to create "pretty" urls but some of my files contain paths such as this: <img src="images/blah.jpg"> Meaning if the user visits a page where the file does not physically exist then it won't work. I want to know if it is possible to pick this up and rewrite the path. I.e.: change: <img src="images/blah.jpg"> to: <img src="../images/blah.jpg"> or <img src="../../images/blah.jpg"> As I don't want to create physical files with relative urls for every trunk of my url. For example: www.mydomain.com/directory/directory/directory/ Would need 3 different files in three different directories to display properly.
View Replies!
View Related
Prevent PHP Files Used For File Uploading
It appears that some people like to take advantage of those files for online web applications such as Wordpress which have php files with permissions set to 777. They use those as a means of creating an upload file. The upload files that they create then have access to the whole server somehow... Is there anyway of preventing this from happening?
View Replies!
View Related
Php.ini And .htaccess File Permissions
I'm on a shared FreeBSD server, running Apache with Drupal, and vBulletin. I had to create a local php.ini file in my public_html folder for Drupal, and another in my forum folder for vBulletin. Now my question is, what should I set the permissions of these files to? Also, what should I set .htaccess permissions to as well? I'd like to keep them invisible to the public. But, I don't want any problems with Drupal, or vBulletin ether. I'm used to using Linux and I know how permissions work on a desktop. I just don't know what they do when used on a server. I'm guessing 640, but I'd like to make sure before I change anything.
View Replies!
View Related
Strip Whitespace From Each Line Of PHP File
I have a load of PHP files that need trimming down, so for example Code: <html> <?php $loads_of_stuff = 1231231; ?> </html> change to Code: <html> <?php $loads_of_stuff = 1231231; ?> </html> There are 000's of lines, so some awk command or something similiar would be great to execute on each file.
View Replies!
View Related
How To Prevent People Upload Unwanted .php File
I have a 777 cmod folder open. It needed to be writable so that legitimate users can upload their picture. However, i do not want people to upload .php or .php.pjepg etc to the server. There are times that they do not use the form in my site to upload the php file. How can they do that? via perl command? And how to prevent such thing from happending?
View Replies!
View Related
How To Secure Your Php.ini File Safe Mode ; Disable_functions ; Etc
what are the most important issues for secure php.ini file like when you turn your SAFE_MODE ON or OFF? or please who every read this topic to post his important disable_functions in php.ini ... and if some functions disable to post it ... let's make this subject for the most important issues for secure your php.ini from script-kids as we can ... here i have some important question's for anyone has or controlling a server ; vps .... #0x01 ; what the most important disable_functions for the php.ini? #0x02 ; is the safe_mode should be enabled? or disable? and this depend on what exacly? #0x03 ; what the functions or any trick to control the nobody ( attacker on the server or shell ) FROOZ .... didn't move ? or make any command in the server ... #0x04 ; i saw in some secure server ( as they say ) they changed the Server : discribe to them name[s] like Server : SECURE BY US .COM OR SECURE SERVER .. uname -a : Linux secure.secure.com 2.6.9-023stab040.1 #1 Mon Jan 15 23:24:32 MSK 2007 i686 athlon i386 GNU/Linux sysctl : linux 2.6.9-023stab040.1 Server : SECURE BY US ! < [THIS WHAT I MEAN HOW COULD WE CHANGE IT IN PHP.ini ?] id : uid=99(nobody) gid=99(nobody) groups=99(nobody) <[how can we cannot make this nobody to have the host id ! everyhost in the server should have his own name and php.ini ?] pwd : /home/host/public_html/ #0x05 ; how can we hide the uname -a on the shell [ the attacker upload it to our customer site !] #0x06 ; how can we hide the sysctl to view to anyone like [ attacker ] ... #0x07 ; how can we rewrite on he Server Type the display for our secure message?Server : SECURE BY US ! #0x08 ; how can we give evey site and customer his php.ini file in his public_html? and how can we give him [ JUST HIS PERMISSION TO HIS SITES FOLDER AND NOT OTHER PATHS AND PERMISSION!] these question every one had a server ; vps , need to know and secure his box from other ... and anyone would like to publish any new [secure or not] idea please let us know what you would like to say ....
View Replies!
View Related
Simpleish PHP/flat Files - Create File, Edit, Save
Display some text in a web browser from a file called text.txt text.txt will have many lines and some of them I do not want users to be able to modify and overwrite. config_item_1=user can edit config_item_2=user should see but not edit (could be on any line) config_item_3=user can edit config_item_4=user can edit The user has made their changes in the web browser and clicks submit. I then need this info to be saved as the text.txt file however some checking needs to be done first. Anything matching config_item_2 should be removed. This could be on any line. Anything not matching should be permitted and added.
View Replies!
View Related
Chmod
I have a server running php 5.2.4 with CGI as Server API and suexec, but I cant create dirs in php with chmod 755. When I use mkdir("/home/user/public_html/$dirname", 0755); it creates the dir with chmod 744. Why? I can change later this chmod to 755 in php with the chmod function. But why my server doesnt allow the directory to be created as 755? Where can I configure it?
View Replies!
View Related
Chmod Using Shell
I was wondering if it were possible to chmod a directory that is set to a low number to 777 using a shell or command and if so can anyone point me in the right direction as to how to go about doing so ??? I am trying to learn a little and i pefer using my browser to edit files rather then a ftp client.
View Replies!
View Related
CHMOD For Files
I just moved my folder_A from computer A to computer B, what is the command to change the permission of owner, access, group for every files in that folder_A at 1 time? in the folder_A has hundred of files. Let's say , i want to change owner = laptop, access = read and write, group = user, access = read and write , what is the specific command to do that for all the files in folder_A at 1 time?
View Replies!
View Related
How Do You Avoid Using Chmod 777
I know you're not supposed to use 777 but it seems some scripts just simply won't work without it, what steps needs to be taken to avoid using 777? as far as i understand we're only supposed to use 775 for folders and 644 for files correct?
View Replies!
View Related
Chmod 777 Vs 755
I've just moved from a reseller account with ResellerZoom, so a VPS with SolarVPS. When I was with RZ all my scripts could write to folder with the 755 permissions. On the vps I have to alter the folder I want the script to write to to be 777. Which the is best and most secure? I think I understand that if a folder is 777 then anyone on the server can write to that folder. So I assume some sort of thing that stops users being able to access folders outside of their own folders is needed? is that right?
View Replies!
View Related
How To CHMOD? Sever Security Best Practices
I have my web server hacked several times and I am beating my head against the wall trying to find the problem(s). Way back when my sites have been defaced and CHMODing my *.html files to 744 seemed to have done the trick Now someone has put a phishing site somehow, which by the way I'm not able to remove still, I can't help but to think that I may have more CHMODing to do, I have recursevly set my site to 755, shoud this do the trick? I know I need to chmod .htaccess and alike files to 644, but what about...imagesCGI/PHP?cssetc? What other steps can I take to secure this thing? it's a shared host, limited access, but I do have SHELL.
View Replies!
View Related
Auto CHMOD Script Running In The Background
I am attempting to setup a script which will automatically append the proper file permissions [posix & acl's] to any new files on certain folders that I specify. Someone Recommended find /Users/Kevin/Desktop/TRANSFER -type f -exec chmod 777 {} ; This only seems to run once and when new files put in I have to have the script run every so often as a cronjob, I really just want to have a script to change the permissions of files going into a folder.
View Replies!
View Related
Proc List Only Shows "/usr/bin/php" - No More File Names
We use cpanel on our centos servers and we've updated our servers recently using easyapache to the latest php4 and mod_suphp and I've noticed that in top (running "top c" in shell) all php processes by any user are simply displayed as "/usr/bin/php" Before this update the processes also showed the file name eg. "/usr/bin/php lamescript.php" which allowed to easily find troublesome scripts ... but now there's no way of knowing what the script in question is that's eating up 100% of the cpu .. or is there?
View Replies!
View Related
Cannot Perform 'chmod' On FTP Client Software Interface
I got a VPS with Linode and I have installed CentOS 5.2 32-bit, Apache, MySQL and ProFTPd. The server itself runs very OK, however, I have issues with running 'chmod' on the user interface with either FileZilla or CuteFTP pro. Whenever I try to chmod 777 on a directory, I got this error on the FTP client interface: Quote: Command:SITE CHMOD 777 includes Response:550 CHMOD 777 includes: No such file or directory Why no such file or directory? weird. It's just on the server though. The FTP user is the owner/group of the directory I try to chmod to. But I am able to run chmod on Putty.
View Replies!
View Related
How NOT To Require CHMOD 755 Permissions To Create, Write And Delete Files On Linux
On my previous server and on some other hosts, I was able to write to files (for example with PHP) without having to chmod the files first. Now I cannot, and files are required to be chmoded properly so I can write to them. I cannot even touch() a file with PHP. Is there any way to have this permissions removed? I don't want to chmod the all thing, all I want is to change the configurations so I can fwrite() or file_put_contents() normally. I's a dedicated un-managed server, so basically any advanced configurations can be done.
View Replies!
View Related
|
TRACKER
