Force PHP Not To Run On 777 Folder
how to force that the PHP files won't run if the folder permission is 777
I saw this in micfo.com
but I want to know how to do this
View Complete Thread with Replies
Sponsored Links:
Related Forum Messages:
/tmp Folder 777 ... Use As Sessions Folder... Secure
On my VPS I would like to set the /tmp folder to 777 and point to it with session.save_path. The VPS will host a number of sites, but I will have sole control of them. ie. the account holders will not have access to cpanel. If it makes any difference, the server is running phpSUexec. What are the risks involved with this?
View Replies!
View Related
My Apache Any 1h Going To Down And I Force Run Restart Httpd
i ask of cpanel.net that why : my apache any 1h going to down and i force run restart httpd cpanel : Howdy, This is occurring because your server is consistently hitting the maximum allowed concurrent connection limit, defined by MaxClients in httpd.conf: [root@part7 ~]# grep MaxClient /usr/local/apache/logs/error_log | tail -5 [Mon Oct 22 13:07:46 2007] [error] server reached MaxClients setting, consider raising the MaxClients setting [Mon Oct 22 13:32:03 2007] [error] server reached MaxClients setting, consider raising the MaxClients setting [Mon Oct 22 14:03:29 2007] [error] server reached MaxClients setting, consider raising the MaxClients setting [Mon Oct 22 14:16:07 2007] [error] server reached MaxClients setting, consider raising the MaxClients setting [Mon Oct 22 16:48:36 2007] [error] server reached MaxClients setting, consider raising the MaxClients setting [root@part7 ~]# You will need to adjust this setting to a value which better accommodates your server to prevent any further downtime.
View Replies!
View Related
Run Rsync To Sync A Folder From An FTP Server
I want to run Rsync to sync a folder from an FTP server - which I have limited access too with my server. 1. Do I have to have rsync installed on the server with the FTP too, as I won't be able to do that as it is not my server. 2. Is Rsync easy enough to get up and running and set it to run every 24hours?
View Replies!
View Related
Cron: How To Run Php File
My server with cPanel, I'd like run file http://domain.com/file.php at 0h00 everyday, I have set the Cron Job in cPanel : Code: 0 0 * * * /usr/bin/ehpwget http://domain.com/file.php but The cron is not working well Code: /bin/sh: /usr/bin/ehpwget: No such file or directory Can any one please let me know how to run a php file with cron. (as user or root)
View Replies!
View Related
Cron Run Php Scripts
I have my own server. I create php file for adding cronjobs. I checked /etc/cron.deny and /etc/cron.allow. both of them is empty so no problem. I execute the php script but nothing : I check with crontab -u user l and it told me no cronjobs for that user. When I access as root from ssh and try teh same command, it works fine. I don't understand how to fix that.
View Replies!
View Related
Get PHP To Run On Windows Host
I want to get PHP to run on Windows webhost. The webhost is not able to run a simple PHP file with phpinfo() yet. Tech support says I can use .htaccess to get PHP to run. What is the best way to setup PHP on Windows Host so that it can run Joomla?
View Replies!
View Related
How To Run PHP 4 And 5 In Ubuntu Without CGI
When we chose Symfony to implement [url], PHP 5 was needed but we only had PHP 4 installed in our Ubuntu hosting servers. We couldn¡¯t just migrate everyone to PHP 5 since some of client¡¯s applications were incompatible with PHP 5. Some tutorials were found online explaining how to run PHP 4 and PHP 5 simultaneously such as [url] and [url]but they all used CGI. As you probably know, CGI is not scalable and we needed to scale in PHP4 and PHP5 since we needed to server millions of hits in both configurations. The following are additional the requirements we had: 1. Run Apache 2. Use mod_php for both PHP versions. 3. Run eAccelerator with both PHP versions. 4. Use as many Ubuntu packages as possible to ease maintenance issues and easily deploy on multiple servers. 5. Use Ubuntu 6.06.1 LTS The solution we came up with was to run Apache 2 with PHP 5 and run Apache 1 with PHP 4 on separate IPs. Ubuntu comes already with these packages. The only package we had to compile was eAccelerator. The following lists the steps taken to get this setup: Apache 2 with PHP 5 * apt-get install apache2 libapache2-mod-php5 php5 php5-cli php5-curl php5-gd php5-mysql php5-dev make php5-mcrypt php5-imap * vi /etc/php5/cli/php.ini and uncomment extension=mysql.so * vi /etc/apache2/ports.conf and put Listen Your.IP.Goes.Here:80 * a2enmod expires * vi /etc/apache2/conf.d/hosting <VirtualHost *> DocumentRoot /home/httpd/mainpage ServerName mainpage.com ServerAlias www.mainpage.com Options Includes FollowSymlinks AddType application/x-httpd-php .php DirectoryIndex index.php index.html index.htm </VirtualHost># Cache images and javascripts ExpiresActive on ExpiresByType image/gif ¡°access plus 1 week¡± ExpiresByType image/jpeg ¡°access plus 1 week¡± ExpiresByType image/png ¡°access plus 1 week¡± ExpiresByType image/x-icon ¡°access plus 4 week¡± ExpiresByType application/x-javascript ¡°access plus 4 week¡± ExpiresByType application/x-shockwave-flash ¡°access plus 4 week¡± * cd /usr/local/src * wget http://bart.eaccelerator.net/source/...-0.9.5.tar.bz2 * tar xjvf eaccelerator-0.9.5.tar.bz2 * cd eaccelerator-0.9.5/ * phpize5 * ./configure * make * make install * mkdir /var/tmp/{eaccelerator4,eaccelerator5} * chown www-data /var/tmp/eaccelerator* * chmod 700 /var/tmp/eaccelerator* * vi /etc/php5/apache2/php.ini and add the following: zend_extension=¡±/usr/lib/php5/20051025/eaccelerator.so¡± eaccelerator.shm_size=¡±0¡å eaccelerator.cache_dir=¡±/var/tmp/eaccelerator5¡å eaccelerator.enable=¡±1¡å eaccelerator.optimizer=¡±1¡å eaccelerator.check_mtime=¡±1¡å eaccelerator.debug=¡±0¡å eaccelerator.filter=¡±" eaccelerator.shm_max=¡±0¡å eaccelerator.shm_ttl=¡±0¡å eaccelerator.shm_prune_period=¡±0¡å eaccelerator.shm_only=¡±0¡å eaccelerator.compress=¡±1¡å eaccelerator.compress_level=¡±9¡å Apache 1 with PHP 4 * apt-get install libapache-mod-php4 php4-mysql php4-gd apache-ssl apache-common libzzip-0-12 php4-common php4-dev apache * dpkg-reconfigure apache and uncheck mod_userdir and check mod_php4 and cancel on hostname * vi /etc/apache/httpd.conf and make sure to add this Listen Your.SECONDIP.Goes.Here:80 NameVirtualHost *# Cache images and javascripts ExpiresActive on ExpiresByType image/gif ¡°access plus 1 week¡± ExpiresByType image/jpeg ¡°access plus 1 week¡± ExpiresByType image/png ¡°access plus 1 week¡± ExpiresByType image/x-icon ¡°access plus 4 week¡± ExpiresByType application/x-javascript ¡°access plus 4 week¡± ExpiresByType application/x-shockwave-flash ¡°access plus 4 week¡±Remove the following <IfModule mod_alias.c> Alias /icons/ /usr/share/apache/icons/ <Directory /usr/share/apache/icons> Options Indexes MultiViews AllowOverride None Order allow,deny Allow from all </Directory> Alias /images/ /usr/share/images/ <Directory /usr/share/images> Options MultiViews AllowOverride None Order allow,deny Allow from all </Directory> </IfModule> <IfModule mod_alias.c> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory /usr/lib/cgi-bin/> AllowOverride None Options ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> </IfModule> Change <Directory /> Options SymLinksIfOwnerMatch AllowOverride All </Directory> ServerSignature Off ServerTokens Prod * cd /usr/local/src * rm -rf eaccelerator-0.9.5 * tar xjvf eaccelerator-0.9.5.tar.bz2 * cd eaccelerator-0.9.5/ * phpize4 * ./configure ¨Cwith-php-config=/usr/bin/php-config4 * make * make install * vi /etc/php4/apache/php.ini and add the following: zend_extension=¡±/usr/lib/php4/20050606/eaccelerator.so¡± eaccelerator.shm_size=¡±0¡å eaccelerator.cache_dir=¡±/var/tmp/eaccelerator4¡å eaccelerator.enable=¡±1¡å eaccelerator.optimizer=¡±1¡å eaccelerator.check_mtime=¡±1¡å eaccelerator.debug=¡±0¡å eaccelerator.filter=¡±" eaccelerator.shm_max=¡±0¡å eaccelerator.shm_ttl=¡±0¡å eaccelerator.shm_prune_period=¡±0¡å eaccelerator.shm_only=¡±0¡å eaccelerator.compress=¡±1¡å eaccelerator.compress_level=¡±9¡å
View Replies!
View Related
Can't Run PHP Stable With Versions Above 5.0.3
Windows 2003 IIS6 PHP 5.0.3 and PHP 5.2.1 running with the ISAPI dll MySQL 5.1.11 I kind of have 2 problems, the first being the one in the thread title and the second is while running any version of php my main site experiences slowdowns and hangs. For some reason whenever I try to install a new version of PHP I have major problems. I have tried several times when new versions come out. I just recently tried the newest, 5.2.1, which I want to try and use, I think there are performance improvements for IIS and windows platform in the new 5.x versions? Anyway I can install 5.2.1 and get it running, and my sites load, but soon after my main site starts to hang, stops loading or loads extremely slow. I can't figure it out. I even tried using the exact same PHP.ini settings from my old working php install. So everytime I am forced to go back to the latest version that I know works with my server/sites, 5.0.3 [url] If I restart IIS the pages start loading fast again right after, even recycling the worker process that the site uses usualy makes the pages load normal again. I tried setting the worker process to recycle every 60min and to use 2 web gardens. These changes havn't really had any affect for better or worse. Downgrading back to PHP 5.0.3 seems to run a bit more stable, but even with this version I get these slowdowns now. I have been running my site(s) on this server for 3 years now and most of the time they have ran stable. -------------------------------------------------------- I was sleeping this morning and recieved a text-message saying the site wasn't loading. So I wake up and the site indeed was pretty much not loading at all. I look at permon that I left running to see this: [url] I give IIS a restart, which you can see above, then the levels go back to normal, here is a screen shot a couple minites later to what the "Current Connections" graph usualy looks like when the site loads fine. [url] During this slowdown the CPU usage was not maxing out, was maybe averaging 60% and ram was 50%. I am getting a 2nd server soon to off-load the MySQL to it and have it dedicated for that. But i don't think that will help this current issue. Here is the system resources when the site is loading fine: [url] I have around 40 or so other sites hosted on IIS and my main site "canadaka.net" which is purple on the top graph, is the only one that hangs or slowsdown. When this slowdown happens to this site, all the other sites on IIS, which are on a seperate worker process, continue to load fine. I can't figure out why these slowdowns are happening.
View Replies!
View Related
Crontab To Run PHP [without Using Wget And Lynx]
Hello, I don't know how to use crontab to run PHP without using wget and lynx 1) The PHP script can run via SSH command line mode without problem 2) I can use crontab to run the PHP script with wget or lynx. However, 3) The script will not run if i using below entry 1 2 * * * php /path/to/script/crontest.php 1 2 * * * php -q /path/to/script/crontest.php 1 2 * * * php -f /path/to/script/crontest.php 1 2 * * * /usr/local/bin/php - /path/to/script/crontest.php 1 2 * * * /usr/local/bin/php -f /path/to/script/crontest.php 1 2 * * * /usr/local/bin/php -q /path/to/script/crontest.php
View Replies!
View Related
IIS - Make PHP Run With .html Extension
I know nothing about IIS as I ormally use Linux / Apache so I'm not sure this is possible. I have built a site in PHP that the client now wants to move over to a IIS-hosted server. Although it's all in PHP because it was a re-build of an old static site I used ModRewrite to make all the page .html. I know IIS doesn't have a URL rewrite feature as such. What I was wondering is, is it possible to configure IIS so that a PHP page can have a .html extension?
View Replies!
View Related
Cheap Reliable Server That Can Run PHP/MySQL With Plesk
I currently have a decent server that runs around 10 websites, but 1 of those sites contributes around 99% of the total traffic. This large site is being moved onto a new server, leaving the remaining 9 sites rattling around on this big (and expensive!) server. So, I am now looking for a smaller server to handle the other smaller sites. They get minimal traffic - around 5k uniques a day.
View Replies!
View Related
Changing Register_globals From .htaccess Will Cause 500 Error When Php Run As CGI
Today I have a customer want to swich the register_globals on on his account ,,, i'm running PHPSuExec and running php as cgi not as Apache module , and as you know using php as cgi will cause internal error 500 if some one add php_flag register_globals on to .htaccess file. what is the soluation to switch register_globals on for his account only without using the .htaccess file. put in mind the php files that need the register_globals to be on is encrypted with zend , so we does not have access to it for modification. have any one have the solution?
View Replies!
View Related
Run Php4 For .php4 Files And Php5 For .php [httpd.conf]
First off my error: apache force downloads .php4 files Background: Im attempting to run php4 and php5 at the same time. I had php 5 installed with the server when I got it. I have installed php 4 from the source like this: Code: ./configure --with-apxs=/usr/local/apache/bin/apxs --prefix=/PHP4 --without-mysql I then copied the php.ini file to /PHP4/php.ini In my httpd.conf Im loading and adding both php 4/5 modules like so: Code: LoadModule php4_module libexec/libphp4.so LoadModule php5_module libexec/libphp5.so AddModule mod_php4.c AddModule mod_php5.c Then later in the httpd.conf Im trying to tell apache to handle .php4 files with PHP 4 and .php with PHP5 Code: AddType application/x-httpd-php .php AddType application/x-httpd-php4 .php4 I restarted apache to load the new conf. .php files still use PHP5, but for some reason .php4 files are being downloaded, not running with PHP 4. If I use htaccess to application/x-httpd-php4 php, .php files also force download. What am I missing?
View Replies!
View Related
777 Permissions For Www
Let me start off with saying: I haven't had any suspicious activity, nor do I think I was compromised. I logged in as root, and was simply clicking around my dedicated server and came across a few folders with permissions at 777. ALL are above /public_html Irregardless, is this safe? I recall reading a bunch of topics on here, that /tmp needs to be hardened. Isn't this also above /public_html? For one example: /var/tmp is chmod to 077 ..inside is a bunch of sess_ files Is this folder open to hacking?
View Replies!
View Related
How Do You Avoid Using Chmod 777
I know you're not supposed to use 777 but it seems some scripts just simply won't work without it, what steps needs to be taken to avoid using 777? as far as i understand we're only supposed to use 775 for folders and 644 for files correct?
View Replies!
View Related
What Is Bad If I Leave 777
Website script requires to put permission from 777 to 644 after all job will be done. but as i need permanently changes in files, i wand just leave it 777. Can i leave 777 ? and please if i do this is bad with 777 and how it damage website?
View Replies!
View Related
Avoiding The Dreaded 777
Just wondering what options I have so that I can finally be rid of the 777 folders and lower them to 755? Problem, I run several scripts that I assumed require 777 permissions, such as forums and gallery scripts. How else would images/attachments be uploaded to the server? I`m running a linux vps, however I`m relatively new to server security and admin stuff. Reason I brought this up, quite a few of my 777 folders on various scripts had some unwelcome php and htaccess files added over the last few weeks. No doubt malicious! I only just discovered them this evening. I keep hearing about PHP Suexec and other features, but I`m concerned using these migh kill the attachment features of a forum for example. What good is a gallery if we cannot upload anything. I know there are ways around this, but I need something in laymans terms.
View Replies!
View Related
Chmod 777 Vs 755
I've just moved from a reseller account with ResellerZoom, so a VPS with SolarVPS. When I was with RZ all my scripts could write to folder with the 755 permissions. On the vps I have to alter the folder I want the script to write to to be 777. Which the is best and most secure? I think I understand that if a folder is 777 then anyone on the server can write to that folder. So I assume some sort of thing that stops users being able to access folders outside of their own folders is needed? is that right?
View Replies!
View Related
User Nobody And 777 Directories
I have a couple of scripts on my server that require directories to be chmoded to 777. This has let hackers upload code that is being used in phishing schemes to my server. How can I prevent that? can I disable user nobody?
View Replies!
View Related
777 Permissions/osCommerce - Dedicated Box
I'm running a site on a dedicated box, with no other user accounts. In order to get some of the features for my osCommerce site to work, I have to have a few files/directories set to 777 permissions. It's my understanding that anyone who gains user access to the server would then be able to write/edit those files and directories, yes? It does not, however, mean that average joe web surfer has rights on them, correct? So, assuming I keep up to date on security patches, lock the server down as well as possible, and keep my account as the only one on the server, is there any major security issue with leaving those 777 permissions? I'd hate to close them off, as it would kill some REALLY helpful features, but security is important.
View Replies!
View Related
Brute Force In CPanel
Over the last few weeks I've been getting emails from WHM stating "x login failures attempts to account root (system) -- too many attempts from this ip" These emails have been coming in almost hourly and it seems as though somebody is trying to guess the password to the root account and random other accounts. For now I reduced the amount of failed login attempts to 2 before cPanel blocks the IP. Is there any other way I can completely stop this person from even attempting to guess my passwords?
View Replies!
View Related
Brute Force Attack
I have a managed VPS and I haven't really ever paid too much attention to the logs until now. I noticed that the APF logs indicate a 2-5 attacks on my server attempting to log in via ssh. My system allows 10 minutes of log in failure attacks before apf bans the ip. To eliminate the method of attack, I see 2 ways. One way is to change the SSH port; the second is to only allow ssh via specified ip's. What are the pro's and con's of both... also are there other ways to eliminate these attacks via ssh?
View Replies!
View Related
FTP Brute Force
I checked my attachments folder in WHMCS dir There was a file ftpquickbrute_08.05.2008_10_47_08.log Opened it up it says: Quote: FTP Quick Brute (called c99shell v. w4ck1ng-shell (Private Build v0.3)) started at 08.05.2008 10:47:21 No success. connections! ------------------------------------------ Done! Total time (secs.): 3.2036 Total connections: 101 Success.: 0 Unsuccess.:101 Connects per second: 31.53
View Replies!
View Related
What To Do With The Brutal Force Data
I would like to know what you do with your BFD data? when you receive an alert message with IP of who tried to hack your server: - do you just ignore? - do you send a message of it abuses for the responsible for IP? I sent for a long time messages of it abuses, but never nobody answered... is that normal? when will anybody make something against these people?
View Replies!
View Related
Flood In FTP And Brute Force
flood in FTP and brute force all day i receved msgs of BFD someone trying acess server, how to stop it, exemple: Executed ban command: /etc/apf/apf -d 221.186.164.233 {bfd.pure-ftpd} The following are event logs from 221.186.164.233 on service pure-ftpd (all time stamps are GMT -0500): Oct 25 13:52:37 svr1 pure-ftpd: (?@221.186.164.233) [INFO] New connection from 221.186.164.233 Oct 25 13:52:37 svr1 pure-ftpd: (?@221.186.164.233) [INFO] New connection from 221.186.164.233 Oct 25 13:52:38 svr1 pure-ftpd: (?@221.186.164.233) [WARNING] Authentication failed for user [router] ....
View Replies!
View Related
Lighttpd Force File Download IE
we are running a file sharing service and use lighttpd as a web server the problem is that in Internet Explorer are some files i.e. .mpg, .pdf and others opened directly in the browser so is there a way to prevent this behavior(to force the browser to download the file) by setting headers (or something else) in lighttpd.conf?
View Replies!
View Related
Brute Force Attack On VPS
Today I woke up to a couple of emails from people in China and India trying to break into my server. Then as I went to login to WHM I get this message: This account is currently locked out because a brute force attempt was detected. Please wait 10 minutes and try again. Attempting to login again will only increase this delay. If you frequently experience this problem, we recommend having your username changed to something less generic. Are there ways that I can prevent these attacks? I know that the IPs involved are getting banned, but are there any other methods I should be taking?
View Replies!
View Related
Manually Force DNS Change
we're using a subdomain to point to one of our server's IP. (gaming purposes). And people use this subdomain to connect to the game server. However, We are going to move to a new server soon with a different IP. I know, only thing I have to do is change the IP of the subdomain to point to the new server, however I know this will take like 1 to 48 hours to fully work. Is there a way to force people who's still connecting to the OLD Ip to go to the new IP?
View Replies!
View Related
Brute Force Detection (bfd)
ive just installed bfd on a new server: [url] And im getting the following in an email every 10 minutes: Code: /usr/local/bfd/conf.bfd: line 26: : command not found /usr/local/bfd/conf.bfd: line 38: : command not found /usr/local/bfd/conf.bfd: line 47: : command not found /usr/local/bfd/conf.bfd: line 59: : command not found /usr/local/bfd/conf.bfd: line 60: : command not found /usr/local/bfd/conf.bfd: line 76: : command not found /usr/local/bfd/conf.bfd: line 88: : command not found The email is being sent from: Cron Daemon <root@hostname.com> (replaced hostname myself) Now i know this isnt r-fx networks support but none of there support options seem to work so i figured id post here considering the amount of users that are likely to be using bfd (or you should be)
View Replies!
View Related
DoD Brute Force Attack
Ok, this is weird. What do you do when your VPS was submitted to a brute force attack from the U.S Department of Defense? The IP Whois and Reverse DNS gives me "DoD Network Information Center", why in the world would they try to force access to a small (less than 20 clients) Canadian host? And in case you're wondering, they don't seem to have any abuse email address.
View Replies!
View Related
Avoiding Port Scanning And Brute Force
I get a lot of messages from CSF about Port Scanning and Bruteforce detection.. Is there a way to avoid all of these attacks ? Because it tries to figure out my clients ftp or pop3 user with several usernames, i.e. administrator, postgres, mysql, httpd, and many more.. I know a little about internet security.. Is it possible to make my public IP of shared hosting untraceable ? Like this one.. Just do a ping to ebay.com or paypal.com and then you will receive RTO message or Destination host unreachable, but actually the site is running well..
View Replies!
View Related
WHM/Centos/VPS Having Brute Force Attacks
I am getting these types of reports in my nightly reports: ================= sshd: Authentication Failures: unknown (bips131.bi.ehu.es): 212 Time(s) mail (bips131.bi.ehu.es): 4 Time(s) news (bips131.bi.ehu.es): 4 Time(s) root (bips131.bi.ehu.es): 4 Time(s) unknown (swplinux02.swp.ewr.qwest.net): 1 Time(s) Invalid Users: Unknown Account: 213 Time(s) Two nights ago: --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: unknown (195.251.109.21): 413 Time(s) root (195.251.109.21): 108 Time(s) webadmin (195.251.109.21): 18 Time(s) root (200.55.193.59): 16 Time(s) daemon (195.251.109.21): 8 Time(s) ftp (195.251.109.21): 5 Time(s) root (218.19.69.193): 4 Time(s) Invalid Users: Unknown Account: 413 Time(s) =============== My VPS support said I could try: -alternate sshd port -require key access -selecting client ip access -rate limit incoming sshd syn packets per src address However, I need some help understanding the best way to address these so that these brute force attacks aren't successful.
View Replies!
View Related
|
TRACKER
