Hacking Buildapache To Add Mod_deflate (for 1.3.37)

Apr 3, 2007

apparently a mod_deflate patch has been available for apache 1.3.37 for some time but since I rely on cpanel as a huge time/knowledge saver, I'd like to hack it into buildapache/easyapache so it's an option just as easy as mod_gzip is (with a simple checkbox)

after poking around I learned that all the magic happens in /home/cpapachebuild/buildapache
I've studied how mod_gzip is activated/installed but some steps are beyond me

mod_deflate for 1.3.37 is here [url]the critical files inside are of course mod_deflate.patch and mod_deflate.c

so I assume stick those files into a directory under buildapache, but where do I hack in the patch and build steps?

View 4 Replies


ADVERTISEMENT

Install & Run Mod_deflate In Apache2

Jul 17, 2008

I want run mod_deflate in my serve my server is apache 2.0.63

How can I do this?

View 0 Replies View Related

Zend Core / Mod_Deflate

Jul 29, 2008

Anyone have experience getting mod_deflate up and running on Zend Core?
(apache 2.2.4 / PHP 5.2.4)

If so, how did you do it? Seems Zend Core doesn't include mod_deflate.so by default.

View 0 Replies View Related

Installing Mod_deflate On Apache 1.3.37

Mar 26, 2007

I am new to our own vps with cpanel (though used cpanel for years) and instead of just using the built-in script to install mod_gzip I wanted to use the special mod_deflate for 1.3.37 I've read about since it apparently is much faster

The problem is I've only compiled and built minor things before with step by step
instructions - and I realize this has the potential to hose my server so I want to make sure I do it right.

I found these instructions:
[url]

if I ignore the mod_accel bits, does it look like that would be fine on a regular cpanel setup?

I'm such a newb I am not sure even what location to unpack those tarballs so even more detailed instructions would be greatly appreciated if anyone is willing to share.

View 0 Replies View Related

Mod_deflate Issues - Not Respecting MIME Types

Jun 8, 2008

I've got mod_deflate set up with Apache with the following line in httpd.conf:

Code:
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css application/x-javascript
</IfModule>

It works well, for most things.

The issue I'm having is that mod_deflate is compressing binary data, outputted from PHP scripts as well (undesirable).

The script sends a Content-Type: application/octet-stream header, so I'm guessing that mod_deflate is simply not looking at headers generated by the script before compressing output.

I've even changed the default MIME type for Apache to application/octet-stream but to no avail.

Note that static content which has a defined MIME type doesn't get compressed - it's only the output generated by scripts.

Also, there is no defined MIME type for the .php extension.

I've also tried to disable the filter for certain directories, however, Apache doesn't seem to have an opposite to AddOutputFilterByType (although it does for AddOutputFilter (RemoveOutputFilter)). Also, I can't seem to stick in a negative <Directory> command either, which is a pain :/

View 0 Replies View Related

A Lot Of Hacking

May 7, 2009

today i have a lot of hacking on my server .

i searched for shell scripts on the server , and i found alot of it :

[root@host svt]# ls -l
total 48
-rw-r--r-- 1 koky koky 6700 May 7 08:14 s.php
lrwxrwxrwx 1 koky koky 48 May 7 08:07 s1 -> /home/user1/public_html/vb/includes/config.php
lrwxrwxrwx 1 koky koky 47 May 7 08:12 s2 -> /home/user2/public_html/vb/includes/config.php
lrwxrwxrwx 1 koky koky 48 May 7 08:19 s3 -> /home/user3/public_html/vb/includes/config.php
lrwxrwxrwx 1 koky koky 47 May 7 08:37 s5 -> /home/user4/public_html/vb/includes/config.php
lrwxrwxrwx 1 koky koky 49 May 7 08:49 s6 -> /home/user5/public_html/vb/includes/config.php
-rw-r--r-- 1 koky koky 13199 May 7 07:59 ss.php
-rwxr-xr-x 1 koky koky 23005 May 7 07:58 svt.svt

as u can see he uploaded the files on this account "koky" and redirected this files to user1,user2,user3,user4 and user5 accounts .

and he could read the config.php and then hacked the site easly !!

i read befor that the reason of this is Perl on the server , and the way to solve it to edit httpd.conf by adding this in it :

<Directory "/home">
Options -ExecCGI -FollowSymLinks
AllowOverride AuthConfig Indexes Limit FileInfo Options=IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
</Directory>

and then restart the http :
service httpd restart

i did all of that , and when i restarted http it said :
[root@host www]# service httpd restart
Syntax error on line 51 of /usr/local/apache/conf/httpd.conf:
Invalid command 'Options=IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch', perhaps misspelled or defined by a module not included in the server configuration

and all the sites got down !

i deleted :
<Directory "/home">
Options -ExecCGI -FollowSymLinks
AllowOverride AuthConfig Indexes Limit FileInfo Options=IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
</Directory>

from httpd.conf and then sites worked correctly .

so you all know my problem now ! and i think alot of you have the same problem , so i wish we all try to find any solution for this and knows the best way to protect pel on the server .

View 5 Replies View Related

Stop Hacking

Feb 6, 2009

a site i manage for a client is being hacked every couple of days, its not the actual site but the hosts server thats getting attacked, all sites on that server, well actually all thier servers.

They have made no attempt to sort this problem, i report it they look at the site and say "site loads fine for us" which it does.

All index files are having a base64 encode line written after the <body> tag, this adds hundreds of spam links which are hidden with display:none; they also add .html to application types in htaccess for php to run in these files too.

Problem is, i am moving the site to another host but cannot change the nameservers to the new host's untill the client returns from a holiday, so i must keep the site up on the insecure host for now.

I am removing the spam code almost daily, is there anyway i can stop this attack happening for the time being, the host does nothing.

View 14 Replies View Related

Hypervm Hacking

Jun 8, 2009

As well all know there has been a hypervm exploit which may have taken down fsckvps and other hosts have been having attacks. If possible install any program that will warn you of a connection to your server and or provide input on what it may or may not be.

I myself Just had a blank php format file uploaded to a clients vps and It tried accessing other vps servers. As far as I know the ip was rapidly changing and untraceable (this may or may not be from the exploit), If anyone else is having hypervm attacks or server attacks please post here so instead of working within our own company's we are working as a group of over 10 thousand+ wht members to solve this issue ourselves.

(mods may move this wherever)

View 14 Replies View Related

Server Hacking...

Jan 15, 2008

i have a server and these days my server is hacking by the hacker the problem is, chmod 777, there are many dir's with the chmod 777 and hacker is uploading files and creating folders under the folder which is created with chmod 777, now i just want to know how i can block the hacker, and is there any way to allow the scripts which in my server and not allow any other scripts to upload files in my server

i have linux server

View 14 Replies View Related

Is This A Hacking Attempt

Feb 22, 2007

my referals logs that I keep on a website, I have come accross the following this morning, Is this some one who is trying to gain access to the server etc.

[url]
[url]
[url]
[url]
[url]

I have the Ip addresses that they have come from and it resolves to a Russian (I Think) website.

Im just looking through all the folders on the server now and no data has been comprimised as far as I can see and im going to use the query strings in order to block access and also deny access via ip address.

View 1 Replies View Related

MYSQL Hacking

Jun 27, 2007

alot of Databases in my server was hacked

Hacker can edit tables

Are there any any ports in MYSQL4?

View 14 Replies View Related

Forums Hacking

Jun 20, 2007

Alot of VB forums have hacking every day
In fact All hackers couldn't hack databases or files

They only edit one template in style like header or forumhome
So Uploading style again resolve the problem
But How can I disallow them to to edit templates

Any functiond to disable or rule for mod_sec ?

View 4 Replies View Related

Hacking Attempt

Sep 13, 2007

see the log entries below:

LogFormat "%h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i" "%{X-Forwarded-For}i""

1.2.3.4 - -[12/Sep/2007:11:15:38 +0900] "GET /~kjm/security/ml-archive/bugtraq/2006.04/msg00283.html//footer.inc.php?settings[footer]=[url]HTTP/1.1" 404 268 "-" "libwww-perl/5.808" "-"

1.2.3.4 - - [12/Sep/2007:11:16:00 +0900] "GET //footer.inc.php?settings[footer]=[url] HTTP/1.1" 404 213 "-" "libwww-perl/5.808" "-"

What can you say from the above log entries?

View 1 Replies View Related

So How Does Hacking Work

Nov 29, 2007

I keep reading all these devastating posts about people's machines being compromised. Are most of these hacks due to weak passwords of administrators or clients which end up getting bruted, or are there known exploits for cpanel/plesk/apache etc? I am setting up an apache-only server with a really secure password, but I am wondering if it could still be breached using an exploit.

View 14 Replies View Related

Is Someone Hacking My Server

Apr 25, 2007

Purely by accident I logged in a few minutes ago onto my server and ran a 'ps -ax'

At the very end I had the following lines:

29803 ? S 0:00 /bin/sh /usr/local/sbin/bfd -s
29804 ? D 0:00 /bin/sh /usr/local/bfd/tlog /var/log/secure sshd.4
29805 ? S 0:00 grep sshd
29807 ? S 0:00 grep -viw error: Bind
29808 ? S 0:00 sed s/::ffff://
29814 ? S 0:00 grep -iw Illegal user
29816 ? S 0:00 grep -iwv Failed password for illegal user
29817 ? S 0:00 grep -iwf /usr/local/bfd/pattern.auth
29818 ? S 0:00 awk {print$10":"$8}
29819 ? S 0:00 grep -E [0-9]+

Is this someone hacking my password file or is this something diffrent?

View 2 Replies View Related

Php Injection & Session Hacking

May 28, 2008

I had done a program in early 2006 for a site in php-mysql. At the time of doing the code, The code written was not so standard and it contained uninitialized variables used for include file paths (eventhough values are assigned to it before using) and the "sess" folder was created within the website folder. Also the parameters for the SQL query were not escaped, but everything was working fine.

And now i was informed that the insecure code in my program caused the server crash and i have to pay the penalty for the same. Can anyone let me know whether the below code / keeping the session variables within a folder inside the /www/ will make the sites hosted on the server where this program runs to stop/crash for ever ?

------------------------------------------------------------------
function update_region($id,$regname,$regcom)
{
$query = "UPDATE taxregion_mast SET taxregion_name = '". $regname."',
region_comments = '". $regcom."' WHERE region_id =" .$id;
mysql_query($query);

......
-------------------------------------------------------------------

View 3 Replies View Related

Hacking Attempt On Site

Jul 20, 2008

I am having issue with my server. Someone is trying to execute some code and possibly trying mysql injection method.

I have pasted the code below.

Please suggest what can be done in this case.

Regards
Gagandeep

+++++++++++

The person tried to use different IPs and different websites to execute the code.

URL >> IP

[url]

[url]

[url]

ftp://212.11.127.86/tmp/trem/1? >> 87.118.118.156

There are many such queries under my logs.

The person is using different IPs, so, i can't even block that many IPs.

++++++++++++

The CODE

<?php
function ConvertBytes($number) {
$len = strlen($number);
if($len < 4) {
return sprintf("%d b", $number); }
if($len >= 4 && $len <=6) {
return sprintf("%0.2f Kb", $number/1024); }
if($len >= 7 && $len <=9) {
return sprintf("%0.2f Mb", $number/1024/1024); }
return sprintf("%0.2f Gb", $number/1024/1024/1024); }

echo "Osirys<br>";
$un = @php_uname();
$id1 = system(id);
$pwd1 = @getcwd();
$free1= diskfreespace($pwd1);
$free = ConvertBytes(diskfreespace($pwd1));
if (!$free) {$free = 0;}
$all1= disk_total_space($pwd1);
$all = ConvertBytes(disk_total_space($pwd1));
if (!$all) {$all = 0;}
$used = ConvertBytes($all1-$free1);
$os = @PHP_OS;

echo "0sirys was here ..<br>";
echo "uname -a: $un<br>";
echo "os: $os<br>";
echo "id: $id1<br>";
echo "free: $free<br>";
echo "used: $used<br>";
echo "total: $all<br>";
exit;
?>

View 5 Replies View Related

My Thoughts About Hacking... [Part 1]

Jul 8, 2008

Is security really that critical? If so, why are some of the largest software companies providing such a bad example for the rest of the industry? Why would someone want to target my website? Why is security often overlooked?

These are all common questions that arise on a daily basis within the online industry.

The rest of this article will provide some detailed answers, along with practical examples and true scenarios.

I've spoken with numerous hackers over the past short while. I can't count the number of times I've heard the line "Ignorant site owners deserve to be hacked". In my opinion, that's like claiming that cars without alarms deserve to be stolen, or homes without alarm systems deserve to be burglarized. It's not just wrong - it's illegal.

Security risks and vulnerabilities affect the entire online industry. When a single website is hacked, there are usually multiple other victims. This is most commonly seen with widely distributed software. A potential attacker has the ability to install the software on a test environment, locate the vulnerabilities, then attack random victims even before anyone else is aware of the potential exploits. Once a vulnerability is located, the attacker simply needs to search for other environments using the same software, and within minutes there are hundreds, often thousands of potential victims.

Typically, in the race to market, software providers are encouraged to release their products as soon as the applications are usable. Critical development procedures are often overlooked or intentionally bypassed. One such miss is an application vulnerability assessment. Although the product may be usable, the effects of a vulnerable application could be severe.

Sadly, nobody is "off limits" when it comes to hacking. Most hackers feel safe committing online crime, since the online industry has evolved much faster than the security industry. Many applications are not created with the intent to recognize hacking attempts. Some hackers view their actions as a competition - Who can attack the most valuable website? Who can exploit the most user databases? In many cases, these attacks are bragged about within the hacker's immediate network. The competitive nature of these hacking groups has become so severe, there have been reports of attacks between competing organizations.

You might ask, "If I use industry standards, won't my environment be secure?". The short answer: no, but it helps. Hackers are not restricted by industry standards. Most security companies only implement new standards once at least one victim is reported. This often gives hackers plenty of time to locate other vulnerable environments, and before long, the number of victims can increase rapidly. Hackers are some of the most innovative individuals within the online industry. The most logical way to combat them is to use similar methodology for security purposes.

View 2 Replies View Related

My Vbulletin Forum Hacking

May 30, 2007

that my vbulletin forum redirect to another site

i upgrade to last version but i still have the same error

i have root access and want to know how i can restrict direct to another server

View 2 Replies View Related

Daily Hacking Attempts

Oct 13, 2007

Our VPS is being hit several times a day with hacking attempts. We have been actively monitoring error logs and can see the failed attempts. I was just wondering if there is a better way to track such attempts or another system log that wold provide additional info on these attacks? or maybe some 3rd party logging scripts?

View 13 Replies View Related

Index Page Hacking

Dec 4, 2007

One of my customer's domain name's index page is hacked with the pharmacy kind of URLs all over on the homepage. Anyone has idea about this? You can see the URL at
[url]

View 3 Replies View Related

Prevent Hacking/spamming

Jun 2, 2007

Will I depend on my hosting account(SSL) in preventing a hacking/spamming case scenario? What do I need to know to prevent hacking/spamming?

View 5 Replies View Related

How To Prevent Shell Hacking Like C.100 / R57 Exploit?

Apr 23, 2009

one of my client account has just been hacked with c.100 exploit. This method injects 1 php file that acts like fully featured file manager. This hacker use my client account to place multiple scam & phissing sites

now i'm wondering if this kind of exploit hacking have a way to counter them as my friend that there aren't any proved method untill now :-/

This is the php file i've recovered:
<<url removed>>

FYI, my server configuration:
- apache 2.2.11

- centos 5.2

- cpanel + whm 11.24.4

- suphp, clamav & modsec enabled

View 14 Replies View Related

Hacking Attempts From Server.softjin.com

Mar 12, 2008

I have been getting a lot of hacking attempts from this server:

server.softjin.com

They have offices in the U.S. as well as India, Japan, Singapore. I have reported them to [url]
and if you are in the U.S. and have proof of hacking attempts from this company, please post them here -

I am currently looking to compile a list of complaints so I can send another complaint report to ic3.gov

View 7 Replies View Related

IP Address Which Begins With 10 Means Hacking

Apr 29, 2008

I have some websites with different support, contact, ... forms. I have set the forms to record the subscriber IP, need to know when the IP begins with 10, it means a person submitted the form from inside the server? If so, what is the appropriate defense? If no, what it means? I know many experts are present here, please in addition to selling and introducing your service,

View 8 Replies View Related

Track Perl Hacking Script

May 19, 2008

I have FreeBsd with Cpanel.someone is running attacking perl script from my server.Below is information about that script but it shows / path in command lsof -p 30251 | grep cwd.

PID USERNAME PRI NICE SIZE RES STATE TIME WCPU CPU COMMAND
29018 root 96 0 35968K 30528K select 0:03 2.71% 2.69% perl

newinst# lsof -p 30251 | grep cwd
lsof: WARNING: compiled for FreeBSD release 5.5-STABLE; this is 5.3-RELEASE.
perl 29018 root cwd VDIR 4,12 1024 2 /

newinst# ls -la / | more
total 22413
drwxr-xr-x 25 root wheel 1024 May 16 03:23 .
drwxr-xr-x 25 root wheel 1024 May 16 03:23 ..
-rw-r--r-- 1 root wheel 1 Feb 21 2007 .black
-rw-r--r-- 1 root wheel 1 Feb 21 2007 .black.bak
-rw-r--r-- 2 root wheel 801 Nov 5 2004 .cshrc
-rw-r--r-- 1 root wheel 355 Feb 21 2007 .new
-rw-r--r-- 2 root wheel 251 Nov 5 2004 .profile
-rw-r--r-- 1 root wheel 1 Feb 21 2007 .rbl.db
-rw-r--r-- 1 root wheel 1 Feb 21 2007 .rbl.db.bak
drwxrwxr-x 2 root operator 512 Jul 19 2005 .snap
-rw-r--r-- 1 root wheel 1 Feb 21 2007 .uribl.db
-rw-r--r-- 1 root wheel 1 Feb 21 2007 .uribl.db.bak
-rw-r--r-- 1 root wheel 1 Feb 21 2007 .white
-rw-r--r-- 1 root wheel 1 Feb 21 2007 .white.bak
-r--r--r-- 1 root wheel 6184 Nov 5 2004 COPYRIGHT
drwx--x--x 3 root wheel 512 Aug 20 2005 backup
drwxr-xr-x 2 root wheel 1024 Dec 28 2006 bin
drwxr-xr-x 5 root wheel 512 Jul 19 2005 boot
drwxr-xr-x 2 root wheel 512 Jul 19 2005 cdrom
lrwxr-xr-x 1 root wheel 10 Jul 19 2005 compat -> usr/compat
-rw-r--r-- 1 root wheel 177 Dec 5 12:15 cpgd.c
dr-xr-xr-x 4 root wheel 512 May 16 16:23 dev
drwxr-xr-x 2 root wheel 512 Jul 19 2005 dist
-rw------- 1 root wheel 4096 May 13 15:58 entropy
drwxr-xr-x 28 root wheel 4608 May 19 11:57 etc
drwx--x--x 501 root wheel 9216 May 19 01:33 home
drwxr-xr-x 3 root wheel 1024 Jul 19 2005 lib
drwxr-xr-x 2 root wheel 512 Jul 19 2005 libexec
drwxr-xr-x 2 root wheel 512 Nov 5 2004 mnt
drwxr-xr-x 3 root wheel 512 Jul 21 2005 nonexistent
drwxr-xr-x 8 root wheel 512 Oct 30 2007 opt
-rw------- 1 root wheel 22786048 May 16 04:51 perl.core
dr-xr-xr-x 1 root wheel 0 May 19 11:57 proc
drwxr-xr-x 2 root wheel 2560 Jul 19 2005 rescue
drwxr-xr-x 13 root wheel 1024 May 19 01:33 root
drwxr-xr-x 2 root wheel 2560 Jul 19 2005 sbin
drwxr-xr-x 5 root wheel 13824 May 19 01:22 scripts
drwxr-xr-x 4 root wheel 1024 Jul 19 2005 stand
lrwxrwxrwx 1 root wheel 11 Jul 19 2005 sys -> usr/src/sys
drwxrwxrwt 9 root wheel 31744 May 19 11:57 tmp
drwxr-xr-x 21 root wheel 512 Dec 5 12:12 usr
drwxrwxrwx 24 root wheel 512 May 16 16:24 var

where it is localted at/path.

View 10 Replies View Related

Mod Security Rules And Hacking Attacks

Nov 15, 2007

I have a problem with a hacker from China. He keeps uploading 4 files to my server:

mail.php
mysql.info.php
footer.txt
header.txt

He did this with 4 different accounts so far.

I have mod security installed with the ruleset from gotroot.com but it doesn't help. Now my questions:

1. Where can I download the mod security core ruleset (is it helpful anyway ?) I already found this page [url] but I do not see a "download here" link anywhere... I found the link that points to [url] but then I do not see the mod sec ruleset anywhere...

2. The rules on gotroot.com have not been updated for a long time. Are they still useful ? What do you think ?

3. Any other sources for good mod sec rules that may resolve my issues with PHP exploits.

View 7 Replies View Related

C99Shell Stop Shell Hacking Totally?

Oct 19, 2007

Is there a way to stop them totally? i.e. even though they are successfully uploaded but I do not want the source to be available to them etc.?

I mean, is there a way to hide or not allow them to execute any shell?

View 7 Replies View Related

Reporting A Website For Illegal Hacking And Other Activities?

Sep 29, 2008

How would I go about reporting a website for illegal hacking and other activities?

Their host is fully supporting them. They have even given them the ip address of the proxy I used, in which case the client of theirs have added the proxy to their htaccess deny list.

View 12 Replies View Related

Is It A Hacking Attempt.. Request Of Wierd Files Along With Unwanted SSL Handshake

Mar 30, 2009

I see following errors in my server ie. httpd error logs:

Code:
[Mon Mar 30 07:23:55 2009] [error] mod_ssl: SSL handshake failed (server localhost:443, client 79.132.204.192) (OpenSSL library error follows)
[Mon Mar 30 07:23:55 2009] [error] OpenSSL: error:1408F455:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac
[Mon Mar 30 07:23:55 2009] [error] mod_ssl: SSL handshake failed (server localhost:443, client 60.63.241.18) (OpenSSL library error follows)
[Mon Mar 30 07:23:55 2009] [error] OpenSSL: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol [Hint: speaking not SSL to HTTPS port!?]
[Mon Mar 30 07:23:56 2009] [error] [client 114.224.169.0] File does not exist: /var/www/html/XRkVCfvCJ/GzTk/ChDbhf/-YSDDv/1Sch/2hfMMf/-M0DO/ACDEzXMEM/CYSkGFj/SGXtEUX0W/0KMV/RKJ2fTUDC/bFT/SX00/VtJVht/D1XvJBgHP/5lll.gif
[Mon Mar 30 08:46:42 2009] [error] server reached MaxClients setting, consider raising the MaxClients setting
In last you can see that MySQL reached maximum allowed client ..and it crashed

Also, at regular intervals I see such requests:
/var/www/html/XRkVCfvCJ/GzTk/ChDbhf/-YSDDv/1Sch/2hfMMf/-M0DO/ACDEzXMEM/CYSkGFj/SGXtEUX0W/0KMV/RKJ2fTUDC/bF/SX00/VtJVht/D1XvJBgHP/5lll.gif

Also I see SSL handshake failure notices while I do not have any SSL cert or SSL running site on this server.

View 4 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved