Links Files In Linux (file.txt For File.php)
Today I found some cstomer on the servers make a link for named it file.txt and link it to other customer php file.
so that customer have the ability to show the other custoer file content when visiting the url because it is a text wile originally it is a php file.
the php file was a config file, so now he know the database password , and because he is in the same server he can use that databse.
the question , how to avoide this prolem in the future?
notes , the SuExec is rnning and the open_basedir protection is enabled, but the problem still exists.
View Complete Thread with Replies
Sponsored Links:
Related Forum Messages:
Robots.txt File
I'm having a issue with my current robots.txt file , which is not properly handling the requests/ blocking the content to be access . What I want is that to only allow like google bots , yahoo , msn , bing , alexander ranking beside those bots block all other bots . my current file rebots.txt is below Code: User-agent: Googlebot Allow: / User-agent: googlebot-image Allow: / User-agent: googlebot-mobile Allow: / User-agent: MSNBot Allow: / User-agent: Slurp Allow: / User-agent: Teoma Allow: / User-agent: twiceler Allow: / User-agent: Gigabot Allow: / User-agent: Scrubby Allow: / User-agent: Robozilla Allow: / User-agent: Nutch Allow: / User-agent: ia_archiver Allow: / User-agent: baiduspider Allow: / User-agent: naverbot Allow: / User-agent: yeti Allow: / User-agent: yahoo-mmcrawler Allow: / User-agent: psbot Allow: / User-agent: asterias Disallow: User-agent: yahoo-blogs Allow: /
View Replies!
View Related
Do I Really Need A Robots.txt File?
1 Do I really need a robots.txt file? 2 Don't misbehaved spiders simply ignore them? 3 For 'disallow', shouldn't I only include urls which are linked from public pages - and not those which I use for testing and which aren't linked-to from any public pages? 4 If I include such urls in 'disallow', aren't I simply alerting spiders (and anyone else who wants to see what sections of my server I don't want known) to stuff they'd otherwise not discover?
View Replies!
View Related
Prevent PHP Files Used For File Uploading
It appears that some people like to take advantage of those files for online web applications such as Wordpress which have php files with permissions set to 777. They use those as a means of creating an upload file. The upload files that they create then have access to the whole server somehow... Is there anyway of preventing this from happening?
View Replies!
View Related
Simpleish PHP/flat Files - Create File, Edit, Save
Display some text in a web browser from a file called text.txt text.txt will have many lines and some of them I do not want users to be able to modify and overwrite. config_item_1=user can edit config_item_2=user should see but not edit (could be on any line) config_item_3=user can edit config_item_4=user can edit The user has made their changes in the web browser and clicks submit. I then need this info to be saved as the text.txt file however some checking needs to be done first. Anything matching config_item_2 should be removed. This could be on any line. Anything not matching should be permitted and added.
View Replies!
View Related
How To Rename A File In Linux
I have a list of files in a folder like this: /home/files/[url] And I need to rename them to this format: awstats092008.[url] I've played around with sed, rename, and a bunch of others.. but I just can't figure this out. server is CentOS 5.2
View Replies!
View Related
Strange PHP File On My VPS. (oxb.php)
I found a strange PHP file in a strange folder on a VPS I am using to host a few sites. I've looked through the logs but can't figure out how it got there and I've look at the code and can't make any sense of it. Can somebody take a look at the code and tell me what they think of it: .....
View Replies!
View Related
How To Tweak Linux For File Serving
i have few servers that just serve files (1MB-100MB) Suse Linux on all the servers have minimal apps installed and i already got a llarge performance increase by dumping apache now im look at tweaking at the OS level any settings in Linux itself to speed up sending files down the pipe? net.ipv4.tcp... in /etc/sysctl.conf?
View Replies!
View Related
Ffmpeg :: Cannot Open Shared Object File: No Such File Or Directory In Unknown On Line 0
Rapidly growing error logs showing the same message $ug-non-zts-20020429/ffmpeg.so' - /usr/local/lib/php/extensions/no-debug-non-zts-20020429//usr/local/lib/php/extensions/no-debug-non-zts-20020429/ffmpeg.so: cannot open shared object file: No such file or directory in Unknown on line 0 root@server [~]# ls /usr/local/lib/php/extensions/no-debug-non-zts-20020429 ./ ../ eaccelerator.so* root@server [~]# ls /usr/local/lib/php/extensions/no-debug-non-zts-20020429 ./ ../ eaccelerator.so* Using cpanel 11 / centos 4
View Replies!
View Related
Use .htaccess File To Allow Access To Zip Files Only From My Script
I have download manager script that I use for my customers to download products right after the purchase. Script generates download link that looks like this: http://www.yourwebsite.com/download/...582921B&p=1840 (where 2YY6582921B is receipt number that is different with each purchase). All products are placed in one folder. This folder can not be seen in above download url, but can be accessed thru browser and files can be downloaded that way without paying for them. Can I use .htaccess and if yes how, to protect all product files the way that they can not be accessed directly by visiting url thru browser (in case somebody will find the correct url), they should be allowed for access only for my download manager script.
View Replies!
View Related
SSH Or Program How To File Replace Lots Of Files
I have anywhere between 80,000 - 90,000 webpages that have a single code into this. Unfortunately at the time the web developer I used didn't use PHP includes. So each .html file has the code in it. I want a way so I can do a single command either a program or an SSH command can find the syntax in the files and replace it will code I have. Its just a single line of code that is basically for an adsense code, so the pub-blahblahblah etc.. Does anyone know of a SSH command I can use, or a program that will find and replace without manually opening up each file? 80k - 90k of opening files then find/replace will take forever!
View Replies!
View Related
File Size (content Length) Not Showing When Downloading Files
When I download a file from my server, only specific extensions are working. This is really annoying since I want to be able to see how much time left to finish a download. For example I uploaded a video with .vob extension file.vob --> does not show filesize when downloading If I rename the same file to different extension: file.avi --> works fine shows filesize when downloading file.mp3 --> works fine shows filesize when downloading file.rar --> works fine shows filesize when downloading file.mp4 --> does not show filesize when downloading file.wmv --> does not show filesize when downloading These are direct download links, not using any download scripts or anything. Why are some extensions displaying the filesize and some not displaying them? I am using Apache 2.x server.
View Replies!
View Related
What Type Of Server And Os, Etc For Just File Serving- Small Files Like Under 10kb
I have a website that just serves small files, under 10kb most of them. I just need a server that lets me ftp the file to it, set up subdomains and domains for one website. Don't need to manage mysql or anything. Not even php. Just serve files. A good fast OS? Something like lighttpd? Ioono? I'm currently doing 600gb of bandwidth per month. I'm expecting to do about 1000gb by the end of the year. Would a small server like a pentium 4 be able to handle just serving files?
View Replies!
View Related
PHP File Upload
I think I messed php config and I can't upload anything with php now Dir is chmoded on 777 and File_Uploads = On in php.ini I'm running lsphp5 with suhosin, when I try to import db via phpmyadmin I get error: Uploading is not allowed and when I try to upload some file via php script I can't
View Replies!
View Related
Php File Corruption
I have a Linux VPS with Liquidweb which is working fine except for one problem: On one domain I have a shopping cart (a highly modded CubeCart). A number of the files are encrypted php files (part of the extensive mods). For several weeks all will work fine, then out of the blue, the cart will stop working because a number of the encrypted files have become corrupt. The result is either a totally blank page or a 'checksum error'. Uploading the files from a local backup fixes things for another few days or weeks. I have no idea why this is happening, or what triggers it, so if anyone can point me in the right direction to find out what is behind the problem, I would greatly appreciate it. The server uses PHP 5.2.x
View Replies!
View Related
WHM Not Listing Account, DNS Etc, Missing Files, File System
I recently had an issue where my box wasnt listing accounts (on logging into WHM for the first time it would, thereafter browsing different functions in WHM it would fail to list any accounts), would not list any zone items when editing DNS zones and in general was acting very strange. I think the tech support chap narrowed it down to zero free inodes on the filesystem (i was even getting errors when editing files with 'vi'). This was increased for the VPS and all issues seemed to be resolved... However named and httpd were not starting after reboots. Again on looking closely named and httpd were missing from /etc/init.d (on CentOS 5.3)! This is very strange and i certainly didnt modify those nor delete such critical files. For a second opinion, is there any cPanel script that can be ran to fix the issues, i am concerned other things have been affected but havent manifested themselves yet (other files deleted etc). Does cPanel update script create the init.d files or is this done by the CentOS operating systems itself? Are these files modified during a cPanel update script? These init.d files for named and httpd have been readded (copied across from another box) and it seems to be ok again, but ideas on howto proceed much appreciated, as i mentioned i dont want any nasty supprises!
View Replies!
View Related
Cron: How To Run Php File
My server with cPanel, I'd like run file http://domain.com/file.php at 0h00 everyday, I have set the Cron Job in cPanel : Code: 0 0 * * * /usr/bin/ehpwget http://domain.com/file.php but The cron is not working well Code: /bin/sh: /usr/bin/ehpwget: No such file or directory Can any one please let me know how to run a php file with cron. (as user or root)
View Replies!
View Related
[php] <defunct> - What File Generating That ?
On my server, i have one user ho create load on my server. user 29508 22.0 0.0 0 0 ? Z 15:18 0:00 [php] <defunct> That user has more site added with addons from cpanel. How can I found witch site is generating that high load ? Also some time, I have php index.php ( and that don't help me very much ) The server run php as cgi module.
View Replies!
View Related
PHP Permissions (file Owner)
I have setup an ftp user which can upload files to /home/ftp/upload and obviously it assigns the ftp user as the owner when it uploads. Now, I want PHP to be able to rename those files, but getting a permission denied, presumably because apache aint the owner or doesnt have permission to do that, so how do I grant it the right permission(s)?
View Replies!
View Related
PHP File Change String
I currently have this code in my Image Upload script which changes the file name into sets of numbers and letters Quote: $new_file_name = "uploads/" . md5($_FILES['selector']['name'] . time()) . "." . $extension; How can i make it so its smaller than an md5, about 6 or 7 numbers and letters.
View Replies!
View Related
Mod_rewrite - Changing Paths In The Php File?
I am using mod_rewrite to create "pretty" urls but some of my files contain paths such as this: <img src="images/blah.jpg"> Meaning if the user visits a page where the file does not physically exist then it won't work. I want to know if it is possible to pick this up and rewrite the path. I.e.: change: <img src="images/blah.jpg"> to: <img src="../images/blah.jpg"> or <img src="../../images/blah.jpg"> As I don't want to create physical files with relative urls for every trunk of my url. For example: www.mydomain.com/directory/directory/directory/ Would need 3 different files in three different directories to display properly.
View Replies!
View Related
Chmod Choices With Php Writing To A File
My account has been hacked with every index.php page defaced. I've cleaned up and my shared wehost is pointing at me saying there shouldn't be any 777 permissions for any files in there. I used 777 to allow php to add records in a txt file and in an xml file. Is there a better / more secure chmod code I can use? Those are the only two instances where I need php to write to a file and those files shouldn't be served to anyone, I do not want anyone to be able to access them. How can I secure them while letting php write in them?
View Replies!
View Related
Php.ini And .htaccess File Permissions
I'm on a shared FreeBSD server, running Apache with Drupal, and vBulletin. I had to create a local php.ini file in my public_html folder for Drupal, and another in my forum folder for vBulletin. Now my question is, what should I set the permissions of these files to? Also, what should I set .htaccess permissions to as well? I'd like to keep them invisible to the public. But, I don't want any problems with Drupal, or vBulletin ether. I'm used to using Linux and I know how permissions work on a desktop. I just don't know what they do when used on a server. I'm guessing 640, but I'd like to make sure before I change anything.
View Replies!
View Related
Strip Whitespace From Each Line Of PHP File
I have a load of PHP files that need trimming down, so for example Code: <html> <?php $loads_of_stuff = 1231231; ?> </html> change to Code: <html> <?php $loads_of_stuff = 1231231; ?> </html> There are 000's of lines, so some awk command or something similiar would be great to execute on each file.
View Replies!
View Related
How To Prevent People Upload Unwanted .php File
I have a 777 cmod folder open. It needed to be writable so that legitimate users can upload their picture. However, i do not want people to upload .php or .php.pjepg etc to the server. There are times that they do not use the form in my site to upload the php file. How can they do that? via perl command? And how to prevent such thing from happending?
View Replies!
View Related
How To Secure Your Php.ini File Safe Mode ; Disable_functions ; Etc
what are the most important issues for secure php.ini file like when you turn your SAFE_MODE ON or OFF? or please who every read this topic to post his important disable_functions in php.ini ... and if some functions disable to post it ... let's make this subject for the most important issues for secure your php.ini from script-kids as we can ... here i have some important question's for anyone has or controlling a server ; vps .... #0x01 ; what the most important disable_functions for the php.ini? #0x02 ; is the safe_mode should be enabled? or disable? and this depend on what exacly? #0x03 ; what the functions or any trick to control the nobody ( attacker on the server or shell ) FROOZ .... didn't move ? or make any command in the server ... #0x04 ; i saw in some secure server ( as they say ) they changed the Server : discribe to them name[s] like Server : SECURE BY US .COM OR SECURE SERVER .. uname -a : Linux secure.secure.com 2.6.9-023stab040.1 #1 Mon Jan 15 23:24:32 MSK 2007 i686 athlon i386 GNU/Linux sysctl : linux 2.6.9-023stab040.1 Server : SECURE BY US ! < [THIS WHAT I MEAN HOW COULD WE CHANGE IT IN PHP.ini ?] id : uid=99(nobody) gid=99(nobody) groups=99(nobody) <[how can we cannot make this nobody to have the host id ! everyhost in the server should have his own name and php.ini ?] pwd : /home/host/public_html/ #0x05 ; how can we hide the uname -a on the shell [ the attacker upload it to our customer site !] #0x06 ; how can we hide the sysctl to view to anyone like [ attacker ] ... #0x07 ; how can we rewrite on he Server Type the display for our secure message?Server : SECURE BY US ! #0x08 ; how can we give evey site and customer his php.ini file in his public_html? and how can we give him [ JUST HIS PERMISSION TO HIS SITES FOLDER AND NOT OTHER PATHS AND PERMISSION!] these question every one had a server ; vps , need to know and secure his box from other ... and anyone would like to publish any new [secure or not] idea please let us know what you would like to say ....
View Replies!
View Related
Proc List Only Shows "/usr/bin/php" - No More File Names
We use cpanel on our centos servers and we've updated our servers recently using easyapache to the latest php4 and mod_suphp and I've noticed that in top (running "top c" in shell) all php processes by any user are simply displayed as "/usr/bin/php" Before this update the processes also showed the file name eg. "/usr/bin/php lamescript.php" which allowed to easily find troublesome scripts ... but now there's no way of knowing what the script in question is that's eating up 100% of the cpu .. or is there?
View Replies!
View Related
Php Includes Issue On Linux Server With Apache 2.0.63 / Php 5.2.6
I am having some trouble with getting 'include' working. I have a new dedicated server running Apache 2.0.63 and PHP 5.2.6. Local includes on the same domain are running ok, but remote includes are throwing a problem. On the many sites we plan to host on this servber we use a central 'webmaster' page called as an include from a specific site (also on the same server). I need to edit the PHP.ini and /or recompile the PHP with the appropriate modules to do one of the following... 1 (ideally) - allow includes from any site that is held on this dedicated server 2. allow includes from specified websites 3. simply allow remote includes right settings to get one of these options running and solve my problem?
View Replies!
View Related
What Settings Are Really Necessary In Linux 'ifcfg' Files
my servers and they have a minimal list of settings in the ifcfg file. I am using centOS so it is ifcfg-eth0 and ifcfg-eth1. Anyway, here's one of them from a REL3 server. DEVICE=eth0 ONBOOT=yes BOOTPROTO=static IPADDR=xxx.xxx.xxx.xxx NETMASK=255.255.255.240 GATEWAY=xxx.xxx.xxx.xxx And the one I just saw when I did a fresh install of CentOS 4.4. DEVICE=eth0 BOOTPROTO=static BROADCAST=xxx.xxx.xxx.xxx HWADDR=xx:xx:xx:xx:xx:xx IPADDR=xxx.xxx.xxx.xxx NETMASK=255.255.255.240 NETWORK=xxx.xxx.xxx.xxx ONBOOT=yes TYPE=Ethernet So since I'm trying to learn what I'm doing here, what lines are actually needed and why does one setup have extra settings?
View Replies!
View Related
Clear The File
How to clear all content in e.g file.txt via ssh(OS is Debian)? I need a script to merge contents of 2 .txt files, e.g file1.txt and file2.txt to 1 file - file3.txt
View Replies!
View Related
|
TRACKER
