[PHP] Once more, with feeling
Dear All: Due to popular demand I've put the newest version of the Code Red detector on one of my servers in public, anonymous FTP. The URL is ftp://ftp.compuphrase.net/pub/codered ftp://ftp.compuphrase.net/pub/codered . After some research (annotated in the propaganda), I added the last 10 or so lines of code late yesterday to do the following: 1. Ascertain if this is a browser poking around or is it a true attack? Apparently the worm doesn't send a User-Agent header. 2. If there's no user agent, it's most likely that the attack is coming from IIS directly. If this is the case, cause a browser to pop up on the infected machine's console advising the admin that the attack has been detected and reported. 3. If User-Agent has a value in it, then the supposed attack is coming from a browser. Redirect that browser to the anticodered.html page. There are two items in the codered FTP folder: codered.php which must be put in your default web server's top directory. Remember, the worm isn't sending Host headers, either, so if you're using virtual name hosting on Apache, ONLY the default server will be hit. You must also rename this file to default.ida and do remember to make the AddType directive change in Apache. This is also annotated at the top of codered.php. The second item is the body of the anti-Code Red html page. There's no head or body section in that HTML codelet, which will allow you to cut-and-paste it directly into your template to keep your site's look and feel. Name it what you will, but make sure that the configuration at the top of default.ida matches. Any improvements or suggestions will be welcome. I'm still logging over 100 attempts per day and it doesn't seem to be slowing down any at all. I'd love to hear about your results and possibly some better techniques for the free-text parsing bit in the middle that finds the ISP from one of the major authorities. I realise that this appears kinda hasty. I didn't expect such a heavy or fast response. I really appreciate all of your help in getting me on my feet in PHP. The transition from ASP to PHP was much easier due to the warm support and education from all of you on the list. Enjoy! Bill Farrell Web Implementer http://www.compuphrase.com http://www.compuphrase.com
[PHP] Code Red Catcher
Hi All! I had to unsubscribe for a little while due to the volume but did want to follow up on the Code Red catcher script. Anyone wanting a new copy of the script, please email me directly. I made a gob of changes to the original code, slimming it down some and improving the lookups just a bit. What I DIDN'T expect was the reporting of over 100 Code Red attack reports per day. My word!! Obviously, the problem is STILL ongoing and far worse than has been reported in the news. Mind you, I run a teeny-tiny, no-great-shakes, niche-ISP business. We're hardly mentioned in search engines and due to the type of data mining and collation we do, we're also hardly interesting. This leads me to believe that Code Red is still rampant and hungrily devouring as much of the 'net's bandwidth as it can grab from as many locations as it can. Those large ISP's serving millions of hits a day (as opposed to our meager 20 million a month) must be suffering! Never have I been so grateful for Linux, Apache, and PHP. Having a little door-guard watching the fort written in a language all-but immune to the attacks has certainly opened my eyes and made me aware that even still, many people on the net are completely irresponsible about their updates and their security. I won't lay the blame entirely at Microsoft for leaving such inexcusably wide holes in products destined for interaction with the Web, but I'll certainly lay a god bit of it on those who insist on using M$ software, putting it directly on the net with no firewall and no updates. Putting the PHP Code Red detector script online has really shown me how bad the problem really is...and STILL is! Bottom line, Hooray for PHP and Hooray for Apache... what a great combination! Best regards, Bill http://www.
[PHP] Code Red Catcher
Hi again, Everyone: I didn't expect such a response so quickly. With your indulgence, I'll quote the code in this message. I just found out that Outlook (which is what I'm forced to use at Volvo) won't attach .ida files and I *think* this list strips attachments in any case. I don't remember offhand who put the link on this list for the original code. Most of it I didn't write, but have done some heavy carving and additions in spots. The IP-to-ISP lookup misses entirely about 2% of the time and needs a tiny-bit better parsing to determing the best of several provided email addresses for the ISP. I just haven't got that far yet :-) But the script works as intended, unattended. BTW, do remember to insert the AddType directive (near the top of the script in the propaganda) into your Apache config and reload Apache else the script won't activate. Be ready for your mailbox to fill. Personally, I had to turn off CC'ing myself on every complaint it generated, but I do check all the logs (syslog and the Apache logs) several times a day and I do keep a running count in a database for offline processing. I'd appreciate any modifications or bug-fixes. I'm not a spit-hot PHP programmer YET, but maybe someday when I grow up with all of your help. I really appreciate the education and encouragement that is freely handed out over this list. THIS is more like a community of folks actually doing GOOD things than any other list to which I've subscribed. Best regards, Bill file: default.ida ? /* Code red autoresponder does the following: - Checks the whois for the attacking host - Emails the offender Internet Service Provider, supplying hostname, target and date - Stores the attack into a file with information if email has been sent or: - Stores the attack into /var/log/syslog In order for this script to function, you need the following: - Add .ida to AddType application/x-httpd-php in httpd.conf - A writable directory for the user running the webserver or: - A file called code-red_ips.txt in your $path which has mode 770 bad2da / Efnet #php # 08/13/2001 jwwf ([EMAIL PROTECTED]) Substantially modified to examine all the root authorities, not just RIPE. Authorities can be added or removed at liberty by changing the $Authorities array. 09/01/2001 jwwf ([EMAIL PROTECTED]) Fixed the lookup so it actually looks up. Removed logging to file since Safe Mode has so many restrictions on file writing. Uses SYSLOG now. */ /* Configuration */ $name = admin; // The name you want your send the email AS $from = [EMAIL PROTECTED]; // put the From email address here $DefaultSendTo = [EMAIL PROTECTED]; // $path = /lib/www/html; // Path was removed in this version $logt = syslog; // file or syslog 09/01/2001 jwwf ONLY log to syslog $ThisWebServerFQDN = getenv( SERVER_NAME ); /* jwwf Patch to use all available authorities until we find this guy */ $Authorities = array( 'whois.arin.net', 'whois.ripe.net', 'whois.apnic.net' ); /* Define Variables */ $date = date(r); /* Is the client behind a proxy? */ if($HTTP_X_FORWARDED_FOR) { $ip = $HTTP_X_FORWARDED_FOR; } elseif($HTTP_VIA) { $ip = $HTTP_VIA; } elseif($REMOTE_ADDR) { $ip = $REMOTE_ADDR; } else { die(); } $host = gethostbyaddr($ip); /* In the case that no-one claimed to hold responsibility for this IP address, it might be spoofed. There are probably other authorities to query. If anyone knows who they might be, please let me know. Bill */ if ( $host == $ip ) { $host = possibly spoofed; } /* Define email message */ /* jwwf - Corrected spelling, worked on grammar a bit */ $subject = Code Red Infection Attempt from $ip to $ThisWebServerFQDN; $message = This message has been automatically generated by $ThisWebServerFQDN.\n\n; $message .= At $date we received an Code Red Infection attempt from a webserver on your network, from address ; $message .= $ip ($host). We would like to assist in preventing hosts from your network from ; $message .= infecting any more hosts on the internet and to put a stop to the worm.\n\n\n; $message .= Information about the Code Red Virus Worm\n\n; $message .= A Very Real and Present Threat to the Internet:\n\n; $message .= Install the patch today\n\n; $message .= Summary: The Code Red Worm and mutations of the worm pose a continued ; $message .= and serious threat to Internet users. Immediate action is required to ; $message .= combat this threat. Users who have deployed software that is vulnerable ; $message .= to the worm (Microsoft IIS Versions 4.0 and 5.0) must install, if they ; $message .= have not done so already, a vital security patch\n; $message .= How Big Is The Problem? On July 19, the Code Red worm infected more ; $message .= than 250,000 systems in just
RE: [PHP] new one is it ??
DOH! Thanks for the heads-up, David. Here's the code I promised. My apologies! Bill ---8---8---8---8---8---8---8- ? /* Code red autoresponder does the following: - Checks the whois for the attacking host - Emails the offender's Internet Service Provider, supplying hostname, target and date - Stores the attack into a file with information if email has been sent or: - Stores the attack into /var/log/syslog In order for this script to function, you need the following: - Add .ida to AddType application/x-httpd-php in httpd.conf - A writable directory for the user running the webserver or: - A file called code-red_ips.txt in your $path which has mode 770 bad2da / Efnet #php # 08/13/2001 jwwf ([EMAIL PROTECTED]) Substantially modified to examine all the root authorities, not just RIPE. Authorities can be added or removed at liberty by changing the $Authorities array. */ /* Configuration */ $name = admin; $from = you@yourmailbox; $DefaultSendTo = you@youradminmailbox; $path = /lib/www/html; $logt = syslog; // file or syslog // jwwf Patch to use all available authorities until we find this guy. There // are more than just these three, and APNIC may automatically refer. $Authorities = array( 'whois.arin.net', 'whois.ripe.net', 'whois.apnic.net' ); /* Define Variables */ $date = date(r); /* Is the client behind a proxy? */ if($HTTP_X_FORWARDED_FOR) { $ip = $HTTP_X_FORWARDED_FOR; } elseif($HTTP_VIA) { $ip = $HTTP_VIA; } elseif($REMOTE_ADDR) { $ip = $REMOTE_ADDR; } else { die(); } $host = gethostbyaddr($ip); /* Define email message */ // jwwf refine spelling *just* a bit. $subject = Code Red Infection Attempt from $ip to $HTTP_HOST; $message = At $date we received an Code Red Infection attempt on our $host from a webserver on your network, namely, ; $message .= $ip. We would like to help you out and in preventing hosts from your network from ; $message .= infecting any more hosts on the internet and in putting a stop to the worm\n\n\n; $message .= Information about the Code Red Virus Worm\n\n; $message .= A Very Real and Present Threat to the Internet:\n\n; $message .= Install the patch today\n\n; $message .= Summary: The Code Red Worm and mutations of the worm pose a continued ; $message .= and serious threat to Internet users. Immediate action is required to ; $message .= combat this threat. Users who have deployed software that is vulnerable ; $message .= to the worm (Microsoft IIS Versions 4.0 and 5.0) must install, if they ; $message .= have not done so already, a vital security patch\n\n; $message .= How Big Is The Problem? On July 19, the Code Red worm infected more ; $message .= than 250,000 systems in just 9 hours. The worm scans the Internet, ; $message .= identifies vulnerable systems, and infects these systems by installing ; $message .= itself. Each newly installed worm joins all the others causing the rate ; $message .= of scanning to grow rapidly. This uncontrolled growth in scanning directly ; $message .= decreases the speed of the Internet and can cause sporadic but widespread ; $message .= outages among all types of systems. Code Red is likely to start spreading ; $message .= again on July 31st, 2001 8:00 PM EDT and has mutated so that it may be even ; $message .= more dangerous. This spread has the potential to disrupt business and ; $message .= personal use of the Internet for applications such as electronic commerce, ; $message .= email and entertainment.\n\n; $message .= Who Must Act? Every organization or person who has Windows NT or Windows ; $message .= 2000 systems AND the IIS web server software may be vulnerable. IIS is ; $message .= installed automatically for many applications. If you are not certain, ; $message .= follow the instructions to determine whether you are running IIS 4.0 or ; $message .= 5.0. If you are using Windows 95, Windows 98, Windows Me, Windows XP ; $message .= RC1 or later, or Windows .NET Server build 3505 or later, there is no ; $message .= action that you need to take in response to this alert.\n\n; $message .= What To Do If You Are Vulnerable?\n\n; $message .= a. To rid your machine of the current worm, reboot your computer.\n; $message .= b. To protect your system from re-infection: Install the patch ; $message .= as specified in the instructions.\n\n; $message .= The security bulletin that describes the patch and the vulnerability ; $message .= it addresses is posted at: ; $message .= http://www.microsoft.com/technet/security/bulletin/MS01-033.asp\n\n;; $message .= Because of the importance of this threat, ; $message .= this alert is
RE: [PHP] new one is it ??
Title: RE: [PHP] new one is it ?? Hiya again, Erik: Here's the barely-tested but apparently functional Code Red detector. I added some variables at the top for configuring email destinations. The important change is that it will query ARIN, RIPE, and APNIC until it finds a reasonable answer. In the case of ARIN, it's necessary to query twice to get the email address you REALLY want, due to the number of Tier II providers in the States. Those don't always show up in the WHOIS. That caused me to do a bit more looping and fiddling until the answers came out the way I would expect if I were looking by eye. It may be a bit late for Code Red, but the part of the routine that does the authority-queries is re-usable all over the place. The code ain't pretty (I'm no PHP maven YET :-) but it appears to do the job. Enjoy! Bill -Original Message- From: Erik H. Mathy [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 14, 2001 3:43 PM To: Bill Farrell Subject: RE: [PHP] new one is it ?? No worries. I'm not going to get all worked up when something that's free takes a bit longer than expected! :) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 14, 2001 2:45 PM To: [EMAIL PROTECTED] Subject: RE: [PHP] new one is it ?? Hey! Just wanted to let ya know that I didn't get time to work on it last night, but have been playing with it through the day. I should finish the thing tonight and test it. I hadn't forgot ya! Regards, B -Original Message- From: Erik H. Mathy [mailto:[EMAIL PROTECTED]] Sent: Monday, August 13, 2001 1:44 PM To: Bill Farrell Subject: RE: [PHP] new one is it ?? You da man! You da man! Or, in other words, that's awesome and, um, I'll take a copy when you're done. ;) - Erik -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, August 13, 2001 12:44 PM To: [EMAIL PROTECTED] Subject: RE: [PHP] new one is it ?? Way cool... with a bit of work, one could query ARIN, RIPE, and APNIC until an answer was received (that's what I'm modifying it to do) else die. With the timeout set to forever, what would we care if it takes a few extra seconds to go spy-out a potential (would-be-if-we-were-running-IIS)intruder. The author made a really nifty framework and left it pretty easy to modify. I already swiped a copy (thanks, Mark!!) and am having a ball adding my own bends to it. Tim, the part that does the WHOIS query is only querying RIPE. I'm modifying mine to loop through a known set of authorities (right now, the three I mentioned above) and to set a flag ($IGotIt or something I can test afterward with if ( $IGotIt ) { yaddayadda }), and to quit looking when it gets a reasonable answer. If I get it working before anyone else (doubtful, I'm still a bit slow with PHP and I'm also at work), I'd be more than happy to share. CY'all, Bill -Original Message- From: Tim [mailto:[EMAIL PROTECTED]] Sent: Monday, August 13, 2001 1:16 PM To: Mark Roedel Cc: Mark Lo; php general Subject: RE: [PHP] new one is it ?? That's pretty cool. Alas, the 'whois' part of the code doesn't work properly (at least on my system). - Tim On 13 Aug 2001 10:21:45 -0500, Mark Roedel wrote: I rather liked this approach that I saw posted in another list: http://www.klippan.seths.se/default.phps (Does some hostname/whois lookups on the infected server and attempts to email some people who might be able to do something about it.) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] PHP and Perl script in same file?
Not any convenient or secure way I've yet found. But I do have PHP pages that slip out and exec() a Perl script to grab specific results that I need. Anyone else? B -Original Message- From: Tom Beidler [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 16, 2001 4:46 PM To: php list Subject: [PHP] PHP and Perl script in same file? Can php and perl code reside in the same file? When the document is served up it parses the PHP and then the Perl? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] new one is it ??
Way cool... with a bit of work, one could query ARIN, RIPE, and APNIC until an answer was received (that's what I'm modifying it to do) else die. With the timeout set to forever, what would we care if it takes a few extra seconds to go spy-out a potential (would-be-if-we-were-running-IIS)intruder. The author made a really nifty framework and left it pretty easy to modify. I already swiped a copy (thanks, Mark!!) and am having a ball adding my own bends to it. Tim, the part that does the WHOIS query is only querying RIPE. I'm modifying mine to loop through a known set of authorities (right now, the three I mentioned above) and to set a flag ($IGotIt or something I can test afterward with if ( $IGotIt ) { yaddayadda }), and to quit looking when it gets a reasonable answer. If I get it working before anyone else (doubtful, I'm still a bit slow with PHP and I'm also at work), I'd be more than happy to share. CY'all, Bill -Original Message- From: Tim [mailto:[EMAIL PROTECTED]] Sent: Monday, August 13, 2001 1:16 PM To: Mark Roedel Cc: Mark Lo; php general Subject: RE: [PHP] new one is it ?? That's pretty cool. Alas, the 'whois' part of the code doesn't work properly (at least on my system). - Tim On 13 Aug 2001 10:21:45 -0500, Mark Roedel wrote: I rather liked this approach that I saw posted in another list: http://www.klippan.seths.se/default.phps (Does some hostname/whois lookups on the infected server and attempts to email some people who might be able to do something about it.) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] Re: PHP in corporate settings?
Bjorn and Julio, you've got it right. I've now a contract with Volvo Aero Services for web design and multivalue database support. Ever since Volvo bought AGES, it's been a huge technological step backwards from Linux and PHP to M$ and ASP. The big companies DON'T CARE that M$ puts out a security-hole-ridden, barely documented, admin-intensive product. And of course, management don't care--they don't have to deal with the day-to-day grind of trying to keep Win and its attendant components up and going. In my own business I've seen how the use of open-source, solid, proudly-written-and-supported software takes great amounts of time away from administrative busy-work and gives it back in the form of more time to develop new products and sales. It's a very simple equation, actually. As a super-small businessman, anything (like Apache and PHP) that puts time and money back on MY side of the tally-board is a Good Thing. I call the sort of problem we're discussing the In-Flight Syndrome. You know, where a Big Corporate Executive goes on a junket somewhere and sees a glossy ad in a glossy in-flight magazine and arrives back at the home office to insist that current baby-and-bathwater be thrown out in favour of something glossy but wholly inappropriate. Or, If I haven't seen in in a glossy magazine, it isn't what the Joneses are doing, therefore neither will we. In VAS's situation, it's SAP. Now, mind you, SAP has no component that even remotely deals with the way aircraft parts brokerages actually do business. There's no module for FAA repairs, no way to deal with special consignment deals, and worst, no way to deal with the all-important documentation. In this business, no documentation equals no sale. Would YOU get on an aircraft if you suspected that undocumented parts were on it? I think not and I wouldn't get on it either. Airlines simply won't buy from brokers who cannot prove the authenticity and condition of life-limited parts. But that hasn't stopped Volvo in the least. Obviously, corporate Powers That Be in Sweden are conveniently immune to such things as the law (Thou shalt document well all thy parts back to birth). The corporate philosophy is If it runs on Windows, then it's Good Thing and We Must Use It, however inappropriate. Face it: most large businesses have more dollars than sense. This sort of problem isn't limited to PHP, Apache, or Open Source products in general. Plain, honest horse-sense is what's missing. I see it happening at VAS and I see it happening it a lot of other large companies. If the people in charge of IT took a good look at what's available and appropriate, there would be a lot more money made and a lot more happy technicians. Happy technician will also probably be loyal and productive. My prediction is that those of us who embrace Open Source and place such products in our businesses to limit downtime and administrative burdens will be the most profitable in the upcoming years. Conversely, those like Volvo Aero, who insist on throwing good money after bad, will likely be out of business soon. The Cult of Microsoft is still strong in upper management, simply because they don't know (and are unwilling to countenance) any better. That's what I call a self-correcting problem :-) Respectfully to all, Bill -Original Message- From: Bjorn Van Simaeys [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 08, 2001 6:15 PM To: [EMAIL PROTECTED] Subject: Re: [PHP] Re: PHP in corporate settings? That's right. I have been working for a large computer company (2800 people), and my project manager had never even heard about PHP and such. Bjorn Van Simaeys --- Inércia Sensorial [EMAIL PROTECTED] wrote: I don't think the problem is the open source nature. Corporate people usually do not see flaws on it. But they do not see the advantages too because there is little advertising. -- Julio Nobrega. 2B||!BB - That's the question. Jeff Lewis [EMAIL PROTECTED] wrote in message 00dd01c1203b$60d62210$76a1a8c0@LEWISJCIT">news:00dd01c1203b$60d62210$76a1a8c0@LEWISJCIT... I still rarely ever see PHP mentioned in job listings and the like. Especially here in Canada I find it very hard to find any kinds of contacts for companies using PHP. My previous employer that I was with for 3+ years insisted on Micro$oft products and wanted to go with ASP. My current employer, a HUGE media/newspaper in Ontario goes with strictly Java. Is it that people still are hesitant to go wth open source based technology? Jeff Lewis -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] __ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ -- PHP General
RE: [PHP] subroutines?
Hi again, As a new PHP convert, I ran into this same problem (below) yesterday while designing a form. ASP programmers (if they're THINKING) will use subs to keep if blocks tidy. In ASP, I'd use something like: If Request.ServerVariables( REQUEST_METHOD ) = GET Then DisplayForm Else SendFormData End If which at first I replaced with: if ( getenv( REQUEST_METHOD ) == GET ) { display_form(); } else { send_email(); } ...making functions out of what used to be subroutines. All well-and-good, except my global variables disappeared and nothing I could do (even declaring the few important ones explicitly global) seemed to allow me to get at the variable contents. I wound up compromising by sending just the bits I needed in the function INTO the function like so: $MyURI = $SCRIPT_NAME; $TheFormVars = $HTTP_POST_VARS; if ( getenv( REQUEST_METHOD ) == GET ) { display_form( $MyURI ); } else { send_email( $TheFormVars, $ThisWebServerFQDN ); } Seems a bit tacky at first, but it works (properly!) and that's all that counts. I can do much more with PHP functions just as they are than I ever could with ASP; moreover, I have much more secure control of what gets exposed where. To me, a beautiful compromise since at no point is there ever an actual email address exposed to the outside world. My Support Topic selection box contains arbitrary codes that allow me to generate the appropriate email address on the fly. Hope my experience will be helpful to other noobies making the Big Transition. Best regards, Bill -Original Message- From: Christian Reiniger [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 09, 2001 8:21 AM To: CGI GUY; [EMAIL PROTECTED] Subject: Re: [PHP] subroutines? On Wednesday 08 August 2001 01:37, CGI GUY wrote: How does PHP compensate for an apparent lack of traditional subroutines (as with Perl, etc.)? It seems like I'm going to have to script separate pages for ea. set of processes in my search (i.e., print FORM, print results for SEARCH, print DETAILS, etc.). Please tell me I'm mistaken! http://www.php.net/manual/en/functions.php http://www.php.net/manual/en/function.require-once.php http://www.php.net/manual/en/control-structures.switch.php http://www.php.net/manual/en/language.oop.php -- Christian Reiniger LGDC Webmaster (http://lgdc.sunsite.dk/) World domination. Fast. (Linus Torvalds about Linux) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] rename problem...
Hi Martin, Question: who actually OWNS the document? Does it have your logname and group? If you're trying to do a rename from the server, remember that the server generally runs as apache or nobody... and to coin a phrase, nobody owns nothing. If you're trying to manipulate files in your own home directory (or http_docs or whatever suffices as your servable area), you have just about two choices. Either make the documents you're working with owned by nobody (not really a good idea) or make a virtual web server in Apache that has the appropriate User and Group directives to make that virtual server run as you on your behalf. About 5 minutes of httpd.conf configuration and a quick DNS trick. We've all tripped-up on this one at one time or another. It's not much setup either way, but whatever you do, make sure that YOUR security and the security of your server come before all other considerations. Best regards, Bill -Original Message- From: Martin [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 09, 2001 7:20 AM To: [EMAIL PROTECTED] Subject: [PHP] rename problem... Hi! When i'm trying to run this script: ? rename(document.htm, testing.htm); ? I get this error: Warning: Rename failed (Permission denied) in C:\Inetpub\WEBS\mysko\uploads\rename.php on line 4 The directoy has change permissions. What am i donig wrong...? /martin -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] Return Adress
Hey, there... I ran into this yesterday along with learning a heap more PHP. Adding a Reply-To: [EMAIL PROTECTED] header seemed to work fine. Hope this helps, Bill -Original Message- From: Jean-Arthur Silve [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 09, 2001 5:23 AM To: [EMAIL PROTECTED] Subject: [PHP] Return Adress Hi ! I ve got a problem with the mail function : My http server (Apache) is running as user web and php is compiled as a module. When I send a mail with the mail function and, for example, the recipient does not exists, the return message is sent to [EMAIL PROTECTED] I would like the error messages are sent to another email adress. I tried with the mail header Return-path: [EMAIL PROTECTED] but the error messages keep going to [EMAIL PROTECTED] My code is : $head=From: .$EMAILADMIN.\nReturn-Path: [EMAIL PROTECTED]\n; mail($to,$sub,$msg,$head); Is there a way to force the error messages to go to another email adress ? Another header ? If it's sendmail that change the return address, is there a way to prevent this ? Thanks ! jean-arthur --- EuroVox 4, place Félix Eboue 75583 Paris Cedex 12 Tel : 01 44 67 05 05 Fax : 01 44 67 05 19 Web : http://www.eurovox.fr -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] RedHat 7.1
Hey, Scott: I'm running RH7.1 myself. PHP sort-of came out the box when I installed the default server installation, as an Apache module. All's I had to do was make a PHP page (a timid echo 'hello';), throw it in the right directory, and *poof* it served. Astonished me, too. Seems as if when you install Apache from RH7.1, you get PHP as a module. Someone please correct me if this is a misunderstanding. But if you look, the httpd.conf for RH7.1 has index.php as one of its default index documents. Best regards, Bill -Original Message- From: Scott Pathel [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 09, 2001 1:31 PM To: [EMAIL PROTECTED] Subject: [PHP] RedHat 7.1 Hello, I'm running RedHat 7.1 and have installed PHP 4 from the RedHat installation disk. It is a normal RPM file for the PHP install (prebuilt). PHP does not seem to work. Looking at the INSTALL file as if I were to build PHP from scratch it mentions some shared libraries that are not to be found. Any Ideas? Thanks for any help Scott -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] Find and Replace
It's also possible (if you're allowed to change the httpd.conf file) to put in a filesmatch directive, something like FilesMatch \.(htaccess|inc|log)$ Order deny,allow Deny from all /FilesMatch Then no-one can directly access files with those extensions. You can still include them (that doesn't require a separate fetch). That would eliminate the need to go changing a bunch of files if you don't absolutely have to. Me, I'll always opt for the easiest way out (chickeeen!) Regards, Bill -Original Message- From: Matt Kaufman [mailto:[EMAIL PROTECTED]] Sent: Monday, July 30, 2001 6:01 PM To: [EMAIL PROTECTED] Subject: Re: [PHP] Find and Replace Oh, vi has a find and replace feature if you want to do it through the terminal. Matt Kaufman - Original Message - From: Shrout, Ryan [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, July 30, 2001 12:06 PM Subject: [PHP] Find and Replace This isn't exactly PHP I need help with, but it relates to what I learned about security. Up until now, I have been using *.inc extensions for my include files. Well, I didn't realize until recently that anyone can view these files. So, I want to rename them to *.inc.php. BUT, in almost all of my PHP pages, there are links to : include ('mydir/myfile.inc'); Can someone tell me how to do a recursive find and replace to look for /myfile.inc and replace it with myfile.inc.php? I am running Red Hat 7.1 Thanks! Ryan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] ODBC for UniVerse Database
So I'm _not_ the only one still running UV :-))) Do you have the UV PDF's handy? There's a section on setting up the ODBC. If you don't have it, I'll mail you a copy. UV's ODBC works reasonably well, except that it takes a seat every time you instantiate a connect. Perhaps a better way of going about it is to use Vantage Point's MVServer. Larry Wilcox, the author of the MVServer, is working on a Linux version currently. Dunno when he'll have it ready. In the meantime, if I can help out, let me know. There are a few little setups involved, such as making sure that the (x)inetd service EXEC is allowed to run. You might want to lock that down pretty tightly (ie, using the only_from directive in the xinetd.d setup file) since it possibly could present a pretty large hole in security. I'd be glad to assist. Regard, Bill -Original Message- From: Justin Farnsworth [mailto:[EMAIL PROTECTED]] Sent: Monday, July 30, 2001 2:54 PM To: Php-General@Lists. Php. Net Subject: [PHP] ODBC for UniVerse Database Anybody on this list: 1. Have experience with ODBC for Universe 2. Know where there is a driver available You may reply privately if you think it is not of interest to this group _jef -- Justin Farnsworth Eye Integrated Communications 321 South Evans - Suite 203 Greenville, NC 27858 | Tel: (252) 353-0722 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] ODBC for UniVerse Database
WHUPS! Guess I should have asked if you were running UV on *nix or NT... it makes a difference. It's dead-easy on NT; merely tedious to set up on *nix... B -Original Message- From: Bill Farrell Sent: Monday, July 30, 2001 3:19 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: [PHP] ODBC for UniVerse Database So I'm _not_ the only one still running UV :-))) Do you have the UV PDF's handy? There's a section on setting up the ODBC. If you don't have it, I'll mail you a copy. UV's ODBC works reasonably well, except that it takes a seat every time you instantiate a connect. Perhaps a better way of going about it is to use Vantage Point's MVServer. Larry Wilcox, the author of the MVServer, is working on a Linux version currently. Dunno when he'll have it ready. In the meantime, if I can help out, let me know. There are a few little setups involved, such as making sure that the (x)inetd service EXEC is allowed to run. You might want to lock that down pretty tightly (ie, using the only_from directive in the xinetd.d setup file) since it possibly could present a pretty large hole in security. I'd be glad to assist. Regard, Bill -Original Message- From: Justin Farnsworth [mailto:[EMAIL PROTECTED]] Sent: Monday, July 30, 2001 2:54 PM To: Php-General@Lists. Php. Net Subject: [PHP] ODBC for UniVerse Database Anybody on this list: 1. Have experience with ODBC for Universe 2. Know where there is a driver available You may reply privately if you think it is not of interest to this group _jef -- Justin Farnsworth Eye Integrated Communications 321 South Evans - Suite 203 Greenville, NC 27858 | Tel: (252) 353-0722 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] PHP Execution Functions
Hello all, I'm discovering the joys of PHP as supplied by RH on their 7.1 release. Actually, everything about it is SO much nicer than ASP or pure Perl. (Not to take anything away from either--PHP's just a LOT easier to get hold of!) I'm running PHP as an Apache module (default RedHat installation) but I did turn Safe Mode on. None of the execution functions work at all, though. The Safe Mode directory is set to /usr/local/bin and the script I want to run is (also) in that directory. No matter how I approach it, the system() or passthru() functions apparently execute nothing and return nothing. Not even an error message or warning of any kind. (Backticks give a decidedly pointed message in Safe Mode, though: No can do as I would expect). How DO I step out of a PHP page and execute a script or command? And would that method be safe to give to regular users? There is no mention in the manual (to which I constantly refer) nor in any place on the php.net site to tell me how this should REALLY work. Any advice would be appreciated. This is the last stumbling block to converting my web-portal 100% to PHP. Best regards, Bill