Results 76 to 96 of 96
-
06-15-2006, 09:43 PM #76Web Hosting Master
- Join Date
- May 2003
- Location
- Florida
- Posts
- 902
Remove the script and run the /scripts/eximup --force
-
06-15-2006, 10:18 PM #77Disabled
- Join Date
- Jan 2006
- Posts
- 919
I'm sorry but how do I remove the script?
-
06-15-2006, 10:26 PM #78Web Hosting Master
- Join Date
- May 2003
- Location
- Florida
- Posts
- 902
First - did you follow the instructions in the beginning of this thread where you moved the /usr/sbin/sendmail to /usr/sbin/sendmail.real? Is this a cpanel server?
If the answer is YES, then you should be able to do:
rm /usr/sbin/sendmail* and answer yes when asked to verify the delete.
Then run the /scripts/eximup --force and it will reinstall the original sendmail script.
-
06-17-2006, 02:48 AM #79Newbie
- Join Date
- Mar 2004
- Location
- New Delhi, India
- Posts
- 17
Hi!
I have been trying to follow this thread and use the following version of the script on one of the servers.
Code:#!/usr/bin/perl # use strict; use Env; my $date = `date`; chomp $date; foreach (@ARGV) { $arg="$arg" . " $_"; } #$msg=\*STDIN; open (INFO, ">>/var/log/formmail.log") || die "Failed to open file ::$!"; my $uid = $>; my @info = getpwuid($uid); if($REMOTE_ADDR) { print INFO "$date - $REMOTE_ADDR ran $SCRIPT_NAME at $SERVER_NAME \n"; } else { print INFO "$date - $PWD $SCRIPT_NAME - @info\n"; } my $mailprog = '/usr/sbin/sendmail.real'; open (MAIL,"|$mailprog $arg") || die "cannot open $mailprog: $!\n"; while (<STDIN> ) { print MAIL; print INFO; } close (INFO); close (MAIL);
The formmail.log file is logging alright however the php scripts on the server aren't able to send any mails out.
Any help on this will be appreciated.:: Anand ::
-
06-17-2006, 05:43 AM #80Web Hosting Master
- Join Date
- Apr 2004
- Location
- Singapore
- Posts
- 1,522
Maybe this might help someone.
http://choon.net/php-mail-header.phptanfwc
-
06-17-2006, 07:49 AM #81Newbie
- Join Date
- Mar 2004
- Location
- New Delhi, India
- Posts
- 17
Originally Posted by tanfwc:: Anand ::
-
06-17-2006, 08:45 AM #82Web Hosting Master
- Join Date
- May 2003
- Location
- Florida
- Posts
- 902
Did you try root.root? Here is the script I have working on my server. It is almost identical.
Code:#!/usr/local/bin/perl # use strict; use Env; my $date = `date`; chomp $date; open (INFO, ">>/var/log/formmail.log") || die "Failed to open file ::$!"; my $uid = $>; my @info = getpwuid($uid); if($REMOTE_ADDR) { print INFO "$date - $REMOTE_ADDR ran $SCRIPT_NAME at $SERVER_NAME \n"; } else { print INFO "$date - $PWD - @info\n"; } my $mailprog = '/usr/sbin/sendmail.real'; foreach (@ARGV) { $arg="$arg" . " $_"; } open (MAIL,"|$mailprog $arg") || die "cannot open $mailprog: $!\n"; while (<STDIN> ) { print MAIL; } close (INFO); close (MAIL);
-
06-17-2006, 12:55 PM #83Web Hosting Evangelist
- Join Date
- Apr 2006
- Location
- Jacksonville, FL
- Posts
- 511
If PHPSUEXEC is enabled on the machine, is something like this needed still?
-
06-18-2006, 02:19 PM #84Web Hosting Master
- Join Date
- Nov 2004
- Location
- Australia
- Posts
- 1,737
xxkylex, as far as I know, no, since the email headers will identify the person and you can increase the exim logging level to get everything else. (assuming a cpanel server, which may be an incorrect assumption).
Generally people persist with running PHP as nobody (ie non-phpsuexec) for a number of reasons:- they don't understand it
- they need a huge amount of performance from the server (or think they do; phpsuexec only makes the server slower in very extreme cases)
- they don't care
- they think it will break user scripts (it won't, with a few strategic chowns beforehand)
On a shared server, in my opinion, no-one in their right mind would not run PHPSUEXEC. The only case where it's not that useful is in the case where the server is under a huge amount of CPU pressure. In that situation, phpsuexec breaks zend optimiziser which would make the system slower.
-
06-18-2006, 03:32 PM #85Newbie
- Join Date
- Mar 2004
- Location
- New Delhi, India
- Posts
- 17
Originally Posted by Dacsoft:: Anand ::
-
06-18-2006, 04:30 PM #86Web Hosting Master
- Join Date
- May 2003
- Location
- Florida
- Posts
- 902
Originally Posted by anand247sm
I had a similar problem in the past. Can't remember for sure, but I thought it was related to line return in my copied scripts. You might want to check that just in case.
-
06-20-2006, 04:00 AM #87Newbie
- Join Date
- Mar 2004
- Location
- New Delhi, India
- Posts
- 17
Originally Posted by Dacsoft
I already checked up the script line by line, however will do it again today.
Thanks.:: Anand ::
-
07-06-2006, 11:08 PM #88Junior Guru Wannabe
- Join Date
- Aug 2004
- Posts
- 53
Try using exim instead of sendmail. it worked for me.
change my $mailprog = '/usr/sbin/sendmail.real'; to my $mailprog = '/usr/sbin/exim';
Hope it helps-----------------------------------
Does your host Hosts or its hosted ?
Host with alojamentonaweb.com
-----------------------------------
-
07-20-2006, 02:01 PM #89New Member
- Join Date
- Dec 2002
- Posts
- 2
Now working
I have this script working now and it seems to be logging things fine. Unfortunately though it found something suspicious within the first few minutes...here is the log entry:
Thu Jul 20 11:05:01 CST 2006 - / - root $1$9iBa0dak$Jb15kYV5/xpRA3vJqBpWp0 0 0 root /root /bin/bash
What the heck is that? I've ran both Rootkit Hunter and Chkrootkit and neither found any problems with being rooted. Any suggestions?
Chad
-
04-23-2007, 10:47 AM #90New Member
- Join Date
- Apr 2007
- Posts
- 1
-
04-23-2007, 11:01 AM #91Web Hosting Master
- Join Date
- Apr 2004
- Location
- Singapore
- Posts
- 1,522
Ya, as long as there is new version release from PHP, choon will patch it as fast as possible.
tanfwc
-
04-25-2007, 05:24 AM #92they think it will break user scripts (it won't, with a few strategic chowns beforehand)
phpsuexec WILL break user scripts if
A> The user has php values in .htaccess (fixable, but it requires rewriting the website, designing a custom php.ini or something of the like, which few people will do).
B> The user uses SYMLINKS in their website. Symlinks are broken by phpsuexec (and, presumably suphp, though this has not been confirmed)
On a shared server, in my opinion, no-one in their right mind would not run PHPSUEXEC.
Security isn't about DISABLING applications or making more work for customers, it's about providing secured environments which your customers can operate in where they don't HAVE to rewrite code, or redesign a website.
There are plenty of better ways to secure php than using phpsuexec, less intrusive, less problematic and less pain.
Now, this doesn't answer the question here, of "how to find nobody spammers". Phpsuexec will do VERY little to do this. Instead, php mail patches will.
One already mentioned is choon's mail patch.
Another website with two that I've found is here.
The difference between the two? The second is recommended simply because it doesn't just IDENTIFY mail scripts which may be invalid, it STOPS implicit senders dead in the tracks. There are two patches to the second one and both work excellently on php4 and php5 (latest versions).Tom Whiting, WHMCS Guru extraordinaire
Linux problems? WHMCS Problems? Give me a shout
Check out my WHMCS Addons
-
08-23-2008, 08:58 AM #93Junior Guru Wannabe
- Join Date
- Dec 2003
- Posts
- 46
Hi guys!
This script is useful but I need to get the complete address of the directory.
For example, I get this:
Fri Aug 22 16:13:08 EDT 2008 - /var/www/vhosts/recyclagehockey.com/httpdocs/mambo - apache x 48 48 Apache /var/www /sbin/nologin
But I need to get which directory under .../httpdocs/mambo cause there is a lot.
Is there a way to modify it to include full path ?
Thanks
Maxime
-
08-23-2008, 09:15 AM #94Tom Whiting, WHMCS Guru extraordinaire
Linux problems? WHMCS Problems? Give me a shout
Check out my WHMCS Addons
-
09-26-2008, 03:42 PM #95Junior Guru Wannabe
- Join Date
- Dec 2003
- Posts
- 46
Hi linux-tech,
Thanks for the link.
But it seems to me that I would have to download php5 sources cause when I try the following:
"patch -p1 < php5-mail-header.patch"
I get:
can't find file to patch at input line 4
Perhaps you used the wrong -p or --strip option?
The text leading up to this was:
--------------------------
|diff -r -u php-5.2.3.orig/ext/standard/mail.c php-5.2.3.mod2/ext/standard/mail.c
|--- php-5.2.3.orig/ext/standard/mail.c 2007-03-30 01:28:58.000000000 +0100
|+++ php-5.2.3/ext/standard/mail.c 2007-06-25 10:59:59.955165984 +0100
--------------------------
File to patch:
I use Fedora Core 4 and Plesk 8.
I don't want to scrap my php5 installation.
Could you help me?
-
10-01-2008, 10:29 AM #96Disabled
- Join Date
- Sep 2008
- Posts
- 102
Nice work and very useful. Thank you