Page 4 of 4 FirstFirst 1234
Results 76 to 96 of 96
  1. #76
    Join Date
    May 2003
    Location
    Florida
    Posts
    902
    Remove the script and run the /scripts/eximup --force

  2. #77
    I'm sorry but how do I remove the script?

  3. #78
    Join Date
    May 2003
    Location
    Florida
    Posts
    902
    First - did you follow the instructions in the beginning of this thread where you moved the /usr/sbin/sendmail to /usr/sbin/sendmail.real? Is this a cpanel server?

    If the answer is YES, then you should be able to do:
    rm /usr/sbin/sendmail* and answer yes when asked to verify the delete.

    Then run the /scripts/eximup --force and it will reinstall the original sendmail script.

  4. #79
    Join Date
    Mar 2004
    Location
    New Delhi, India
    Posts
    17
    Hi!

    I have been trying to follow this thread and use the following version of the script on one of the servers.

    Code:
    #!/usr/bin/perl
    
    # use strict;
    use Env;
    my $date = `date`;
    chomp $date;
    
    foreach (@ARGV) {
    $arg="$arg" . " $_";
    }
    
    #$msg=\*STDIN;
    
    open (INFO, ">>/var/log/formmail.log") || die "Failed to open file ::$!";
    my $uid = $>;
    my @info = getpwuid($uid);
    if($REMOTE_ADDR) {
    print INFO "$date - $REMOTE_ADDR ran $SCRIPT_NAME at $SERVER_NAME \n";
    }
    else {
    
    print INFO "$date - $PWD $SCRIPT_NAME - @info\n";
    
    }
    my $mailprog = '/usr/sbin/sendmail.real';
    
    
    open (MAIL,"|$mailprog $arg") || die "cannot open $mailprog: $!\n";
    while (<STDIN> ) {
    print MAIL;
    print INFO;
    }
    close (INFO);
    close (MAIL);
    /usr/sbin/sendmail has sgid set. The file is chowned as root.mailtrap, same as original sendmail file.

    The formmail.log file is logging alright however the php scripts on the server aren't able to send any mails out.

    Any help on this will be appreciated.
    :: Anand ::

  5. #80
    Join Date
    Apr 2004
    Location
    Singapore
    Posts
    1,522
    Maybe this might help someone.

    http://choon.net/php-mail-header.php
    tanfwc

  6. #81
    Join Date
    Mar 2004
    Location
    New Delhi, India
    Posts
    17
    Quote Originally Posted by tanfwc
    Maybe this might help someone.

    http://choon.net/php-mail-header.php
    That looks nice. I still would like to get the script working (i.e. if someone got it working)
    :: Anand ::

  7. #82
    Join Date
    May 2003
    Location
    Florida
    Posts
    902
    Did you try root.root? Here is the script I have working on my server. It is almost identical.

    Code:
    #!/usr/local/bin/perl
    
    # use strict;
     use Env;
     my $date = `date`;
     chomp $date;
     open (INFO, ">>/var/log/formmail.log") || die "Failed to open file ::$!";
     my $uid = $>;
     my @info = getpwuid($uid);
     if($REMOTE_ADDR) {
             print INFO "$date - $REMOTE_ADDR ran $SCRIPT_NAME at $SERVER_NAME \n";
     }
     else {
    
            print INFO "$date - $PWD -  @info\n";
    
     }
     my $mailprog = '/usr/sbin/sendmail.real';
     foreach  (@ARGV) {
             $arg="$arg" . " $_";
     }
    
     open (MAIL,"|$mailprog $arg") || die "cannot open $mailprog: $!\n";
     while (<STDIN> ) {
             print MAIL;
     }
     close (INFO);
     close (MAIL);

  8. #83
    Join Date
    Apr 2006
    Location
    Jacksonville, FL
    Posts
    511
    If PHPSUEXEC is enabled on the machine, is something like this needed still?

  9. #84
    Join Date
    Nov 2004
    Location
    Australia
    Posts
    1,737
    xxkylex, as far as I know, no, since the email headers will identify the person and you can increase the exim logging level to get everything else. (assuming a cpanel server, which may be an incorrect assumption).

    Generally people persist with running PHP as nobody (ie non-phpsuexec) for a number of reasons:
    • they don't understand it
    • they need a huge amount of performance from the server (or think they do; phpsuexec only makes the server slower in very extreme cases)
    • they don't care
    • they think it will break user scripts (it won't, with a few strategic chowns beforehand)


    On a shared server, in my opinion, no-one in their right mind would not run PHPSUEXEC. The only case where it's not that useful is in the case where the server is under a huge amount of CPU pressure. In that situation, phpsuexec breaks zend optimiziser which would make the system slower.

  10. #85
    Join Date
    Mar 2004
    Location
    New Delhi, India
    Posts
    17

    Unhappy

    Quote Originally Posted by Dacsoft
    Did you try root.root? Here is the script I have working on my server. It is almost identical.

    Code:
    #!/usr/local/bin/perl
    
    # use strict;
     use Env;
     my $date = `date`;
     chomp $date;
     open (INFO, ">>/var/log/formmail.log") || die "Failed to open file ::$!";
     my $uid = $>;
     my @info = getpwuid($uid);
     if($REMOTE_ADDR) {
             print INFO "$date - $REMOTE_ADDR ran $SCRIPT_NAME at $SERVER_NAME \n";
     }
     else {
    
            print INFO "$date - $PWD -  @info\n";
    
     }
     my $mailprog = '/usr/sbin/sendmail.real';
     foreach  (@ARGV) {
             $arg="$arg" . " $_";
     }
    
     open (MAIL,"|$mailprog $arg") || die "cannot open $mailprog: $!\n";
     while (<STDIN> ) {
             print MAIL;
     }
     close (INFO);
     close (MAIL);
    Nope this one doesn't work either. I see the message recorded inside formmail.log however the mail never comes up in the exim logs.
    :: Anand ::

  11. #86
    Join Date
    May 2003
    Location
    Florida
    Posts
    902
    Quote Originally Posted by anand247sm
    Nope this one doesn't work either. I see the message recorded inside formmail.log however the mail never comes up in the exim logs.
    Anand.. did you try the root:root as owner?

    I had a similar problem in the past. Can't remember for sure, but I thought it was related to line return in my copied scripts. You might want to check that just in case.

  12. #87
    Join Date
    Mar 2004
    Location
    New Delhi, India
    Posts
    17
    Quote Originally Posted by Dacsoft
    Anand.. did you try the root:root as owner?

    I had a similar problem in the past. Can't remember for sure, but I thought it was related to line return in my copied scripts. You might want to check that just in case.
    Yes i tried root.root

    I already checked up the script line by line, however will do it again today.

    Thanks.
    :: Anand ::

  13. #88
    Join Date
    Aug 2004
    Posts
    53
    Try using exim instead of sendmail. it worked for me.
    change my $mailprog = '/usr/sbin/sendmail.real'; to my $mailprog = '/usr/sbin/exim';

    Hope it helps
    -----------------------------------
    Does your host Hosts or its hosted ?
    Host with alojamentonaweb.com
    -----------------------------------

  14. #89

    Now working

    I have this script working now and it seems to be logging things fine. Unfortunately though it found something suspicious within the first few minutes...here is the log entry:

    Thu Jul 20 11:05:01 CST 2006 - / - root $1$9iBa0dak$Jb15kYV5/xpRA3vJqBpWp0 0 0 root /root /bin/bash

    What the heck is that? I've ran both Rootkit Hunter and Chkrootkit and neither found any problems with being rooted. Any suggestions?

    Chad

  15. #90
    Quote Originally Posted by tanfwc View Post
    Maybe this might help someone.
    This helped me a lot. And the last update was only a month old. It has example and everything. Good one! THX!

  16. #91
    Join Date
    Apr 2004
    Location
    Singapore
    Posts
    1,522
    Ya, as long as there is new version release from PHP, choon will patch it as fast as possible.
    tanfwc

  17. #92
    Join Date
    Sep 2002
    Location
    Top Secret
    Posts
    14,135
    they think it will break user scripts (it won't, with a few strategic chowns beforehand)
    It's always funny to see misinformation spread like this.
    phpsuexec WILL break user scripts if

    A> The user has php values in .htaccess (fixable, but it requires rewriting the website, designing a custom php.ini or something of the like, which few people will do).

    B> The user uses SYMLINKS in their website. Symlinks are broken by phpsuexec (and, presumably suphp, though this has not been confirmed)

    On a shared server, in my opinion, no-one in their right mind would not run PHPSUEXEC.
    And that's YOUR mind and your opinion, which is wrong.
    Security isn't about DISABLING applications or making more work for customers, it's about providing secured environments which your customers can operate in where they don't HAVE to rewrite code, or redesign a website.

    There are plenty of better ways to secure php than using phpsuexec, less intrusive, less problematic and less pain.

    Now, this doesn't answer the question here, of "how to find nobody spammers". Phpsuexec will do VERY little to do this. Instead, php mail patches will.
    One already mentioned is choon's mail patch.
    Another website with two that I've found is here.

    The difference between the two? The second is recommended simply because it doesn't just IDENTIFY mail scripts which may be invalid, it STOPS implicit senders dead in the tracks. There are two patches to the second one and both work excellently on php4 and php5 (latest versions).
    Tom Whiting, WHMCS Guru extraordinaire
    Linux problems? WHMCS Problems? Give me a shout
    Check out my WHMCS Addons

  18. #93
    Join Date
    Dec 2003
    Posts
    46
    Hi guys!

    This script is useful but I need to get the complete address of the directory.

    For example, I get this:
    Fri Aug 22 16:13:08 EDT 2008 - /var/www/vhosts/recyclagehockey.com/httpdocs/mambo - apache x 48 48 Apache /var/www /sbin/nologin

    But I need to get which directory under .../httpdocs/mambo cause there is a lot.

    Is there a way to modify it to include full path ?

    Thanks
    Maxime

  19. #94
    Join Date
    Sep 2002
    Location
    Top Secret
    Posts
    14,135
    Quote Originally Posted by Slingky View Post

    Is there a way to modify it to include full path ?

    Thanks
    Maxime
    Use the patches I listed in the last post, they will tell you specifically (in the headers) what script called things.
    Tom Whiting, WHMCS Guru extraordinaire
    Linux problems? WHMCS Problems? Give me a shout
    Check out my WHMCS Addons

  20. #95
    Join Date
    Dec 2003
    Posts
    46
    Quote Originally Posted by linux-tech View Post
    Use the patches I listed in the last post, they will tell you specifically (in the headers) what script called things.
    Hi linux-tech,

    Thanks for the link.

    But it seems to me that I would have to download php5 sources cause when I try the following:

    "patch -p1 < php5-mail-header.patch"

    I get:

    can't find file to patch at input line 4
    Perhaps you used the wrong -p or --strip option?
    The text leading up to this was:
    --------------------------
    |diff -r -u php-5.2.3.orig/ext/standard/mail.c php-5.2.3.mod2/ext/standard/mail.c
    |--- php-5.2.3.orig/ext/standard/mail.c 2007-03-30 01:28:58.000000000 +0100
    |+++ php-5.2.3/ext/standard/mail.c 2007-06-25 10:59:59.955165984 +0100
    --------------------------
    File to patch:


    I use Fedora Core 4 and Plesk 8.
    I don't want to scrap my php5 installation.

    Could you help me?

  21. #96
    Nice work and very useful. Thank you

Page 4 of 4 FirstFirst 1234

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •