| Author |
Message |
montego
Site Admin
Joined: Aug 29, 2004
Posts: 9457
Location: Arizona
|
 Posted:
Sun Jun 11, 2006 8:49 am |
|
|
 
|
|
gregexp
The Mouse Is Extension Of Arm
Joined: Feb 21, 2006
Posts: 1497
Location: In front of a screen....HELP! lol
|
| Posted:
Sun Jun 11, 2006 10:29 am |
|
Plz do me a favor and make sure u have a code_bg.jpg in ur image directory..this will generate a block with an X in it if its not there. |
_________________
For those who stand shall NEVER fall and those who fall shall RISE once more!! |
|
  
  |
|
posword
Hangin' Around
Joined: May 21, 2006
Posts: 38
Location: Adelaide, Australia
|
| Posted:
Sun Jun 11, 2006 6:44 pm |
|
Well, the plot thickens, as they say in the movies. I asked my hosting support whether they had CGI Auth or HTTP Auth and the reply was:
"Although http auth is available, you can't use it with the setup that we have for php. We don't have cgiauth installed so you can't use that either."
If that information is correct, then I'm out of options. I have replied in the strongest possible terms, and we'll see what happens next.
Guardian2003, yes I was able to get into the site by removing the NukeSentinel stuff in .htaccess, but in so doing I lost the security code check on admin.php and NS is not asking for password. So the only good news this morning is that Australia vs England Rugby match ended 34-3.
Cheers! |
_________________
C'mon Aussie, c'mon, c'mon! |
|
|
|
|
gregexp
|
| Posted:
Sun Jun 11, 2006 7:19 pm |
|
ohh boy..a more complete host...ravens just might have what ur lookin for. |
| |
|
|
|
|
montego
|
| Posted:
Sun Jun 11, 2006 9:03 pm |
|
| Quote: |
Although http auth is available, you can't use it with the setup that we have for php. We don't have cgiauth installed so you can't use that either
|
Well, I believe you are out of luck in terms of protection your admin with NukeSentinel. You must rely solely on the blockers then.
Yes, you need to different host! You get what you pay for it seems...  |
| |
|
|
|
|
posword
|
| Posted:
Sun Jun 11, 2006 9:22 pm |
|
Raven,
My host is running phpSUEXEC. "You can't run HTTPAuth on our servers. Because it won't let you write any data into .htaccess file."
This is an explanation of phpSUEXEC from a Google search...
"On most Apache servers, PHP runs as an Apache Module. As such, it runs directly in the user Nobody, but doesn’t require the execute flag. This means that in order to execute a PHP file, it simply needs to be world readable. The problem is that this allows every other users on the server to read your PHP files!
Allowing other users to read your HTML files is not a problem, since they can be displayed in Internet Explorer. However, PHP files are not readable, they are parsed. Many scripts use a PHP file to store a database username and password. This means that on another server every client could read your PHP files, retrieve your password and access your databases.
ISPs close this hole by installing an Apache module called PHPsuexec, which executes PHP scripts under your username. Instead of using everyone’s permissions it uses the owner’s permissions. Thus you can change the permissions of your PHP scripts to 0700 or 0400 and still read and execute them. However, these scripts will no longer be accessible to any other users—PHPsuexec will refuse to execute a script if it is world-writable to protect you from someone abusing one of your scripts. All servers will be running phpsuexec within the near future."
Another site says, "All php values should be commented out or removed from your .htaccess files and placed in a php.ini file. This can be achieved by creating a text file and naming it php.ini and copying all of your php_value_entries in it and then uploading the php.ini to avoid this issue. Placing a php.ini file in its place should solve this issue."
If this is the trend, then how can NukeSentinel get around it. I don't see any php_value_entries in NS .htaccess but it does need to write to it. I could write to it manually but they may be a pain. |
| |
|
|
|
|
montego
|
| Posted:
Sun Jun 11, 2006 9:39 pm |
|
I believe phpSUEXEC requires that PHP be run as a CGI instead of a DO, which for heavy traffic sites, can literally kill a server. It certainly limits the number of sites a service provider can run on one server too... |
| |
|
|
|
|
posword
|
| Posted:
Sun Jun 11, 2006 11:17 pm |
|
Yes, montego, PHP is being run as CGI on my hosts server.
I'm surprised that my search of Raven forums shows this topic as the only one about phpSUEXEC. Surely others have had this problem? |
| |
|
|
|
|
gregexp
|
| Posted:
Mon Jun 12, 2006 12:40 am |
|
| Quote: | | You probably wouldn't actually. Just FYI phpsuexec is now end of life and isn't being developed so you should look into suphp instead. |
came from:
[ Only registered users can see links on this board! Get registered or login! ]
not sure if its accurate as i cant seem to find a homepage on this. |
| |
|
|
|
|
posword
|
| Posted:
Sat Jul 01, 2006 11:10 pm |
|
Raven, or anyone,
Can I get a quote on getting this fixed on my production server (in its own directory for safety until the admin and security side is fixed)?
I've been hacked again, and using the same URL as the hackers at least Raven 7.6 full did not let me in. However I want it working properly.
Thanks,
Peter Wade |
| |
|
|
|
|
montego
|
| Posted:
Wed Jul 05, 2006 9:07 pm |
|
I'd PM him directly for a quote OR place this in the "For Hire" forum. It might be too "buried" in this thread to get noticed. |
| |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
