Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> Raven's RavenNuke(tm) v2.02.02 Distro
Author Message
montego
Site Admin


Joined: Aug 29, 2004
Posts: 9449
Location: Arizona

PostPosted: Sun Jun 11, 2006 8:49 am Reply with quote

posword, again, don't know what to tell you about GD. It is working on hundreds of installations of RN76. Had you edited any of the files prior to uploading? If so, hopefully you used a "real" text editor rather than notepad or word.

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
gregexp
The Mouse Is Extension Of Arm


Joined: Feb 21, 2006
Posts: 1497
Location: In front of a screen....HELP! lol

PostPosted: Sun Jun 11, 2006 10:29 am Reply with quote

Plz do me a favor and make sure u have a code_bg.jpg in ur image directory..this will generate a block with an X in it if its not there.

_________________
For those who stand shall NEVER fall and those who fall shall RISE once more!! 
View user's profile Send private message Send e-mail Visit poster's website AIM Address Yahoo Messenger MSN Messenger ICQ Number
posword
Hangin' Around


Joined: May 21, 2006
Posts: 38
Location: Adelaide, Australia

PostPosted: Sun Jun 11, 2006 6:44 pm Reply with quote

Well, the plot thickens, as they say in the movies. I asked my hosting support whether they had CGI Auth or HTTP Auth and the reply was:
"Although http auth is available, you can't use it with the setup that we have for php. We don't have cgiauth installed so you can't use that either."

If that information is correct, then I'm out of options. I have replied in the strongest possible terms, and we'll see what happens next.

Guardian2003, yes I was able to get into the site by removing the NukeSentinel stuff in .htaccess, but in so doing I lost the security code check on admin.php and NS is not asking for password. So the only good news this morning is that Australia vs England Rugby match ended 34-3.

Cheers!

_________________
C'mon Aussie, c'mon, c'mon! 
View user's profile Send private message
gregexp
PostPosted: Sun Jun 11, 2006 7:19 pm Reply with quote

ohh boy..a more complete host...ravens just might have what ur lookin for.
 
montego
PostPosted: Sun Jun 11, 2006 9:03 pm Reply with quote

Quote:

Although http auth is available, you can't use it with the setup that we have for php. We don't have cgiauth installed so you can't use that either


Well, I believe you are out of luck in terms of protection your admin with NukeSentinel. You must rely solely on the blockers then.

Yes, you need to different host! You get what you pay for it seems... Sad
 
posword
PostPosted: Sun Jun 11, 2006 9:22 pm Reply with quote

Raven,
My host is running phpSUEXEC. "You can't run HTTPAuth on our servers. Because it won't let you write any data into .htaccess file."

This is an explanation of phpSUEXEC from a Google search...

"On most Apache servers, PHP runs as an Apache Module. As such, it runs directly in the user Nobody, but doesn’t require the execute flag. This means that in order to execute a PHP file, it simply needs to be world readable. The problem is that this allows every other users on the server to read your PHP files!

Allowing other users to read your HTML files is not a problem, since they can be displayed in Internet Explorer. However, PHP files are not readable, they are parsed. Many scripts use a PHP file to store a database username and password. This means that on another server every client could read your PHP files, retrieve your password and access your databases.

ISPs close this hole by installing an Apache module called PHPsuexec, which executes PHP scripts under your username. Instead of using everyone’s permissions it uses the owner’s permissions. Thus you can change the permissions of your PHP scripts to 0700 or 0400 and still read and execute them. However, these scripts will no longer be accessible to any other users—PHPsuexec will refuse to execute a script if it is world-writable to protect you from someone abusing one of your scripts. All servers will be running phpsuexec within the near future."

Another site says, "All php values should be commented out or removed from your .htaccess files and placed in a php.ini file. This can be achieved by creating a text file and naming it php.ini and copying all of your php_value_entries in it and then uploading the php.ini to avoid this issue. Placing a php.ini file in its place should solve this issue."

If this is the trend, then how can NukeSentinel get around it. I don't see any php_value_entries in NS .htaccess but it does need to write to it. I could write to it manually but they may be a pain.
 
montego
PostPosted: Sun Jun 11, 2006 9:39 pm Reply with quote

I believe phpSUEXEC requires that PHP be run as a CGI instead of a DO, which for heavy traffic sites, can literally kill a server. It certainly limits the number of sites a service provider can run on one server too...
 
posword
PostPosted: Sun Jun 11, 2006 11:17 pm Reply with quote

Yes, montego, PHP is being run as CGI on my hosts server.

I'm surprised that my search of Raven forums shows this topic as the only one about phpSUEXEC. Surely others have had this problem?
 
gregexp
PostPosted: Mon Jun 12, 2006 12:40 am Reply with quote

Quote:
You probably wouldn't actually. Just FYI phpsuexec is now end of life and isn't being developed so you should look into suphp instead.


came from:
Only registered users can see links on this board! Get registered or login!

not sure if its accurate as i cant seem to find a homepage on this.
 
posword
PostPosted: Sat Jul 01, 2006 11:10 pm Reply with quote

Raven, or anyone,

Can I get a quote on getting this fixed on my production server (in its own directory for safety until the admin and security side is fixed)?

I've been hacked again, and using the same URL as the hackers at least Raven 7.6 full did not let me in. However I want it working properly.

Thanks,
Peter Wade
 
montego
PostPosted: Wed Jul 05, 2006 9:07 pm Reply with quote

I'd PM him directly for a quote OR place this in the "For Hire" forum. It might be too "buried" in this thread to get noticed.
 
Display posts from previous:       
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> Raven's RavenNuke(tm) v2.02.02 Distro

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©