Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™
Author Message
Tao_Man
Involved
Involved


Joined: Jul 15, 2004
Posts: 252
Location: OKC, OK

PostPosted: Tue Aug 15, 2006 10:26 am Reply with quote

I run phpsuexec for the security, I have had no problems running nuke this way. You can not use HTTPAuth as you have to have php installed as cgi for phpsuexec to work.

The only downside to it that I have found is that on very busy servers it is a bit of a hit resorces, I have not noticed it but from what I have read it could cause problems if you get a lot of users on your system.

ps. you will still use .htaccess file even if you are using cgiauth, .htaccess controls many things in apache and can be used to make your site more secureby blocking ip address at the server level.

_________________
------------------------------------------
To strive, to seek, to find, but not to yield!
I don't know Kara-te but I do know cra-zy, and I WILL use it! 
View user's profile Send private message Visit poster's website
Taz
Worker
Worker


Joined: Dec 22, 2005
Posts: 158

PostPosted: Tue Aug 15, 2006 10:28 am Reply with quote

Well when I use the .htaccess file and try to access the site all I get are Internal Server 500 errors and cannot access my site at all.
 
View user's profile Send private message
gregexp
The Mouse Is Extension Of Arm


Joined: Feb 21, 2006
Posts: 1497
Location: In front of a screen....HELP! lol

PostPosted: Tue Aug 15, 2006 10:38 am Reply with quote

Please post the contents of the .htaccess file when you recieve his error.

_________________
For those who stand shall NEVER fall and those who fall shall RISE once more!! 
View user's profile Send private message Send e-mail Visit poster's website AIM Address Yahoo Messenger MSN Messenger ICQ Number
Taz
PostPosted: Tue Aug 15, 2006 1:05 pm Reply with quote

Before I post the .htaccess I'm going to read up on it and try to understand a little more. This is starting to take a lot of my time, so I have requested that this site be moved to a server not running phpsuexec security until I can dedicate more time for resolving any issues related to it.

I appreciate all the help that everyone has offered and unless my host refuses to move me I'll probably not have to solve this problem.
Thanks!
 
montego
Site Admin


Joined: Aug 29, 2004
Posts: 9456
Location: Arizona

PostPosted: Wed Aug 16, 2006 6:14 am Reply with quote

You will have to run it by your host. The 500 error ALWAYS points to a site configuration problem or something you are using in your .htaccess is not allowed. Try a blank .htaccess file first, just to see if its even allowed.

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
Taz
PostPosted: Wed Aug 16, 2006 7:14 am Reply with quote

I tried a blank .htaccess file, that seemed to be fine. I am using nuke-evolution on this site, so the .htaccess file was the default file for that cms package. There is quite a bit of stuff in it. And I don't really understand anything about the paramaters and things that go in this file so don't shoot me lol!

Code:


##########################################################################
# Nuke-Evolution Basic: Enhanced PHP-Nuke Web Portal System              #
##########################################################################

PHP_FLAG register_globals On
PHP_FLAG output_buffering On

Options All -Indexes
DirectoryIndex index.php index.html

# -------------------------------------------
# Lazy Google Tap
# -------------------------------------------
Options +FollowSymlinks
RewriteEngine on

RewriteRule ^Evo-(.*)_-_(.*)_-_(.*)_-_(.*)_-_(.*)_-_(.*)_-_(.*)_-_(.*)_-_(.*)\.html$ /modules.php?name=$1&$2=$3&$4=$5&$6=$7&$8=$9 [L]

RewriteRule ^Evo-(.*)_-_(.*)_-_(.*)_-_(.*)_-_(.*)_-_(.*)_-_(.*)\.html#(.*)$ /modules.php?name=$1&$2=$3&$4=$5&$6=$7#$8 [L]
RewriteRule ^Evo-(.*)_-_(.*)_-_(.*)_-_(.*)_-_(.*)_-_(.*)_-_(.*)\.html$ /modules.php?name=$1&$2=$3&$4=$5&$6=$7 [L]

RewriteRule ^Evo-(.*)_-_(.*)_-_(.*)_-_(.*)_-_(.*)\.html#(.*)$ /modules.php?name=$1&$2=$3&$4=$5#$6 [L]
RewriteRule ^Evo-(.*)_-_(.*)_-_(.*)_-_(.*)_-_(.*)\.html$ /modules.php?name=$1&$2=$3&$4=$5 [L]

RewriteRule ^Evo-(.*)_-_(.*)_-_(.*)\.html#(.*)$ /modules.php?name=$1&$2=$3#$4 [L]
RewriteRule ^Evo-(.*)_-_(.*)_-_(.*)\.html$ /modules.php?name=$1&$2=$3 [L]

RewriteRule ^Evo-index.html#(.*)$ /index.php#$1 [L]
RewriteRule ^Evo-index.html$ /index.php [L]

RewriteRule ^Evo-(.*)\.html#(.*)$ /modules.php?name=$1#$2 [L]
RewriteRule ^Evo-(.*)\.html$ /modules.php?name=$1 [L]

# for hosts that don't allow the above, we won't give people anything to look at
<IfModule mod_autoindex.c>
 IndexIgnore *
</IfModule>

# -------------------------------------------
# Start of NukeSentinel(tm) admin.php Auth
# -------------------------------------------
<Files .htaccess>
  deny from all
</Files>

<Files .staccess>
  deny from all
</Files>

# <Files admin.php>
#    <Limit GET POST PUT>
#      require valid-user
#    </Limit>
#    AuthName "Restricted"
#    AuthType Basic
#    AuthUserFile /PATH/TO/YOUR/.staccess
# </Files>
# -------------------------------------------
# Start of NukeSentinel(tm) DENY FROM area
# -------------------------------------------

# Disable .htaccess viewing from browser
<files ~ "^\.ht">
    Order allow,deny
    Deny from all
    Satisfy All
</files>

# Disable config.php viewing from browser
<files ~ "\config.php$">
    deny from all
</files>

# deny most common except .php/.html
<FilesMatch "\.(inc|tpl|h|ihtml|sql|ini|conf|class|bin|spd|theme|module|exe)$">
deny from all
</FilesMatch>

AddDefaultCharset ISO-8859-1
 
evaders99
Former Moderator in Good Standing


Joined: Apr 30, 2004
Posts: 3221

PostPosted: Wed Aug 16, 2006 1:02 pm Reply with quote

Just start with the first block of code, see if it works.. add sequentially until something dies. My guess is that not all those .htaccess commands are allowed by your host

_________________
- Only registered users can see links on this board! Get registered or login! -

Need help? Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
Tao_Man
PostPosted: Wed Aug 16, 2006 1:32 pm Reply with quote

Code:
PHP_FLAG register_globals On

PHP_FLAG output_buffering On


those two lines are your problem right there.
with phpsuexec all php settings must be made in a php.ini file.
You could always create a php.ini in your web root and put.

Code:
register_globals = On

output_buffering = On


they may already be on, your could check phpinfo(); to see
 
Taz
PostPosted: Wed Aug 16, 2006 2:17 pm Reply with quote

I can and have removed those two lines and still get internal 500 errors and cannot access the site.
 
Tao_Man
PostPosted: Wed Aug 16, 2006 2:37 pm Reply with quote

well shoot, well you will want to leave those out as they won't work with phpsuexec. The rewrite module may not be installed that could be the problem, hard to say, guess you will have to just go section by section and comment out the lines till you find what it is.

I will run your .htaccess on my site and see if it chokes

well I did the test, and other than the php_flag lines it didn't choke on the rest so phpsuexec isn't the problem, some other server or program setting is the problem

PS. one other thought phpsuexec doesn't like chmod 777. What chmod do you have your .htaccess at? 644 would be best.
 
Taz
PostPosted: Wed Aug 16, 2006 3:01 pm Reply with quote

I just tested this, I had the same .htaccess file without the two lines at the top

PHP_FLAG register_globals On
PHP_FLAG output_buffering On

and the file itself was chmod to 644. still got internal error 500. My host sucks . . . trying to get help out of them is like pulling teeth. I guess u get what you pay for . . .
 
Tao_Man
PostPosted: Wed Aug 16, 2006 3:30 pm Reply with quote

Well sorry to hear it still isn't working for you. I'm out of ideas. well ok one last idea the part of the code.

Code:
<files ~ "^\.ht">

    Order allow,deny
    Deny from all
    Satisfy All
</files>


is more or less a duplicate of
Code:
<Files .htaccess>

  deny from all
</Files>


it worked on my server but maybe yours doesn't like a file beign hit twice like this... this is a crazy idea and have no real reason to think it but... just grasping at straws here.
 
gregexp
PostPosted: Wed Aug 16, 2006 6:03 pm Reply with quote

Id sudjest changing all of this to:

##########################################################################
# Nuke-Evolution Basic: Enhanced PHP-Nuke Web Portal System #
##########################################################################

PHP_FLAG register_globals On
PHP_FLAG output_buffering On

Options All -Indexes
DirectoryIndex index.php index.html

# -------------------------------------------
# Lazy Google Tap
# -------------------------------------------
#Options +FollowSymlinks
#RewriteEngine on
#
#RewriteRule ^Evo-(.*)_-_(.*)_-_(.*)_-_(.*)_-_(.*)_-_(.*)_-_(.*)_-_(.*)_-_(.*)\.html$ /modules.php?name=$1&$2=$3&$4=$5&$6=$7&$8=$9 [L]
#
#RewriteRule ^Evo-(.*)_-_(.*)_-_(.*)_-_(.*)_-_(.*)_-_(.*)_-_(.*)\.html#(.*)$ /modules.php?name=$1&$2=$3&$4=$5&$6=$7#$8 [L]
#RewriteRule ^Evo-(.*)_-_(.*)_-_(.*)_-_(.*)_-_(.*)_-_(.*)_-_(.*)\.html$ /modules.php?name=$1&$2=$3&$4=$5&$6=$7 [L]
#
#RewriteRule ^Evo-(.*)_-_(.*)_-_(.*)_-_(.*)_-_(.*)\.html#(.*)$ /modules.php?name=$1&$2=$3&$4=$5#$6 [L]
#RewriteRule ^Evo-(.*)_-_(.*)_-_(.*)_-_(.*)_-_(.*)\.html$ /modules.php?name=$1&$2=$3&$4=$5 [L]
#
#RewriteRule ^Evo-(.*)_-_(.*)_-_(.*)\.html#(.*)$ /modules.php?name=$1&$2=$3#$4 [L]
#RewriteRule ^Evo-(.*)_-_(.*)_-_(.*)\.html$ /modules.php?name=$1&$2=$3 [L]
#
#RewriteRule ^Evo-index.html#(.*)$ /index.php#$1 [L]
#RewriteRule ^Evo-index.html$ /index.php [L]
#
#RewriteRule ^Evo-(.*)\.html#(.*)$ /modules.php?name=$1#$2 [L]
#RewriteRule ^Evo-(.*)\.html$ /modules.php?name=$1 [L]

That pretty much comments out what I believe to be google tap.
And there is a side note the next line down that lets you know that some hosts might not allow this.
Id sudjest a better host.
 
Taz
PostPosted: Wed Aug 16, 2006 7:20 pm Reply with quote

Well, it's hostgator. And for the money, it's a pretty good value. But support is not all that great. So basically your saying comment out all the lazy google tap stuff..... and try it again.

Ok I commented it out, and ripped out all the lines so that none of the lazy google tap was in the file. Still getting internal error 500 and not able to access the site. Sad

The thing I think I hate the most is that I don't understand anything about .htaccess to talk about it with my host to figure out what is wrong. . .
 
Taz
PostPosted: Fri Aug 18, 2006 12:19 pm Reply with quote

bump - anyone else have any more ideas? Smile
 
Tao_Man
PostPosted: Fri Aug 18, 2006 1:39 pm Reply with quote

I'm going to send you a PM of a link to a zip file with some files in it like 1.htaccess 2.htaccess, upload a rename to .htaccess one at a time and then let me know which ones if any work.
 
Taz
PostPosted: Fri Aug 18, 2006 1:48 pm Reply with quote

Ok - I'll be looking for them Smile
 
Taz
PostPosted: Fri Aug 18, 2006 2:25 pm Reply with quote

wierd. I uploaded them all, tried them one at a time, and they all worked. So I compared them to the original .htaccess that I posted here, and the only difference is this

Code:


##########################################################################
# Nuke-Evolution Basic: Enhanced PHP-Nuke Web Portal System #
##########################################################################


Which is at the top of the file and is what I thought a comment.

I took that out of the original .htaccess and tried accessing the site and it worked fine. So something doesnt like these three lines, but what?

This answers the issue with the .htaccess. You said your servers have this phpsuexec installed on them TAO. Do you have the same problem in Nuke Sentined for each of the site configurations i.e. Admin Blocker, Author Blocker ect. . . That the Email IP Look UP says NOT AVAILABLE?? This was my original problem Smile
 
Tao_Man
PostPosted: Fri Aug 18, 2006 4:18 pm Reply with quote

Well mine also says not avilable, I have no idea whay phpsuexec whould cause that, but fond something out. I was looking at thread and near the top was a test in blocker_config, something like $mailtest = @mail():

that whole function in gone in sentinel 2.5.02!!

gona go look to see where it was moved.
 
Tao_Man
PostPosted: Fri Aug 18, 2006 5:13 pm Reply with quote

Well I am not an expert on Sentinel so I may be wrong on this.

In NS 2.5.02 each blocking method can now be set to arin or dnsstuff or none. It now seems to check if PHP is running in cgi mode and if it is will say Email IP Look Up NOT AVAILABLE.

Now here is the funny part it seems to go ahead and do a arin lookup anyway.

I hacked the code and with it showing not available or set to arin it did an arin look up. DNSStuff balked and didn't like my trying to do a look up, and if set to off did not do a look up.

So if running php as cgi with Nuke Sentinel 2.5.02 you get an arin look up, if running as a module you can choose between arin, dnsstuff or none.

My only thought is why we cgi folk cant choose none.


This is just my finding and thoughts.
 
Taz
PostPosted: Sat Aug 19, 2006 4:51 am Reply with quote

Wierd, so basically what your saying is that in CGI mode you can't select this option but Sentinel still performs a look up . . .
 
Tao_Man
PostPosted: Mon Aug 21, 2006 10:51 am Reply with quote

Taz wrote:
Wierd, so basically what your saying is that in CGI mode you can't select this option but Sentinel still performs a look up . . .


Yes. at least that is what is happing for me and I don't have a very patched version of RN. I started with a stright RN 2.02.02 installed the WYSIWYG, and have upgraded Nuke Sentinel from the version in the bundle to 2.5.02 but no other changes to core files, I have added a few blockes and such but nothing that changes any core files so I can't help but feel this is what is normal.

I am getting Arin look up in my sentinel email, when I did hack the code I could force it off, but a normal install it just does it automatic.
 
Tao_Man
PostPosted: Mon Aug 21, 2006 1:50 pm Reply with quote

Been testing this a bit, When sentinel is installed in RN 2.02.02 it populates the database for the blockers, on most blockers email_lookup is set to 1 which is arin lookup, and on those ...for me at keast... it will go ahead and look up the ip address even when it says that ip lookup is not avalable. I played with turning it on and off in the database and it seems to work just fine.
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©