Results 1 to 7 of 7

Thread: Oh, php security hole! [RESOLVED]

  1. #1

    Thread Starter
    Fanatic Member Ruku's Avatar
    Join Date
    Jul 2002
    Location
    Canada
    Posts
    655

    Resolved Oh, php security hole! [RESOLVED]

    hey guys,

    I host web pages for a lot of people and I found that there is a little security hole, so now everyone's webpages are disabled temporarily.

    I just need to know how to config apache to deny it from executing programs...

    thanks!
    Last edited by Ruku; May 4th, 2006 at 04:06 PM.

    Using VB.NET 2005/.NET 2.0, NetBeans IDE 5, Fujitsu Cobol85,
    Website: http://DreamForgery.com

  2. #2
    KrisSiegel.com Kasracer's Avatar
    Join Date
    Jul 2003
    Location
    USA, Maryland
    Posts
    4,985

    Re: Oh, php security hole!

    What? Apache doesn't execute programs... unless you mean cgi or php scripts.

    You need to give us a lot more information. Honestly, it sounds like you may not be the person to setup a server for clients and you may want to pay a professional because you may have more security holes open than you think.
    KrisSiegel.com - My Personal Website with my blog and portfolio
    Don't Forget to Rate Posts!

    Free Icons: FamFamFam, VBCorner, VBAccelerator
    Useful Links: System.Security.SecureString Managed DPAPI Overview Part 1 Managed DPAPI Overview Part 2 MSDN, MSDN2, Comparing the Timer Classes

  3. #3
    I'm about to be a PowerPoster!
    Join Date
    Jan 2005
    Location
    Everywhere
    Posts
    13,651

    Re: Oh, php security hole!

    I have no idea what you talking about. Can you elaborate?

  4. #4
    Fanatic Member
    Join Date
    Oct 2004
    Posts
    751

    Re: Oh, php security hole!

    Prehaps hes talking about this:
    http://us3.php.net/manual/en/function.exec.php

    And no its not a security hole, if you know your php.ini file you can disable it.
    My Projects: [ Instant Messagener Client/Server ] [ VBPictochat ]

    My Sites:
    [ Datanethost ]
    [ Helpdesk ]

    Remember if my post was helpful then Rate This Post.

  5. #5

    Thread Starter
    Fanatic Member Ruku's Avatar
    Join Date
    Jul 2002
    Location
    Canada
    Posts
    655

    Re: Oh, php security hole!

    It's all good, I've figured how to disable php executions WHILE enabling file modifications through NTFS... so no worries now...



    (btw I didn't mean that php had a security hole, I just meant my website had one through php executions... and I think a few responses were quite rude... but thanks anyways

    the actual problem was that users uploaded files within their folder limitations and executed them in mass, resulting in a flood... but it's all good now)
    Last edited by Ruku; May 4th, 2006 at 04:10 PM.

    Using VB.NET 2005/.NET 2.0, NetBeans IDE 5, Fujitsu Cobol85,
    Website: http://DreamForgery.com

  6. #6
    VBA Nutter visualAd's Avatar
    Join Date
    Apr 2002
    Location
    Ickenham, UK
    Posts
    4,907

    Re: Oh, php security hole! [RESOLVED]

    Its very difficult for others to help you if you do not give us any information. Your first post was very ambiguous and could mean many things.

    Additionally, if you are going to allow users to upload and execute programs on the server, you need make sure that under no circumstances will they have access to other users data. If you are hosting on Linux you can run PHP as a different user and chroot it, if you are running windows I suggest you don't alow it at all.
    PHP || MySql || Apache || Get Firefox || OpenOffice.org || Click || Slap ILMV || 1337 c0d || GotoMyPc For FREE! Part 1, Part 2

    | PHP Session --> Database Handler * Custom Error Handler * Installing PHP * HTML Form Handler * PHP 5 OOP * Using XML * Ajax * Xslt | VB6 Winsock - HTTP POST / GET * Winsock - HTTP File Upload

    Latest quote: crptcblade - VB6 executables can't be decompiled, only disassembled. And the disassembled code is even less useful than I am.

    Random VisualAd: Blog - Latest Post: When the Internet becomes Electricity!!


    Spread happiness and joy. Rate good posts.

  7. #7

    Thread Starter
    Fanatic Member Ruku's Avatar
    Join Date
    Jul 2002
    Location
    Canada
    Posts
    655

    Re: Oh, php security hole! [RESOLVED]

    it's all good visualad, you even helped me out on that on another post... remember that oneandone problem? nyways, it's all good... , ntfs locked the users to their folder and they are chrooted to their folder, no worries.

    Using VB.NET 2005/.NET 2.0, NetBeans IDE 5, Fujitsu Cobol85,
    Website: http://DreamForgery.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width