[BlueOnyx:11133] Re: Drupal from Solar Speed
Michael, Sorry about that lag time around the world. All help is appreciated. Herb - Original Message - From: "Michael Stauber" To: "BlueOnyx General Mailing List" Sent: Wednesday, August 8, 2012 11:28:24 AM Subject: [BlueOnyx:11131] Re: Drupal from Solar Speed Hi Herb, > I downloaded the Drupal package from Solar Speed and its not working. > > Can I get some help here? I did post a support ticket on their website > but I got no response so far. Herb, I just got to the office. That ticket is not even 24h old. Just give me a moment to put out some other fires and I'll be back to you right away. -- With best regards Michael Stauber ___ Blueonyx mailing list Blueonyx@mail.blueonyx.it http://mail.blueonyx.it/mailman/listinfo/blueonyx -- Herb Rubin Pathfinders Software http://www.pfinders.com ___ Blueonyx mailing list Blueonyx@mail.blueonyx.it http://mail.blueonyx.it/mailman/listinfo/blueonyx
[BlueOnyx:11132] Re: /icons/: Directory indexing found
Thank you all testing now RC -- +-+ Richard C. Barker Sr. +-+ ___ Blueonyx mailing list Blueonyx@mail.blueonyx.it http://mail.blueonyx.it/mailman/listinfo/blueonyx
[BlueOnyx:11131] Re: Drupal from Solar Speed
Hi Herb, > I downloaded the Drupal package from Solar Speed and its not working. > > Can I get some help here? I did post a support ticket on their website > but I got no response so far. Herb, I just got to the office. That ticket is not even 24h old. Just give me a moment to put out some other fires and I'll be back to you right away. -- With best regards Michael Stauber ___ Blueonyx mailing list Blueonyx@mail.blueonyx.it http://mail.blueonyx.it/mailman/listinfo/blueonyx
[BlueOnyx:11130] Re: /icons/: Directory indexing found
Hi Ken, > Just add an index page: > > echo 'Icons' >> /var/www/icons/index.html > > echo 'Icons' >> /var/www/icons/small/index.html Or that. I'm just publishing an update base-apache which will add /etc/httpd/conf.d/security with this in it: # Disable directory listing for /var/www/icons/: Options -Indexes # Turn off Apache debugging support for TRACK/TRACE: TraceEnable off That takes care of both issues. And if there is anything else that's security related, we can add to it later on. -- With best regards Michael Stauber ___ Blueonyx mailing list Blueonyx@mail.blueonyx.it http://mail.blueonyx.it/mailman/listinfo/blueonyx
[BlueOnyx:11129] Drupal from Solar Speed
Hi, I downloaded the Drupal package from Solar Speed and its not working. Can I get some help here? I did post a support ticket on their website but I got no response so far. I did get it to install as a package. It does appear in the BO Gui. There is now a "solar speed" link on the left side of the BO Gui. There is a "web applications" link on the left when viewing a virtual site. Drupal is listed. But the "installed" column shows a red X and when I click on the config pencil icon it times out with the error message "NewLinQ server error". Anyone know what is wrong? Herb -- Herb Rubin Pathfinders Software http://www.pfinders.com ___ Blueonyx mailing list Blueonyx@mail.blueonyx.it http://mail.blueonyx.it/mailman/listinfo/blueonyx
[BlueOnyx:11128] Re: Unable to turn off trace or track
Thank you testing now RC On 8/8/2012 1:58 PM, Michael Stauber wrote: > Hi Richard, > >> I have this in my sitexx.include file and does not work >> >>RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK) [NC,OR] >>RewriteCond %{REQUEST_METHOD} ^TRACE [OR] >>RewriteCond %{REQUEST_METHOD} ^TRACK [OR] >>RewriteRule .* - [F] >> >> >> TCP 80 http >> Description: HTTP TRACE / TRACK Methods Allowed Synoposis: Debugging >> functions are enabled on the remote web server. Impact: The remote >> webserver supports the TRACE and/or TRACK methods. TRACE and TRACK are >> HTTP methods that are used to debug web server connections. >> >> TCP 443 https >> Description: HTTP TRACE / TRACK Methods Allowed Synoposis: Debugging >> functions are enabled on the remote web server. Impact: The remote >> webserver supports the TRACE and/or TRACK methods. TRACE and TRACK are >> HTTP methods that are used to debug web server connections. >> > Create /etc/httpd/conf.d/trace.conf and put this line in it: > > TraceEnable off > > Then restart Apache: /etc/init.d/httpd restart > > That disabled it for all sites and there is no need for a mod_rewrite rule. > > I just tested that. But please note: Automated security scanners like > Nessus or therelike will still bitch about it, as they are often just a > bunch of garbage. > -- +-+ Richard C. Barker Sr. CEO & President 1-800-510-3139 ProBass Networks Inc. http://www.probassnetworks.net http://www.probass.net *** DISCLAIMER : - This e-mail is confidential and intended only for the use of the individual or entity named above and may contain information that is privileged. If you are not the intended recipient, you are notified that any dissemination, distribution or copying of this e-mail is strictly prohibited. If you have received this email in error, please notify us immediately by return email or telephone and destroy the original message. +-+ ___ Blueonyx mailing list Blueonyx@mail.blueonyx.it http://mail.blueonyx.it/mailman/listinfo/blueonyx
[BlueOnyx:11127] Re: Unable to turn off trace or track
Thank you, On 8/8/2012 2:10 PM, Ken - Precision Web Hosting, Inc wrote: > > - Original Message - From: "Richard Barker" > To: "BlueOnyx General Mailing List" > Sent: Wednesday, August 08, 2012 10:29 AM > Subject: [BlueOnyx:11122] Unable to turn off trace or track > > >> >> I have this in my sitexx.include file and does not work >> >> RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK) [NC,OR] >> RewriteCond %{REQUEST_METHOD} ^TRACE [OR] >> RewriteCond %{REQUEST_METHOD} ^TRACK [OR] >> RewriteRule .* - [F] >> >> >> TCP 80 http >> Description: HTTP TRACE / TRACK Methods Allowed Synoposis: Debugging >> functions are enabled on the remote web server. Impact: The remote >> webserver supports the TRACE and/or TRACK methods. TRACE and TRACK >> are HTTP methods that are used to debug web server connections. >> >> TCP 443 https >> Description: HTTP TRACE / TRACK Methods Allowed Synoposis: Debugging >> functions are enabled on the remote web server. Impact: The remote >> webserver supports the TRACE and/or TRACK methods. TRACE and TRACK >> are HTTP methods that are used to debug web server connections. >> >> -- >> +-+ >> Richard C. Barker Sr. >> +-+ >> > > > Richard > > Try this > > RewriteEngine on > RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK) > RewriteRule .* - [F] > > > > Ken Marcus > Precision Web Hosting, Inc. > http://www.precisionweb.net > > -- +-+ Richard C. Barker Sr. CEO & President 1-800-510-3139 ProBass Networks Inc. http://www.probassnetworks.net http://www.probass.net *** DISCLAIMER : - This e-mail is confidential and intended only for the use of the individual or entity named above and may contain information that is privileged. If you are not the intended recipient, you are notified that any dissemination, distribution or copying of this e-mail is strictly prohibited. If you have received this email in error, please notify us immediately by return email or telephone and destroy the original message. +-+ ___ Blueonyx mailing list Blueonyx@mail.blueonyx.it http://mail.blueonyx.it/mailman/listinfo/blueonyx
[BlueOnyx:11126] Re: /icons/: Directory indexing found
- Original Message - From: "Richard Barker" To: "BlueOnyx General Mailing List" Sent: Wednesday, August 08, 2012 10:18 AM Subject: [BlueOnyx:11121] /icons/: Directory indexing found > > How does one turn this off? > > TCP 443 http > Title: Web server vulnerability Impact: /icons/: Directory indexing > found. Risk Factor: High/ CVSS2 Base Score: 10.0 CVE: CVE-1999-0569 > http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-0569 > > TCP 80 http > Title: Web server vulnerability Impact: /icons/: Directory indexing > found. Risk Factor: High/ CVSS2 Base Score: 10.0 CVE: CVE-1999-0569 > http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-0569 > > Found this in the httpd.conf > Alias /icons/ "/var/www/icons/" > > > Options Indexes MultiViews > AllowOverride None > Order allow,deny > Allow from all > > # > # AddIcon* directives tell the server which icon to show for different > # files or filename extensions. These are only displayed for > # FancyIndexed directories. > # > AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip > > AddIconByType (TXT,/icons/text.gif) text/* > AddIconByType (IMG,/icons/image2.gif) image/* > AddIconByType (SND,/icons/sound2.gif) audio/* > AddIconByType (VID,/icons/movie.gif) video/* > > AddIcon /icons/binary.gif .bin .exe > AddIcon /icons/binhex.gif .hqx > AddIcon /icons/tar.gif .tar > AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv > AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip > AddIcon /icons/a.gif .ps .ai .eps > AddIcon /icons/layout.gif .html .shtml .htm .pdf > AddIcon /icons/text.gif .txt > AddIcon /icons/c.gif .c > AddIcon /icons/p.gif .pl .py > AddIcon /icons/f.gif .for > AddIcon /icons/dvi.gif .dvi > AddIcon /icons/uuencoded.gif .uu > AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl > AddIcon /icons/tex.gif .tex > AddIcon /icons/bomb.gif core > > AddIcon /icons/back.gif .. > AddIcon /icons/hand.right.gif README > AddIcon /icons/folder.gif ^^DIRECTORY^^ > AddIcon /icons/blank.gif ^^BLANKICON^^ > > > Thank you in advance, > RC > > > -- > +-+ > Richard C. Barker Sr. > > +-+ > Richard Just add an index page: echo 'Icons' >> /var/www/icons/index.html echo 'Icons' >> /var/www/icons/small/index.html Ken Marcus Precision Web Hosting, Inc. http://www.precisionweb.net ___ Blueonyx mailing list Blueonyx@mail.blueonyx.it http://mail.blueonyx.it/mailman/listinfo/blueonyx
[BlueOnyx:11125] Re: Unable to turn off trace or track
- Original Message - From: "Richard Barker" To: "BlueOnyx General Mailing List" Sent: Wednesday, August 08, 2012 10:29 AM Subject: [BlueOnyx:11122] Unable to turn off trace or track > > I have this in my sitexx.include file and does not work > > RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK) [NC,OR] > RewriteCond %{REQUEST_METHOD} ^TRACE [OR] > RewriteCond %{REQUEST_METHOD} ^TRACK [OR] > RewriteRule .* - [F] > > > TCP 80 http > Description: HTTP TRACE / TRACK Methods Allowed Synoposis: Debugging > functions are enabled on the remote web server. Impact: The remote > webserver supports the TRACE and/or TRACK methods. TRACE and TRACK are > HTTP methods that are used to debug web server connections. > > TCP 443 https > Description: HTTP TRACE / TRACK Methods Allowed Synoposis: Debugging > functions are enabled on the remote web server. Impact: The remote > webserver supports the TRACE and/or TRACK methods. TRACE and TRACK are > HTTP methods that are used to debug web server connections. > > -- > +-+ > Richard C. Barker Sr. > +-+ > Richard Try this RewriteEngine on RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK) RewriteRule .* - [F] Ken Marcus Precision Web Hosting, Inc. http://www.precisionweb.net ___ Blueonyx mailing list Blueonyx@mail.blueonyx.it http://mail.blueonyx.it/mailman/listinfo/blueonyx
[BlueOnyx:11124] Re: /icons/: Directory indexing found
Michael this one is on a vps 5106R http://www.rpmcustomrods.com/icons/ RC - +-+ Richard C. Barker Sr. +-+ ___ Blueonyx mailing list Blueonyx@mail.blueonyx.it http://mail.blueonyx.it/mailman/listinfo/blueonyx
[BlueOnyx:11123] Re: /icons/: Directory indexing found
Hi Richard, > TCP 443 http > Title: Web server vulnerability Impact: /icons/: Directory indexing > found. Risk Factor: High/ CVSS2 Base Score: 10.0 CVE: CVE-1999-0569 > http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-0569 > > TCP 80 http > Title: Web server vulnerability Impact: /icons/: Directory indexing > found. Risk Factor: High/ CVSS2 Base Score: 10.0 CVE: CVE-1999-0569 > http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-0569 > > Found this in the httpd.conf > Alias /icons/ "/var/www/icons/" > > > Options Indexes MultiViews > AllowOverride None > Order allow,deny > Allow from all > I just tried http://server.name/icons/ on a BlueOnyx and I get a "The requested URL was not found on this server." I then tried http://www.vsite.com/icons/ and get the same. So this doesn't apply to BlueOnyx. I then checked Aventurin{e} 6105R and 6106R and there the /icons/ directory is browseable. I wouldn't exactly agree that a directory traversal of the /icons/ directory is a vulnerability (as it is non-exploitable). But I'll publish a fix to YUM that'll place an index.html into these directories. -- With best regards Michael Stauber ___ Blueonyx mailing list Blueonyx@mail.blueonyx.it http://mail.blueonyx.it/mailman/listinfo/blueonyx
[BlueOnyx:11122] Unable to turn off trace or track
I have this in my sitexx.include file and does not work RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK) [NC,OR] RewriteCond %{REQUEST_METHOD} ^TRACE [OR] RewriteCond %{REQUEST_METHOD} ^TRACK [OR] RewriteRule .* - [F] TCP 80 http Description: HTTP TRACE / TRACK Methods Allowed Synoposis: Debugging functions are enabled on the remote web server. Impact: The remote webserver supports the TRACE and/or TRACK methods. TRACE and TRACK are HTTP methods that are used to debug web server connections. TCP 443 https Description: HTTP TRACE / TRACK Methods Allowed Synoposis: Debugging functions are enabled on the remote web server. Impact: The remote webserver supports the TRACE and/or TRACK methods. TRACE and TRACK are HTTP methods that are used to debug web server connections. -- +-+ Richard C. Barker Sr. +-+ ___ Blueonyx mailing list Blueonyx@mail.blueonyx.it http://mail.blueonyx.it/mailman/listinfo/blueonyx
[BlueOnyx:11121] /icons/: Directory indexing found
How does one turn this off? TCP 443 http Title: Web server vulnerability Impact: /icons/: Directory indexing found. Risk Factor: High/ CVSS2 Base Score: 10.0 CVE: CVE-1999-0569 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-0569 TCP 80 http Title: Web server vulnerability Impact: /icons/: Directory indexing found. Risk Factor: High/ CVSS2 Base Score: 10.0 CVE: CVE-1999-0569 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-0569 Found this in the httpd.conf Alias /icons/ "/var/www/icons/" Options Indexes MultiViews AllowOverride None Order allow,deny Allow from all # # AddIcon* directives tell the server which icon to show for different # files or filename extensions. These are only displayed for # FancyIndexed directories. # AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip AddIconByType (TXT,/icons/text.gif) text/* AddIconByType (IMG,/icons/image2.gif) image/* AddIconByType (SND,/icons/sound2.gif) audio/* AddIconByType (VID,/icons/movie.gif) video/* AddIcon /icons/binary.gif .bin .exe AddIcon /icons/binhex.gif .hqx AddIcon /icons/tar.gif .tar AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip AddIcon /icons/a.gif .ps .ai .eps AddIcon /icons/layout.gif .html .shtml .htm .pdf AddIcon /icons/text.gif .txt AddIcon /icons/c.gif .c AddIcon /icons/p.gif .pl .py AddIcon /icons/f.gif .for AddIcon /icons/dvi.gif .dvi AddIcon /icons/uuencoded.gif .uu AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl AddIcon /icons/tex.gif .tex AddIcon /icons/bomb.gif core AddIcon /icons/back.gif .. AddIcon /icons/hand.right.gif README AddIcon /icons/folder.gif ^^DIRECTORY^^ AddIcon /icons/blank.gif ^^BLANKICON^^ Thank you in advance, RC -- +-+ Richard C. Barker Sr. +-+ ___ Blueonyx mailing list Blueonyx@mail.blueonyx.it http://mail.blueonyx.it/mailman/listinfo/blueonyx
[BlueOnyx:11120] Re: Not using smart host for email routing
Hi Mark, This might not be the same thing - but I had something similar. The fix this I needed to set an email delay in the GUI. This appears to prevent users connecting directly through which is what was was happening to me. You will then get a mail queue which is delivered via the smart host. Regards Jeffrey --- JEFFREY PELLIN Director JEFFREY PELLIN CONSULTANCY LTD [1] WORK: 01692 558226 MOBILE: 07768 451738 EMAIL: jeff...@pellin.co.uk [2] See who we know in common [3] On 07.08.2012 19:42, Mark E. Levy wrote: > On a 5106R, I have a smarthost configured in the email settings. However. when a user sends an email using Squirrelmail, it's apparently sending directly to the recipient server, according to the mail headers. How do I ensure that the smarthost parameter is honored? > > Thanks, > Mark Links: -- [1] http://www.quick-websites.co.uk [2] mailto:jeff...@pellin.co.uk [3] http://www.linkedin.com/e/wwk/53425140/?hs=false|+|amp|+|tok=13wzr5NHSChl41 ___ Blueonyx mailing list Blueonyx@mail.blueonyx.it http://mail.blueonyx.it/mailman/listinfo/blueonyx