Re: [PHP] lesson in NOT how to run your php website ...
I teach law at a university .. I also run the website here ... Thankfully Tasmania is not considered part of Australia. :) *troll bait away* =but are you trolling for bad lawyer jokes to wind up brendan, or inviting the rest to take on the Aussies? =Tasmania advertises itself as the bit under, down-under separatist revenge on mainlander ignorance? =mind you, the words ignorance and Aussie in the same sentence... =dn -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] lesson in NOT how to run your php website ...
I teach law at a university .. I also run the website here ... Thankfully Tasmania is not considered part of Australia. :) *troll bait away* -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] lesson in NOT how to run your php website ...
Thankfully Tasmania is not considered part of Australia. :) Hahaha. Nice one. =) Regards, [ lucas ] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] lesson in NOT how to run your php website ...
Sorry if this a little of topic but this sort of reminds me what happend to
me on Monday:
I arrived at work in a really good mood (for a Monday) to find everyone
screaming at each other, then at me :) what was being said is that the new
webserver I have been configuring with the latest versions of Apache, mySQL
and PHP had been serverley hacked and it was all my fault (as usual), I
thought this was rather strange as there really arn't any holes that would
allow a root exploit (as far as I know) in the software which I had
installed. After further investigation it seems that our IT manager who did
the Linux install had not latched down the FTP tight enough and some guy
from France (Yes we are on to you :)) got in and started to extract all his
little hacking toys, one of which was a network sniffer which revealed all
of my passwords as I continued to configure the server. After much pain
stakingly changing all of our passwords everything seems to be ok now.
Just thought it was kind of funny that they blammed the web developer first
as I am the one who uses all the weird arsed software :)
Regards,
Joseph
-Original Message-
From: brendan [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, 30 October 2001 2:40 PM
To: [EMAIL PROTECTED]
Subject: [PHP] lesson in NOT how to run your php website ...
I teach law at a university .. I also run the website here ... php
with a mysql backend ...
- I have been designing a client side administration tool which allows
you to setup both the html input form to request from a database and
format the way the results look and are returned ... so that academics
can setup and run their own databases ...
- of course during setup and debugging I ran from the /temp directory of
the website (we dont have a test machine)
- after debugging was over i forgot about the extra copy of this script
in the /temp directory and forgot to delete it ..(there was no security
on the script)
- what i also forgot was that in my last lecture series I had left the
presentation files for the students in the .. you guessed it ... /temp
directory ..
- the students .. being students didnt actually look at the lecture
notes very much, and i had deleted them ..
- however its exam time ... and all of them in a flurry logged on to
the site ('/temp') ... but instead of finding the lecture series they
find this strange control panel with lots of weird buttons...
- web user + strange buttons on page = bugger ...
so about two weeks ago the site started to go haywire ... links stopped
working .. databases started screwing up ..
- i had entirely forgot about the contents of the /temp directory ..
- i was going INSANE trying to continually fix the site ..
- i thought we were being hacked and ran a constant netstat, logged all
visitor activity and made two separate complaints about what seems now
were innocent web users ...
- i didnt sleep
- my girlfriend nearly dumped me ..
- i was sure there was a conspiracy at hand ..
- I only stumbled on the /temp directory when i began rebuilding a new
site to replace what I had now decided was a comprimised code base ... I
started in the /temp directory of course ;)
- I am sure there is a lesson here somewhere .. I think it is probably
more valuable just to laugh at ..
ps thanks for all the help on the last run of stupidity I had (re
!#@$!#$ regular expressions posts here)
happy programming!
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] lesson in NOT how to run your php website ...
Heh.
While all us Aussies are wasting time with off topic rants. The sys admin
at my last job tried to tell me that the web site I was developing was
making port 80 connections to random IP numbers at very short intervals.
Duh. Didn't take long to figure out that he'd left port 80 open on the
firewall and that our servers were hit with code red.
Plus. ASP isn't that sophisticated. =)
(Don't worry, I have a real job now.)
Regards,
[ lucas ]
Joseph Blythe [EMAIL PROTECTED] wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
Sorry if this a little of topic but this sort of reminds me what happend
to
me on Monday:
I arrived at work in a really good mood (for a Monday) to find everyone
screaming at each other, then at me :) what was being said is that the new
webserver I have been configuring with the latest versions of Apache,
mySQL
and PHP had been serverley hacked and it was all my fault (as usual), I
thought this was rather strange as there really arn't any holes that would
allow a root exploit (as far as I know) in the software which I had
installed. After further investigation it seems that our IT manager who
did
the Linux install had not latched down the FTP tight enough and some guy
from France (Yes we are on to you :)) got in and started to extract all
his
little hacking toys, one of which was a network sniffer which revealed all
of my passwords as I continued to configure the server. After much pain
stakingly changing all of our passwords everything seems to be ok now.
Just thought it was kind of funny that they blammed the web developer
first
as I am the one who uses all the weird arsed software :)
Regards,
Joseph
-Original Message-
From: brendan [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, 30 October 2001 2:40 PM
To: [EMAIL PROTECTED]
Subject: [PHP] lesson in NOT how to run your php website ...
I teach law at a university .. I also run the website here ... php
with a mysql backend ...
- I have been designing a client side administration tool which allows
you to setup both the html input form to request from a database and
format the way the results look and are returned ... so that academics
can setup and run their own databases ...
- of course during setup and debugging I ran from the /temp directory of
the website (we dont have a test machine)
- after debugging was over i forgot about the extra copy of this script
in the /temp directory and forgot to delete it ..(there was no security
on the script)
- what i also forgot was that in my last lecture series I had left the
presentation files for the students in the .. you guessed it ... /temp
directory ..
- the students .. being students didnt actually look at the lecture
notes very much, and i had deleted them ..
- however its exam time ... and all of them in a flurry logged on to
the site ('/temp') ... but instead of finding the lecture series they
find this strange control panel with lots of weird buttons...
- web user + strange buttons on page = bugger ...
so about two weeks ago the site started to go haywire ... links stopped
working .. databases started screwing up ..
- i had entirely forgot about the contents of the /temp directory ..
- i was going INSANE trying to continually fix the site ..
- i thought we were being hacked and ran a constant netstat, logged all
visitor activity and made two separate complaints about what seems now
were innocent web users ...
- i didnt sleep
- my girlfriend nearly dumped me ..
- i was sure there was a conspiracy at hand ..
- I only stumbled on the /temp directory when i began rebuilding a new
site to replace what I had now decided was a comprimised code base ... I
started in the /temp directory of course ;)
- I am sure there is a lesson here somewhere .. I think it is probably
more valuable just to laugh at ..
ps thanks for all the help on the last run of stupidity I had (re
!#@$!#$ regular expressions posts here)
happy programming!
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
