Re: [PHP] What would cause this?
tedd wrote: Hi gang: I have a question regarding php and security. My apologies beforehand if this is common knowledge to everyone except me. I have a php application sitting at root level on one of my servers who's sole function is to send me an email whenever it's run. So, whenever I reference this app, it sends me an email -- very simple. However, the app isn't reference or linked anywhere on the site, but it still occasionally runs all by itself. My question is -- what's triggering it? Is the cause a bot of some type? I was told that spiders/bots could only travel links outward from your front page (i.e., index) to all other referenced pages, but could not access things that are not linked -- unless of course they know the name of the app. So, why does this php app occasionally run? Are there critters that navigate my root without my knowledge? If you can, check your apache access logs and that will tell you the ip of the person who accessed that page.. will give you a starting point anyway. -- Postgresql php tutorials http://www.designmagick.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] What would cause this?
tedd a écrit : Hi gang: Hi I have a question regarding php and security. My apologies beforehand if this is common knowledge to everyone except me. I have a php application sitting at root level on one of my servers who's sole function is to send me an email whenever it's run. So, whenever I reference this app, it sends me an email -- very simple. However, the app isn't reference or linked anywhere on the site, but it still occasionally runs all by itself. It runs automagically ? My question is -- what's triggering it? did you check your http server log files for this url ? Is the cause a bot of some type? I was told that spiders/bots could only travel links outward from your front page (i.e., index) to all other referenced pages, but could not access things that are not linked -- unless of course they know the name of the app. Some tools try to check from a basic url for several directories or files (/images, /private, etc). So, why does this php app occasionally run? Are there critters that navigate my root without my knowledge? if you wish to limit the access to your script, you can control the IP of the client using $_SERVER[REMOTE_ADDR]. Thanks. tedd but it's not a very good idea to let the script run without any control. you can be quickly flooded by mail from this script if it's called very often during the week-end. N F -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] What would cause this?
nicolas figaro wrote: tedd a écrit : tedd, let us know what your logs say. but it's not a very good idea to let the script run without any control. you can be quickly flooded by mail from this script if it's called very often during the week-end. dude, what's a week-end? wait let me guess it's the bit between 1am on Sunday and 7am om Monday right? I agree 6 hours is plenty of time to flood someone with mail :-) N F -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] What would cause this?
Here's what you can do: Have a timestamp of the last e-mail stored on a file. If time() - that timestamp 600 (10 minutes) then don't send the e-mail. When sending it, do this $server_array = print_r($_SERVER, true); and use the $server_array variable to obtain some info regarding the client that's causing the requests. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] What would cause this?
At 4:56 PM +1000 6/1/06, Chris wrote: If you can, check your apache access logs and that will tell you the ip of the person who accessed that page.. will give you a starting point anyway. Thanks -- have done, see below. At 8:59 AM +0200 6/1/06, nicolas figaro wrote: However, the app isn't reference or linked anywhere on the site, but it still occasionally runs all by itself. It runs automagically ? Yep, automagically. At 9:21 AM +0200 6/1/06, Jochem Maas wrote: let us know what your logs say. I asked them, and this is what they said: 72.29.85.194 - - [01/Jun/2006:00:01:06 -0400] GET /email_me.php . -snip- First, I have removed the automagical email_me.php from my root and put it elsewhere. Second, I have seen the enemy and it is me! That's MY shared IP and it's MY own cron experiment running MY script at the start of each month as I instructed it to do -- apparently it remembers, and I don't. This is embarrassing -- but, it has taught me to look at the logs and confirms that my cron works. :-) Many thanks for your help. tedd -- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] What would cause this?
At 12:55 PM +0100 6/1/06, André Medeiros wrote: When sending it, do this $server_array = print_r($_SERVER, true); and use the $server_array variable to obtain some info regarding the client that's causing the requests. Thank you -- that was a most excellent idea. tedd -- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] What would cause this?
On Thu, June 1, 2006 1:18 am, tedd wrote: However, the app isn't reference or linked anywhere on the site, but it still occasionally runs all by itself. My question is -- what's triggering it? Bad Guys are probably trying to poke at your site, finding URLs at random, regardless of links, trying to hack your site. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php