RE: php4 modul cgi mysql
Hallo Holm, Du schreibst: ähm na logisch habe ich ne info.php zum testen im root des jeweiligen apache2 dirs liegen, bloss sehe ich in der Ausgabe leider nicht ob php als cgi oder als Modul geladen wird. Wo steht denn das dort ? Wenn Du die Ausgabe von phpinfo() anschaust, findest Du im oberen Kopf der Ausgabe die Zeile Server API: - die Angabe Apache 2.0 Handler bedeutet, PHP wurde als PHP-Modul aufgerufen (unter dem Apache 2.0 Webserver) - die Angabe CGI/FastCGI bedeutet, PHP wurde als CGI aufgerufen und zwar in diesem Falle als FastCGI. Und dann verseth ich nicht wann php4 als Modul und wann als cgi benutzt wird ? Es wird dann als Modul benutzt wenn man seinem Apache gesagt hat das er das Modul laden soll ansonsten ist ein Handler zu definieren welcher das Programm php (in seiner CGI Form) aufruft. z.B Apache 1: LoadModule php5_modulelibexec/libphp5.so AddModule mod_php5.c DirectoryIndex index.php index.php3 index.php4 index.htm index.html AddType application/x-httpd-php .php .php4 .php3 AddType application/x-httpd-php-source .phps Bei Apache2 entfaellt das AddModule. genau hier liegt mein Verständnisproblem. Ich hab php als Modul geladen. Es wird scheinbar auch benutzt. Indem ich das hier aktiviere im jeweiligen vhost wird also php4 als cgi ausgeführt? AddType application/x-httpd-php .php .php4 .php3 AddType application/x-httpd-php-source .phps Nein, damit wird PHP4 nicht als CGI ausgeführt. Die Erklärung ist ganz einfach, wenn Du Dir genau die Namen der benutzten Direktiven anschaust und Dir die Logik des Apache- Servers verinnerlichst: - LoadModule weist den Apache Server an, ein Modul zu laden (load = lade, Module = Modul...). Wenn Du dies in deiner Konfiguration stehen hast, dann versucht der Apache-Server das Modul zu laden - ob es dann auch angesprochen wird, hängt von einer weiteren Direktive, nämlich AddType ab. Die Direktive LoadModul lädt und aktiviert erstmal nur das Modul. vgl. http://httpd.apache.org/docs/2.0/mod/mod_so.html#loadmodule Ob Du PHP als Modul laden möchtest oder nicht, hängt von Deinen Sicherheitsbedürfnissen und Deiner Serverumgebung ab (weiter- führende Stichworte hierzu sind: mehrere Benutzer auf einem Webserver (chroot, suExec, ...) und Zuteilung von Ressourcen zu einzelnen Virtualhosts (FastCGI), ...). Es läßt sich übrigens nur ein PHP-Modul in den Apache laden. Das bedeutet, wenn Du gerne mehrere PHP-Versionen benötigst (z.B. PHP4 und PHP5 gleichzeitig auf einem Server), dann kann nur eine dieser Versionen als Modul eingebunden werden - die andere PHP-Version mußt Du dann als CGI/FastCGI aufrufen. - AddType = zusätzliche Direktive, die den Apache Server anweist, Dateien mit einer speziellen Extension (z.B. .php) einem MIME-Typ (z.B. dem geladenen PHP-Modul) zuzuordnen. Beispiel: Die Anweisung AddType application/x-httpd-php .php .php4 .php3 weist den Apache an, alle Aufrufe mit dem Kürzel .php dem (vorher mit LoadModule geladenem) Apache-Modul zuzuordnen. vgl. http://httpd.apache.org/docs/2.0/mod/mod_mime.html#addtype - AddHandler zusammen mit Action weist den Apache Server dagegen an, bei einem Aufruf einer Datei mit einer gewissen Extension (z.B. .php5 oder .cgi) diesen Aufruf an einen speziellen Handler zu übergeben (AddHandler). Die Aktion, die beim Auftreten dieses Handlers ausgeführt wird, ist im Fall von PHP-CGI der PHP-Interpreter oder FastCGI. Mit AddHandler und Action kannst Du also dafür sorgen, dass der PHP-Interpreter als CGI (oder FastCGI) aufgerufen wird. vgl. http://httpd.apache.org/docs/2.0/mod/mod_mime.html#addhandler und http://httpd.apache.org/docs/2.0/mod/mod_actions.html#action Mit Hilfe dieser Direktiven kannst Du also sowohl PHP als Modul als auch PHP als CGI aufrufen - es kommt nur darauf an, welche Direktive Du letztendlich nutzt. Viele Grüße Marcus Reimann M. Reimann Systemberatung http://www.reimann-systemberatung.de -- Apache HTTP Server Mailing List users-de unsubscribe-Anfragen an [EMAIL PROTECTED] sonstige Anfragen an [EMAIL PROTECTED] --
Re: [EMAIL PROTECTED] Please help... apache hacked?
Ricardo Kleemann schrieb: Hi, I'm running an older version of apache 1.3.28 under a Suse install. Today I noticed that somehow a bots.txt perl program is being run, yet it is not run from the filesystem. Somehow this script is being downloaded and run. Yesterday the server was also a victim of an attack from PSYCH@ mass defacement. I don't know if these 2 attacks are related in any way, but I certainly need help to figure out what to do! Does anyone know anything related to running this bots.txt? Here's what I have in my error_log: --11:51:13-- http://tehboob.be/bots.txt = `bots.txt' Resolving tehboob.be... done. Connecting to tehboob.be[72.20.8.243]:80... connected. HTTP request sent, awaiting response... 200 OK Length: 29,378 [text/plain] 0K .. .. 100% 683.08 KB/s A first look shows that the script bots.txt currently available targets vulnerable installation of Joomla and Mambo. There are some vulnerabilities reported for the included phpBB and an extension called perForms. The bot seems to join a specific IRC-chan waiting for commands and looking for new vulnerable installations via google-searches. Perhaps you want to replace any wget-binaries with a shell script logging environment and command-line switches to identify the document used to retrieve the script. PLEASE HELP... You should stop your Apache! :D .max - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Please help... apache hacked?
Thanks Max. A first look shows that the script bots.txt currently available targets vulnerable installation of Joomla and Mambo. There are some vulnerabilities reported for the included phpBB and an extension called perForms. But how in the first place, is apache even downloading the bots.txt, and then, running it? Is it running in-memory, since it's not anywhere in the filesystem ? And what commands can be run on port 80 to do the download/run of the script? The bot seems to join a specific IRC-chan waiting for commands and looking for new vulnerable installations via google-searches. Perhaps you want to replace any wget-binaries with a shell script logging environment and command-line switches to identify the document used to retrieve the script. PLEASE HELP... You should stop your Apache! :D .max - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Apache2 vhost log
Hi, I cannot get custom logs for a vhost to work. The logfiles is created but empty. I've searched for examples and read the manual but it don't work. Don't know what I'm doing wrong. This is my vhost config: VirtualHost *:80 DocumentRoot /www/example.com ServerName example.com CustomLog /www/example.com/access_log %h %l %u %t \%r\ %s %b \%{Referer}i\ \%{User-agent}i\ ErrorLog /www/example.com/error_log AcceptPathInfo On Alias /wiki /www/example.com/index.php Alias /index.php /www/example.com/index.php /VirtualHost Does anyone have any tips? - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Please help... apache hacked?
Morgan Gangwere wrote: On 7/15/06, Ricardo Kleemann [EMAIL PROTECTED] wrote: Thanks Max. A first look shows that the script bots.txt currently available targets vulnerable installation of Joomla and Mambo. There are some vulnerabilities reported for the included phpBB and an extension called perForms. snip does ANYBODY even know what bots.txt even DOES? Clearly not you. bots.txt should look like this: accept all reject altaVista look at virussin.com/bots.txt to see what it SHOULD do... its for SEARCH EINGINES. the bot grabs it, looks at it, and it its on the white list of eingines, it caches the site, if its on the blacklist (reject), it sulks away into a corner... Don't confuse the widely known robots.txt file, which is the main component of the Web Robots Exclusion Standard, with a file that happens to be called bots.txt A cursory examination of this particular bots.txt file seems to indicate that it creates an IRC server. Ricardo: If this server is hosted for you, contact your host and inform them that the machine is probably compromised. They'll probably know what to do. If, instead, you operate the machine, then take it off the internet and backup any data you need from it, using a local network connection only. You will need to scan this data separately, to ensure it doesn't contain any hostile code. There are ways of disinfecting a server, but if you're not confident about your server management skills, the safest way is to format the disk and start again. Install a fresh OS, and before you put it on the internet look up and install: IPTables and an AntiVirus package (ClamAV?). It's a good opportunity to install up-to-date versions of all your apps, and ensure that you don't have out-of-date software on your machine. Good luck. p - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Apache2 vhost log
On 7/15/06, David Sveningsson [EMAIL PROTECTED] wrote: Hi, I cannot get custom logs for a vhost to work. The logfiles is created but empty. I've searched for examples and read the manual but it don't work. Don't know what I'm doing wrong. This is my vhost config: VirtualHost *:80 DocumentRoot /www/example.com ServerName example.com CustomLog /www/example.com/access_log %h %l %u %t \%r\ %s %b \%{Referer}i\ \%{User-agent}i\ ErrorLog /www/example.com/error_log AcceptPathInfo On Alias /wiki /www/example.com/index.php Alias /index.php /www/example.com/index.php /VirtualHost Does anyone have any tips? Does /www/example.com/ exist? Are you absolutely sure that this vhost is processing requests? If you put Location / Order allow,deny Deny from all /Location in there, does it deny all requests? Joshua. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Apache2 vhost log
No, it didn't process any requests at all. When I tried your settings I noticed that and found that Apache had a default vhost (which was being used instead of mine). Just moved the configuration over there and now it works. How stupid of me.. Anyways, thanks! Joshua Slive wrote: On 7/15/06, David Sveningsson [EMAIL PROTECTED] wrote: Hi, I cannot get custom logs for a vhost to work. The logfiles is created but empty. I've searched for examples and read the manual but it don't work. Don't know what I'm doing wrong. This is my vhost config: VirtualHost *:80 DocumentRoot /www/example.com ServerName example.com CustomLog /www/example.com/access_log %h %l %u %t \%r\ %s %b \%{Referer}i\ \%{User-agent}i\ ErrorLog /www/example.com/error_log AcceptPathInfo On Alias /wiki /www/example.com/index.php Alias /index.php /www/example.com/index.php /VirtualHost Does anyone have any tips? Does /www/example.com/ exist? Are you absolutely sure that this vhost is processing requests? If you put Location / Order allow,deny Deny from all /Location in there, does it deny all requests? Joshua. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- *//David Sveningsson [eXt]* __ Freelance Coder | Game Developer Student [ http://sidvind.com ] [ http://nitroxy.com ] - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [EMAIL PROTECTED] Please help... apache hacked?
Ricardo Kleemann schrieb: does ANYBODY even know what bots.txt even DOES? bots.txt should look like this: accept all reject altaVista look at virussin.com/bots.txt to see what it SHOULD do... its for SEARCH EINGINES. the bot grabs it, looks at it, and it its on the white list of eingines, it caches the site, if its on the blacklist (reject), it sulks away into a corner... This particular bots.txt is downloaded from tehboob.be and then is run (somehow) from /. This bots.txt is a perl program that connects to irc servers and sends out apache access_log information. I don't think it sends access_log information. The open file handles for access_log you mentioned has been inherited from the parent Apache process. A few other clues... when I run ps, it shows the processes as syslogd -m 0, but really when looked at with the real name it simply shows perl. It's just running the perl interpreter as nobody (since apache runs as nobody). When I look at lsof, it shows that the cwd is /. So how apache is able to download a program, and run it, from /, I don't understand. Thats exactly what bots.txt does: my $processo = 'syslogd -m 0'; chdir(/); $0=$processo.\0x16;; How can I block apache from being able to do such a thing? Again, here's the output from the error_log that shows the download happening, and then I have no idea how, after downloaded, the program is run. I expect that you are using an insecure php-configuration allowing include() to fetch php-scripts via HTTP (allow_url_fopen) and executing commands via the php-functions exec, system, popen, passthrugh .. That may be the way how a foreign attacker invoke the perl interpreter on you machine. --11:51:13-- http://tehboob.be/bots.txt = `bots.txt' Resolving tehboob.be... done. Connecting to tehboob.be[72.20.8.243]:80... connected. HTTP request sent, awaiting response... 200 OK Length: 29,378 [text/plain] 0K .. .. 100% 683.08 KB/s My guess is that maybe the hackers installed a program that is performing this download. But I've searched the joomla installation for any file containing bots.txt to no success. Can someone explain why this is logged in the error_log and not in the access_log? Wget writes status information when retrieving files to STDERR and so they get passed to the error_log. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Problem: MySQL Auth and Apache 2.2
Dear list, I've been using mod_auth_mysql for a couple of years with Apache 1.3 and 2.0 and it has been a great help for me ever since. Now I've had to change to SuSE 10.1 which is shipped with Apache 2.2 and this is where the trouble starts: Whenever I try to access a part of the site that is mod_auth_mysql protected through a .htaccess configuration, Apache throws a 500 Internal Server Error, complaining: [Sat Jul 15 17:20:02 2006] [error] Internal error: pcfg_openfile() called with NULL filename [Sat Jul 15 17:20:02 2006] [error] [client 84.190.46.89] (9)Bad file descriptor: Could not open password file: (null) I then tried to add a AuthUserFile/dev/null which stopped Apache to complain but wouldn't let a single user pass through (probably because /dev/null doesn't contain any users ;) ). I then read that Apache 2.2 requires the AuthBasicProvider directive in order to work, but neither options like mysql, dbi or dbd worked. Furthermore, I cannot (and don't want to) switch to mod_authn_dbd because it doesn't come with MySQL support precompiled with SuSE 10.1. It's DBDriver directive throws an error saying that mysql is unknown :(, same goes for pgsql etc. So if you have any hint how I could get MySQL authentification working again under Apache 2.2, your help your be highly appreciated! Regards, Frederik. Here's my .htaccess configuration that used to work under Apache 2.0: AuthName Sicherheitsbereich AuthUserFile/dev/null AuthType Basic AuthMySQLAuthoritativeon AuthMySQLPwEncryption crypt AuthMySQLHost localhost AuthMySQLUser vfb AuthMySQLPassword *** AuthMySQLDB vfb AuthMySQLUserTableAnsprechpartner AuthMySQLNameFieldUsername AuthMySQLPasswordFieldPassword require valid-user -- View this message in context: http://www.nabble.com/Problem%3A-MySQL-Auth-and-Apache-2.2-tf1948781.html#a5344026 Sent from the Apache HTTP Server - Users forum at Nabble.com. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED] Curious error message
Hello,I'm currently attempting to serve pages with mod_vhost_dbi, and it seems to be configured properly, but I'm receiving an error message, seemingly from apache, as it's in apache2.log and not mentioned anywhere in the mod_vhost_dbi source: File does not exist: /ERRORWhat exactly does that mean, and why is there /ERROR instead of the file attempting to be accessed? I am running Ubuntu (6.06) Apache 2.0.55, mod_dbi_pool 0.4.0, and mod_vhost_dbi 0.1.0.Thanks for any help you can offer,Kent