Search Results

Search found 2964 results on 119 pages for 'php5 cgi'.

Page 95/119 | < Previous Page | 91 92 93 94 95 96 97 98 99 100 101 102 | Next Page >

Running PHP scripts as the owner of the PHP file: security issues

- by thomasrutter

I'm using suexec to ensure that PHP scripts (and other CGI/FastCGI apps) are run as the account holder associated with the relevant virtual host. This allows for securing each users' scripts from reading/writing by other users. However, it occurs to me that this opens up a different security hole. Previously, the web server ran as an unprivileged user, with read-only access to user's files (unless the user changed the file permissions for some reason). Now, the web user can also write to user's files. So while I've prevented different users taking advantage of each other's scripts, I've made it so that in the event that some application has a remote code injection vulnerability, it now has not only read access but also write access to all that user's scripts and website. How can I deal with this? One idea I've had is to create a second user account for each user account in the system, so that each user has their own user account, and all their scripts are run under another user account. But that seems cumbersome.

Read the article
Security issues of running PHP scripts as the owner of the PHP file with suexec

- by thomasrutter

I'm using suexec to ensure that PHP scripts (and other CGI/FastCGI apps) are run as the account holder associated with the relevant virtual host. This allows for securing each users' scripts from reading/writing by other users. However, it occurs to me that this opens up a different security hole. Previously, the web server ran as an unprivileged user, with read-only access to user's files (unless the user changed the file permissions for some reason). Now, the web server can also write to user's files. So while I've prevented different users taking advantage of each other's scripts, I've made it so that in the event that some application has a remote code injection vulnerability, it now has not only read access but also write access to all that user's scripts and website. How can I deal with this? One idea I've had is to create a second user account for each user account in the system, so that each user has their own user account, and all their scripts are run under another user account. But that seems cumbersome.

Read the article
apache proxypass to webmin

- by Ricardo

I have a problem with apache2 webmin redirect. My ProxyPass is: ProxyRequests Off ProxyPreserveHost On SSLProxyEngine On ProxyPass /admin/webmin/ https://localhost:10000/ ProxyHTMLURLMap https://localhost:10000 /admin/webmin <Location /admin/webmin/> ProxyHTMLExtended On SetOutputFilter proxy-html ProxyPassReverse https://localhost:10000/ ProxyPassReverse https://xxxxxxxxxxxxxxxxxxxx.amazonaws.com:10000/ Order allow,deny Allow from all </Location> When I connect using https://xxxxxxxxxxxxxxxxxxxx.amazonaws.com:10000/ there is no problem. But when I connect use https://xxxxxxxxxxxxxxxxxxxx.amazonaws.com/admin/webmin the page lost css and after login show me the error: The requested URL /session_login.cgi was not found on this server. I think is an error with my ProxyPass but I don´t know what is.

Read the article
Windows 2008 IIS 7 PHP Caching / Blank Page Problems?

- by darkAsPitch

I don't even know how to explain this. The only thing I can think is 'why am I working with a windows server?' I am renting a dedicated 1and1 server - I installed PHP myself - with fast CGI and caching (pretty sure I checked OK on something about dynamic caching for PHP when I installed it.) Every few hours of intensive php processing - my pages start locking up - usually just showing blank pages - with no errors whatsoever. Just now, I checked a page - let's call it a.php - and it was showing the results of b.php - I thought I had been hacked! Simply restarting the IIS server however, fixes the problem. Any ideas / help / knowledge on similar problems with windows 2008?

Read the article
Apache suEXEC execute script on user dir basis?

- by Blame

Iam looking for a way to run a script with different users. I dont want to hardcode the users in the config... and I found some information that it should be possible that the user goes to... lets say: Code: http://localhost/~user1/myscript.cgi and the script gets executes as user 'user1'. Does anybody know if that is possible? If not, do I have to make a new vhost config for every user? Thanks a lot! Greets, Kodak

Read the article
WINEHQ - wine_gecko won't init - HTML Rendering disabled

- by Nick

Hello Super Users, I'm currently trying to get a windows compiled program to work through Wine to run on Linux and MacOSX. When I run the program through wine, it prompts me to install Gecko which I do. Later on in the program, it attempts to use MSHTML to render HTML but I get these error messages on my console instead. err:mshtml:init_xpcom NS_InitXPCOM2 failed: 80004005 err:mshtml:HTMLDocument_Create Failed to init Gecko, returning CLASS_E_CLASSNOTAVAILABLE fixme:ole:CoCreateInstance no instance created for interface {00000000-0000-0000-c000-000000000046} of class {25336920-03f9-11cf-8fd0-00aa00686f13}, hres is 0x80040111 I'm using Wine 1.1.34 and a similar bug was supposedly fixed in 1.1.33 http://bugs.winehq.org/show_bug.cgi?id=12578 I've been at this all afternoon, is there anything I'm missing? Thanks, Nick

Read the article
How to configure fastcgi with lighttpd

- by silverburgh

Hi, I am trying to configure FastCgi with ligttpd server. I was able to run vanilla lighttpd like this: ./lighttpd -f lighttpd.conf And then I compile/install the source of fastcgi, and I add the following in my lighttpd.conf: fastcgi.server = ( "/fastcgi_scripts/" => (( #"host" => "127.0.0.1", #"port" => 9091, "check-local" => "disable", "bin-path" => "/usr/local/bin/cgi-fcgi", "docroot" => "/" # remote server may use # it's own docroot )) ) But lighttpd won't start after I add the above. Can you please tell me how can I run fastcgi with lighttpd? I want to use a c program with fastcgi with lighttpd. Thank you.

Read the article
Fine-tuning a LNMP stack

- by Norman

I'm in the process of setting up a server with 4GB RAM and 2 CPUs. The stack will be CentOS + NGINX + MySQL + PHP (with APC) and spawn-fcgi. It will be used to serve 10 Wordpress blogs, 3 of which receive about 20,000 hits per day. Each Wordpress instance is equipped with the W3 TotalCache. I have a few variables to play with: NGINX (How many worker_processes, worker_connections, etc) PHP (What parameters in php.ini should I change? What about apc?) Spawn-fcgi (Right now I have 6 php-cgi spawned. How many of them should I have?) I realize it's hard to tell without testing, but if you could please provide me with some ballpark numbers, that would be helpful too.

Read the article
nginx: php-fastcgi running but php files not executing

- by Daniel

I have recently set up a nginx server with PHP running as FastCGI process. The server is running with HTML files however PHP files are downloading instead of displaying and PHP code is not processed. This is what I have in nginx.conf: server { listen 80; server_name pubserver; location ~ \.php$ { root /usr/share/nginx/html; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /usr/share/nginx/html$fastcgi_script_name; include fastcgi_params; } } The command netstat -tulpn | grep :9000 displays the following which indicates php-fastcgi is running and listening on port 9000: tcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTEN 2663/php-cgi If it's if any importance my server is running on CentOS 6 and I installed nginx and PHP using the repositories from The Fedora Project.

Read the article
WIndows Emacs Keybinding

- by Josh

I know this is not a Windows site, so my apologies. I use Ubuntu all day, every day, and have finally convinced my buddy to try it. He is on Windows 7, so we installed this: http://www.ourcomments.org/cgi-bin/emacsw32-dl-latest.pl . It seems to be working great, but when he hits C-p ( prev. line ) it is trying to print the page for some reason. So, 2 questions. Is there a way to make it stop that, and is there a way to just run it from the command line, or without all of the fancy mouse stuff? Essentially as --no-windows? Thanks!

Read the article
Apache+FastCGI Timeout Problem

- by Sadjad Fouladi

Hi all. I've recently installed mod_fastcgi and Apache 2.2. I've a simple cgi script as below (test.fcgi): #!/bin/sh echo sadjad But when I invoke "mysite.com/test.fcgi" I see "Internal Server Error" message after a short period of time. The error.log file shows this error message: [Tue Jan 31 22:23:57 2006] [warn] FastCGI: (dynamic) server "~/public_html/oaduluth/dispatch.fcgi" has failed to remain running for 30 seconds given 3 attempts, its restart interval has been backed off to 600 seconds This is my .htaccess file: AddHandler fastcgi-script .fcgi RewriteEngine On RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^(.*)$ django.fcgi/$1 [QSA,L] I'm very confused, please help me! [Sorry for my poor English!]

Read the article
Apache and fastcgi - How to secure an Apache server with fastcgi enabled?

- by skyeagle

I am running a headless server on Ubuntu 10.x. I am running Apache 2.2. I am writing a fastcgi application for deployment on the server. I remember reading a while back (I could be wrong) that running CGI (and by implication fastcgi) on a server, can provide 'backdoors' for potential attackers - or at the very least, could compromise the server if certain security measurements are not taken. My questions are: what are the security 'gotcha's that I have to be aware of if I am enabling mod_fastcgi on my Apache server? I want to run the fastcgi as a specific user (with restricted access) how do I do this?

Read the article
Drupal on IIS 7 (PHP FastCGI) produces blank every 1 hr

- by Morron

Hi, I have Drupal running on IIS 7 with PHP Fast CGI installed. The FastCGI setting: http://img709.imageshack.us/img709/1748/fastcgisetting.jpg hxxp://img404.imageshack.us/img404/5837/fastcgisetting2.jpg I have Drupal running on isolated AppPool with default setting when I created the AppPool: hxxp://img716.imageshack.us/img716/5444/fastcgisetting3.jpg The problem is that after 1 hr or so If I browse to hxxp://localhost , there's nothing but only the blank page until IIS 7 is restarted. I think this has to do with PHP Process Recycling Behavior or other things that I'm not sure about. Can you show what's the cause of the problem?

Read the article
Why is wp-cron taking up so many resources?

- by Gaia

From /var/logs/httpd/error-log: [Thu Apr 22 01:41:15 2010] [notice] mod_fcgid: call /var/www/vhosts/mydomain.com/httpdocs/wp-cron.php with wrapper /usr/bin/php-cgi [Thu Apr 22 01:41:15 2010] [notice] mod_fcgid: server /var/www/vhosts/mydomain.com/httpdocs/wp-cron.php(17999) started ...The previous line shows up 8661 times... What's in Cron? Apr 22, 2010 @ 18:25 (1271960731) Twice Daily wp_version_check Apr 22, 2010 @ 18:25 (1271960731) Twice Daily wp_update_plugins Apr 22, 2010 @ 18:25 (1271960731) Twice Daily wp_update_themes Apr 23, 2010 @ 12:21 (1272025294) Once Daily wp_scheduled_delete Running CentoOS 5/plesk 9.3/php as FastCGI/suExec with WP 2.9.2 Thanks in advance.

Read the article
Distribute terrabyte files to the public from web server

- by MarkJ

Hi We need to set up a website which makes two or three large files publicly available - the files will be 1 or 2 terrabytes each. Although they will be public, in practise I expect only a relatively small number of scientists will want to download them. What is the best way to allow this? I've had a quick talk to a web-hosting provider (rackspace) and they suggested a hybrid solution. An entry-level managed server (we predict fairly low traffic for the website, but we do need to install some custom CGI software). Some cloud storage which hooks into Limelight Networks. This would host the large files, for download by FTP. It sounded OK to me but I know relatively little about server administration. Does it make sense? Thanks in advance, Mark

Read the article
Why is wp-cron is taking up so many resources?

- by Gaia

From /var/logs/httpd/error-log: ` [Thu Apr 22 01:41:15 2010] [notice] mod_fcgid: call /var/www/vhosts/mydomain.com/httpdocs/wp-cron.php with wrapper /usr/bin/php-cgi [Thu Apr 22 01:41:15 2010] [notice] mod_fcgid: server /var/www/vhosts/mydomain.com/httpdocs/wp-cron.php(17999) started ...The previous line shows up 8661 times... ` Whats in Cron? ` Apr 22, 2010 @ 18:25 (1271960731) Twice Daily wp_version_check Apr 22, 2010 @ 18:25 (1271960731) Twice Daily wp_update_plugins Apr 22, 2010 @ 18:25 (1271960731) Twice Daily wp_update_themes Apr 23, 2010 @ 12:21 (1272025294) Once Daily wp_scheduled_delete ` Running CentoOS 5/plesk 9.3/php as FastCGI/suExec Thanks in advance.

Read the article
Enabling mod_fcgid results in 403

- by laggingreflex

I have an EasyPHP 12.1 setup (latest) on Windows 7x64 and I'm trying to enable mod_fcgid for PHP. I have added the following in my httpd.conf Include conf/extra/httpd-vhosts.conf LoadModule fcgid_module modules/mod_fcgid.so FcgidInitialEnv PHPRC "C:\progra~2\EasyPHP-12.1\php\php546x121028092509" AddHandler fcgid-script .php FcgidWrapper "C:\progra~2\EasyPHP-12.1\php\php546x121028092509/php-cgi.exe" .php and Options ExecCGI Indexes FollowSymLinks under <Directory "${path}/www"> I've made sure the paths are all good and set permissions on the entire C:\progra~2\EasyPHP-12.1 and my www root to Everyone - Allow All. Yet I still get 403 on all server(localhost) requests. Along with Apache/2.4.2 (Win32) PHP/5.4.6 mod_fcgid/2.3.7 so I know mod_fcgid is enabled and is causing the 403. Commenting out the above lines from httpd.conf makes it work again but is slower than death (which is why I wanted mod_fcgid). What could I be doing wrong?

Read the article
Updating PHP on a Plesk managed Server

- by mblaettermann

I just updated PHP and MySQl on my VPS with the current Versions from Atomic Repo. Everything worked out fine so far. From console I get the new PHP 5.3: [root@server phpMyAdmin]# php -v PHP 5.3.16 (cli) (built: Aug 20 2012 11:18:05) Copyright (c) 1997-2012 The PHP Group Zend Engine v2.3.0, Copyright (c) 1998-2012 Zend Technologies with the ionCube PHP Loader v4.0.5, Copyright (c) 2002-2011, by ionCube Ltd. But through Apache I still get the old version (5.1.6). The server is running some old version of crappy Plesk Panel. That gives me the option to choose between Apache Modul, fCGI and CGI-BIN. Any hints, how to update apache, so it will use the new PHP Version? EDIT: I just needed to restart httpd (/etc/init.d/httpd restart)

Read the article
Can not run ifconfig like commands via browser

- by savruk

Problem is I cannot run "ifconfig" or similar commands via browser. Environment: Programming language : python Server : lighttpd(CGI) , running on busybox. Well machine is really small and so I am really restricted. Tried techniques: chown every script to root. But there is no differences. Why? Because lighttpd runs under another user, I mean not under root. As it is not root, when I try to run script from browser it always calls the python file with its uid. So it makes it impossible to run "ifconfig eth0 192.168.2.123" like commands via web browser. I get "ifconfig: SIOCSIFADDR: Permission denied" error. What can I do? I do not have any sudoers file, so cannot modify sudo command. Well, I don't even have "sudo" command :) Thanks for your help

Read the article
W3c Markup Validator on Windows 2003 with Apache

- by rihatum

Hi All, OS = Windows 2003 (latest sp / hotfixes etc) Perl = Active Perl 5.8.9 Build 825 Apache 2.2.11 Followed the following How-To: http://validator.w3.org/docs/install_win.html Facing the following errors : (had an html error too, but I used Perl Package manager to upgrade the required package. Now, the Package manager isn't showing any update of the following package and some others too : SGML::Parser::OpenSP version 0.991 required--this is only version 0.99 at C:/www/validator/httpd/cgi-bin/check line 61. Q : How can I download the latest package for OpenSP ? Q : Would It be just a matter of click and install the package? If someone can provide a step by step that would be very helpful, I am not fluent with building perl packages. Thanks and Regards

Read the article
You don't have permission to access / on this server on centos 5.3

- by zahid

hello am using centos 5.3 with kloxo panel everything was fine but last night when i was updating my site i do not know i got first error when i try to access my site script everything is ok www.w3scan.net www.dl4fun.com Forbidden You don't have permission to access / on this server. please help i checked httpd it seems to be ok my httpd.conf #<VirtualHost *:80> # ServerName www.domain.tld # ServerPath /domain # DocumentRoot /home/user/domain # DirectoryIndex index.html index.htm index.shtml default.cgi default.html default.htm #</VirtualHost> i uninstall apache and installed again now i have still now access Index of / i modify apache welcome.conf to remove apache test page help

Read the article
YSLow says certain CSS are not gzipped

- by rhand

YSlow keeps on telling me files like http://www.example.com/wp-content/plugins/q-and-a/css/q-a-plus.css?ver=1.0.6.2 are not gzipped while the gzip test tool at Feed the Bot mentions I am all good: Compressed? Yes Compression type gzip Page size (Bytes) 32,493 Compressed size (Bytes) -1 Saving (Bytes) 32,494 Compression % 100% I added this to my .htaccess: # Gzip <ifModule mod_gzip.c> mod_gzip_on Yes mod_gzip_dechunk Yes mod_gzip_item_include file .(html?|txt|css|js|php|pl)$ mod_gzip_item_include handler ^cgi-script$ mod_gzip_item_include mime ^text/.* mod_gzip_item_include mime ^application/x-javascript.* mod_gzip_item_exclude mime ^image/.* mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.* </ifModule> #Deflate <ifmodule mod_deflate.c> AddOutputFilterByType DEFLATE text/text text/html text/plain text/xml text/css application/x-javascript application/javascript </ifmodule> The header for the file mentioned states: CF-Cache-Status MISS CF-RAY 13945df90a9a0c1d-AMS Cache-Control public, max-age=2592000 Connection keep-alive Content-Encoding gzip Content-Type application/javascript Date Thu, 12 Jun 2014 07:34:38 GMT Expires Sat, 12 Jul 2014 07:34:38 GMT Last-Modified Thu, 21 Feb 2013 01:29:18 GMT Server cloudflare-nginx Transfer-Encoding chunked Vary Accept-Encoding Any ideas what I am missing here?

Read the article
Installing MoinMoin -wiki to my user directory on a server with no root access

- by deiga

Hello all, I posted this on webapps, but they told me to come here :) I've been trying to install MoinMoin -wiki on this webserver, where I have no root access. The server doesn't support wsgi, but it does support cgi/fcgi/etc. I've scoured google for a simple guide on how to accomplish this, but the only guides I found were from the year 2004 or so. Other guides always assumed that one has root access. So can anyone link a good tutorial for my question or just help me out here? Your help is appreciated :) P.S. Sorry if this is the wrong stack -page

Read the article
Apache .htaccess problem: No input file specified.

- by Michal M

Hello Everyone, Can someone help me with this. I'm feeling like I've been hitting my head against a wall for over 2 hrs now. I've got Apache 2.2.8 + PHP 5.2.6 installed on my machine and the .htacces with code below works fine, no errors. RewriteEngine on RewriteCond $1 !^(index\.php|css|gfx|js|swf|robots\.txt|favicon\.ico) RewriteRule ^(.*)$ /index.php/$1 [L] The same code on my hosting provider server gives me a 404 error code and outputs only: No input file specified. index.php IS there. I know they have Apache installed (cannot find version info anywhere) and they're running PHP v5.2.8. I'm on windows xp 64-bit, they're running some Linux and php in cgi/fastcgi mode. Can anyone suggest what could be the problem? PS. if that's important that's for CodeIgniter to work with friendly URLs.

Read the article
OMG. Is Webmin safe? I can see file codes in Chrome browser without login

- by Arwana

When Im in File Manager of Webmin, I can double click and see the codes of the files in new tab in Firefox with its specific URL. But when I remove ?rand=xxxx... after the file.php and paste the URL in Chrome browser, I still can see the codes. This is the URL I just pasted in the Chrome browser http://xxx.xxx.xxx.xxx:10000/file/show.cgi/var/www/html/mysite.com/files/file.php And then, I logout of webmin, and I change the file.php with other file, I can see the codes. OMG. Is Webmin safe? and how to secure this?

Read the article

< Previous Page | 91 92 93 94 95 96 97 98 99 100 101 102 | Next Page >