Sign In
Create Account
Follow Us on Twitter
Subscribe on Youtube
Hey guys, I might use CentOS on my new computer as a server.. never used linux before, what do you guys think? Its nicknamed the perfect web server
15 replies to this topic
Back to top|
|
|
#2
Guest_Jordan_*
Posted 15 March 2008 - 06:19 AM
Guest_Jordan_*
Guest_Jordan_*
-
- Guests
CentOS is what CodeCall use to run on. The OS is nice and stable, like all Linux operating sytems. Will you be the administer and will the server be running at your house or remotely?
#3
Posted 15 March 2008 - 08:37 PM
phpforfun
-
- Members
-
- 1,236 posts
Speaks fluent binary
Well for now it would be at my home, but I plan on starting a web server and rent a server rack out and put in my own server after I get done with college.
The only thing that I dont get is.. when you rent space out to a user and give them ftp accounts and have PHP on the server. How do you stop the file tree exploit error?
My friend ran a server at his house, it was on windows and had PHP, he let me have some space. He wanted to test how secure his server was, and so asked me to "hack" it. My "space" was simply a folder in the main dir that I had access to, nothing before that. So I just used PHP to delete the file "../Index.php" and it deleted HIS index... I then made some code to view the files in "../../../../" which let me view all the files on his C: drive.
How is this fixed?
The only thing that I dont get is.. when you rent space out to a user and give them ftp accounts and have PHP on the server. How do you stop the file tree exploit error?
My friend ran a server at his house, it was on windows and had PHP, he let me have some space. He wanted to test how secure his server was, and so asked me to "hack" it. My "space" was simply a folder in the main dir that I had access to, nothing before that. So I just used PHP to delete the file "../Index.php" and it deleted HIS index... I then made some code to view the files in "../../../../" which let me view all the files on his C: drive.
How is this fixed?
#4
Posted 16 March 2008 - 01:59 AM
TcM
-
- Members
-
- 11,147 posts
Writes binary right handed and hex left handed
Maybe he did not block you from accessing his folders. I don't think it's that simple to hack other websites... If it was that simple then the website hosting companies are 100% vulnerable because everyone will be able to access everyones folder...
#5
Guest_Jordan_*
Posted 16 March 2008 - 05:18 AM
Guest_Jordan_*
Guest_Jordan_*
-
- Guests
You can do two things:
1) The PHP file directory hack which blocks users from leaving their home directory with PHP
AND
2) PHPSuExec which makes PHP executes as the owner of the directory. This prevents you from entering directories that you do not own (unless the permissions are not correct).
1) The PHP file directory hack which blocks users from leaving their home directory with PHP
AND
2) PHPSuExec which makes PHP executes as the owner of the directory. This prevents you from entering directories that you do not own (unless the permissions are not correct).
#6
Posted 16 March 2008 - 11:07 AM
phpforfun
-
- Members
-
- 1,236 posts
Speaks fluent binary
Jordan said:
You can do two things:
1) The PHP file directory hack which blocks users from leaving their home directory with PHP
AND
2) PHPSuExec which makes PHP executes as the owner of the directory. This prevents you from entering directories that you do not own (unless the permissions are not correct).
1) The PHP file directory hack which blocks users from leaving their home directory with PHP
AND
2) PHPSuExec which makes PHP executes as the owner of the directory. This prevents you from entering directories that you do not own (unless the permissions are not correct).
Interesting, how do you do #1?
#7
Guest_Jordan_*
Posted 16 March 2008 - 12:22 PM
Guest_Jordan_*
Guest_Jordan_*
-
- Guests
It is the open_basedir setting in your php.ini file.
PHP: Safe Mode - Manual
Quote
Limit the files that can be opened by PHP to the specified directory-tree, including the file itself. This directive is NOT affected by whether Safe Mode is turned On or Off.
When a script tries to open a file with, for example, fopen() or gzopen(), the location of the file is checked. When the file is outside the specified directory-tree, PHP will refuse to open it. All symbolic links are resolved, so it's not possible to avoid this restriction with a symlink. If the file doesn't exist then the symlink couldn't be resolved and the filename is compared to (a resolved) open_basedir .
The special value . indicates that the working directory of the script will be used as the base-directory. This is, however, a little dangerous as the working directory of the script can easily be changed with chdir().
In httpd.conf, open_basedir can be turned off (e.g. for some virtual hosts) the same way as any other configuration directive with "php_admin_value open_basedir none".
When a script tries to open a file with, for example, fopen() or gzopen(), the location of the file is checked. When the file is outside the specified directory-tree, PHP will refuse to open it. All symbolic links are resolved, so it's not possible to avoid this restriction with a symlink. If the file doesn't exist then the symlink couldn't be resolved and the filename is compared to (a resolved) open_basedir .
The special value . indicates that the working directory of the script will be used as the base-directory. This is, however, a little dangerous as the working directory of the script can easily be changed with chdir().
In httpd.conf, open_basedir can be turned off (e.g. for some virtual hosts) the same way as any other configuration directive with "php_admin_value open_basedir none".
PHP: Safe Mode - Manual
#8
Posted 16 March 2008 - 02:38 PM
phpforfun
-
- Members
-
- 1,236 posts
Speaks fluent binary
Thank you jordan! I think im going to rent a server rack out down town that has a good internet connection, and then build my server up and put it in.. Something to think about
#9
Guest_Jordan_*
Posted 16 March 2008 - 03:13 PM
Guest_Jordan_*
Guest_Jordan_*
-
- Guests
If I were you, I'd build my server first instead of wasting money on an empty rack.
#10
Posted 16 March 2008 - 06:17 PM
phpforfun
-
- Members
-
- 1,236 posts
Speaks fluent binary
How much would you think id spend on the server first? How much did you spend on one of yours. id just need 1 or 2 to start off on. Maybe one for me and one for the users?
#11
Guest_Jordan_*
Posted 17 March 2008 - 03:42 AM
Guest_Jordan_*
Guest_Jordan_*
-
- Guests
If you are renting rack space you will probably need to get a blade server. You can get them here for $400 - 1U Short Depth Rackmount Server aka "little screamer"
Those specs are not bad but I recommend 2gb of memory or more. You might be able to rent floor space locked in a cage but this will be costly because you would have to rent the entire cage.
Those specs are not bad but I recommend 2gb of memory or more. You might be able to rent floor space locked in a cage but this will be costly because you would have to rent the entire cage.
#12
Posted 17 March 2008 - 06:00 AM
phpforfun
-
- Members
-
- 1,236 posts
Speaks fluent binary
2gb of memory for sure, I wouldnt rent floor space till I end up needing more than a few servers for space and have a lot of customers. I dont plan on charging too much, but I plan on providing a lot. Im obviously going to be a LAMP server.
Ill go down town and check out how much to rent a rack or just a slot on a rack is per a month, with the best internet connection.
Ill go down town and check out how much to rent a rack or just a slot on a rack is per a month, with the best internet connection.
