Printer Friendly Version Print this thread
Email this thread to a friend eMail this thread to a friend
  • what is best php or html? (In: General Search Engine Optimization)
    • Featured Web Site Template

    Hundreds More at Free Site Templates.com!

    Web Site Partners
    Sponsored Links
    Jet City Software
     
    Whos Here ?
    Reflects user activity within the last 5 minutes
    Moderator(s): Prowler, jcokos
    Member Message

    david68
    Joined: May 16, 2005
    # Posts: 144

    View the profile for david68 Send david68 a private message

    Posted: 2007-May-01 18:29
    Edit Message Delete Message Reply to this message

    Excuse me if this isn't the proper place for this, I didn't know where else to post it.

    I run several PHP scripts, some have error_reporting set to 0 others not, but normally scripts shouldn't bomb so it shouldn't be an issue. However, a weird problem. I noticed in my CPANEL weblogs that a guestbook spambot tried accessing a file as "/home/myuserid/public_html/file..." (my spam filter data) instead of "http://...". This particular script DOES have error_reporting set to 0 and the file requested isn't used elsewhere. My folders don't allow raw indexing and public/group read is disabled, plus you can't use telenet on my server anyway. My question is HOW did this bot know my userid??? It is a shared server but I don't think that's it. Should I be concerned? Any ideas?

    I have since set up php prepend file using htaccess to set error_reporting to 0 in all php scripts automagically.

    Thanks.



    Prowler
    Staff
    Joined: Aug 14, 2000
    # Posts: 1794

    View the profile for Prowler Send Prowler a private message

    Posted: 2007-May-07 15:29
    Edit Message Delete Message Reply to this message

    Under certain conditions a server may not process the directives set in a directory - thus carrying out the primary master directives set at the httpd.config

    This might result in exposing the path to the file in question. As long as you follow standard precautions in using PHP scripting you should have no reason to worry.

    Always aim to make any server side script exit gracefully without displaying any information in a production environment. If a php script is included in another, make sure that the former can not be called by any other script residing anywhere else unless it satisfies certain conditions.

    There are plenty of malicious scripts out there crawling websites - specifically looking for vulnerable scripts.


    You are not permitted to post messages in this forum or topic, because of one or more of the following reasons:
    1. You have not yet logged in, or registered properly as a member
    2. You are a member, but no longer have posting rights.
    3. This is a private forum, for which you do not have permissions.

    If you are a recent member, it's possible that you simply have not yet confirmed your account. Please check your email for a message entitled 'JimWorld Forums: Confirm Your Account' and follow the instructions contained within.

    If you cannot find this message, click here to Re-Send it.

    If you are still experiencing problem, please read the Login Assistance Article for some advice on what may be causing your login not to work properly.

    Switch to Advanced Editor and ... Create a New Topic or Reply to this Thread

    New posts Forum is locked
    © 1995  ·  iWeb, Inc  ·  DBA JimWorld Productions