Paid help needed

Posted: Sun Jul 02, 2006 7:17 pm

Raven, or anyone,

Can I get a quote on getting this fixed on my production server (in its own directory for safety until the admin and security side is fixed)? Post 9878 tells the whole story.

I've been hacked again, and using the same URL as the hackers at least Raven 7.6 full did not let me in. However I want it working properly.

Thanks,
Peter Wade

Sells PC To Pay For Divorce Joined: Posts: 5661

Quote?

Ask Darklord....
im sure he will help,probably for free cause he is still learning and enjoys what he does...

Posted: Sun Jul 02, 2006 9:07 pm

ohh boy, I have an agent Laughing

j/k

actually I didnt respond as I've been really trying to develope something and have my head buried into it, but if I am finished before anyone else offers, then I'd be happy to help.

Hitwalker, like everyone, I'll never stop learning. Laughing

Posted: Mon Jul 03, 2006 5:51 am

well im not gonna help on this... Sad

as i read posword other topic about this problem and clear that its caused by the configuration of his host and whats installed/or not..

so without spending to much time on this i suggest like others already did to move to another host...
im sure posword can afford a few bucks a month for hosting at ravens....

Theme Guru Joined: Nov 01, 2003 Posts: 1006

posword,

It is quite simple after reading over your other posts. You asked for help and advice. You were given it. Get a new host. Raven will host you. I would host you. I am sure many others would host you. If you host cannot configure a server so that its clients are able to secure their websites why would you stay there? No one is gong to spend a huge amount of time trying to help something that cannot be helped. I hope that you will take the advice given to you. You already know that this is an issue with your host as the info that they gave you said as much. I wish you the best of luck.

Posted: Mon Jul 03, 2006 4:04 pm

ohh boy,

The storm hitwalker was about to get me in killing me

I've also read the latest post to you posword and simply put, Get a new host because the errors you are recieving are nothing and I do mean nothing compared to what your site will look like WHEN(not if) it gets hacked.

Posted: Mon Jul 03, 2006 6:10 pm

Did nobody read my post of June 12?

~~~~~~~~~~~~~~~~
My host is running phpSUEXEC. "You can't run HTTPAuth on our servers. Because it won't let you write any data into .htaccess file."

This is an explanation of phpSUEXEC from a Google search...

"On most Apache servers, PHP runs as an Apache Module. As such, it runs directly in the user Nobody, but doesn’t require the execute flag. This means that in order to execute a PHP file, it simply needs to be world readable. The problem is that this allows every other users on the server to read your PHP files!

Allowing other users to read your HTML files is not a problem, since they can be displayed in Internet Explorer. However, PHP files are not readable, they are parsed. Many scripts use a PHP file to store a database username and password. This means that on another server every client could read your PHP files, retrieve your password and access your databases.

ISPs close this hole by installing an Apache module called PHPsuexec, which executes PHP scripts under your username. Instead of using everyone’s permissions it uses the owner’s permissions. Thus you can change the permissions of your PHP scripts to 0700 or 0400 and still read and execute them. However, these scripts will no longer be accessible to any other users—PHPsuexec will refuse to execute a script if it is world-writable to protect you from someone abusing one of your scripts. All servers will be running phpsuexec within the near future."

Another site says, "All php values should be commented out or removed from your .htaccess files and placed in a php.ini file. This can be achieved by creating a text file and naming it php.ini and copying all of your php_value_entries in it and then uploading the php.ini to avoid this issue. Placing a php.ini file in its place should solve this issue."

If this is the trend, then how can NukeSentinel get around it. I don't see any php_value_entries in NS .htaccess but it does need to write to it. I could write to it manually but they may be a pain.
~~~~~~~~~~~~~~~~~~

Posted: Mon Jul 03, 2006 7:25 pm

Remember this, ALL statements made about functionality are opinions but statements made about things like php files being readable by anyone, uhh let me tell you this, Sentinel is made to block certain things within the nuke site and therefore better protection then your giving it credit for. I am not a server owner so therefore cannot speak as to PHPsuexec as I have not read up on it, although I can say this, ANYTHING that takes away from being able to write to the .htacess seems LESS secure in my OPINION as .htacess is the BEST(opinion) way to stop and block ips from accessing a site. So take this how you'd like, but I will restate this, a new host is exactly what you need!

Posted: Mon Jul 03, 2006 8:02 pm

OK, darklord, I understand what you are saying. I'm not being critical about Sentinel... I'm sure it does all it says it will, particularly if you have a dedicated server.

What I don't understand is whether the .htaccess file for Sentinel contains "PHP values". Do you know the answer to that? If it is "No" then I logically can't see why it does not work on a hosted platform under Suexec or the like.

Involved Joined: Jul 15, 2004 Posts: 252 Location: OKC, OK

In a standard install there ar no PHP values in .htaccess, so unless you or someone else added them you do not, Nuke does not use php values in .htaccess.

Second I can state for a fact that you can have PHPsuEXEC and suEXEC running on a server and Raven Nuke and Sentinel will work just fine. PHPsuexec can and will let you write to .htaccess. So if they are saying yo can not write to .htaccess then they have done something non standard to suEXEC and or they are not really running the scripts under your ID and or you do not really own .htaccess.

Now your provider is right in on one thing you can not use HTTPAuth with PHPsuEXEC as php needs to run as CGI for it to work, but CGIAuth in Sentinel will work just fine and will wright to .htacess if you have it set up to do so.

So again (not to beat a dead horse) it sound like your provider is doing something funny and unless they will change thier setup I dont know if there is anything anyone can do.

Posted: Wed Jul 05, 2006 6:06 pm

Thanks, Tao_Man,
That's the first response I've had from someone who knows what PHPsuEXEC does.

So I'll beat the dead horse again and see what my provider has to say. I did get conflicting replies from different support people, which is why I kept trying to find the solution.

Thanks again,
posword

Posted: Thu Jul 06, 2006 7:24 pm

Tao_Man,
I quoted your words exactly to my provider, and the System Administrator responded:

~~~~~~~~~~~~~~~~~~~~~
"All of the above is exactly correct, there is no wrong information in the above quoted text.

> So the question is whether you have a standard PHPsuEXEC setup, are the PHP scripts running under my ID, and do I own .htaccess and .staccess in my root directory.

Yes we have a standard phpsuexec installation, yes the PHP scripts are running as your user ID, and yes you own all of your files within your public_html directory.

There is nothing weird about our configuration that would prevent you from writing to any files you own when using PHP or CGI."
~~~~~~~~~~~~~~

So for the sake of completeness, that puts to rest all the misinformation from my provider and on this forum.

I have added the Nuke Sentinel stuff to my .htaccess including CGIAuth and still have two remaining issues:
It will not accept my admin login at "Enter username and password for "Restricted" on http://......", and the issues with NukeSentinel: no password asked and no action when clicking on any links in the Sentinel menu (when I got in without the CGiAuth in .htaccess).

Thanks to all who have contributed their ideas. Any further help appreciated.

posword

Posted: Thu Jul 06, 2006 8:03 pm

who wrote the username and password into the .staccess?

Posted: Thu Jul 06, 2006 8:14 pm

So that's the problem, darklord... the .staccess is empty.

What's the correct syntax for it?

[edited]
Other posts in forums say to let NukeSentinel do it, but since I can't get in to admin I don't know how to let it do it.

Posted: Thu Jul 06, 2006 10:53 pm

Uhhh, Im thinking something is wrong with the edits you made, pleas search these forums for cannot view admin panel in sentinel.

Posted: Thu Jul 06, 2006 11:26 pm

I've already spent some time doing that search, darklord, but nothing found that seems applicable.

Yesterday I replaced admin.php with the one in the distro. Obviously it didn't change anything.

[Added]

I have manually added my username:password combination to .staccess and now am able to get into Nuke admin. I know this is frowned on but it was the only way in. Still no security code on Nuke admin and some of the links in NukeSentinel don't work, like protected ranges though scan users did work and list admins.

Posted: Fri Jul 07, 2006 4:42 am

Did you invited raven to work on this yet ?

Posted: Fri Jul 07, 2006 11:18 am

I will suggest that you just pay someone like Raven or anyone who is willing to do the work to help you. Rolling Eyes

Posted: Fri Jul 07, 2006 7:26 pm

It appears to be working, so I'll watch it closely for a while.

Thanks to everyone for their help.

posword

Posted: Fri Jul 07, 2006 8:36 pm

now it suddenly works?
i think his system got so scared that when the word "pay" was mentioned it spontaneously decided to work...... killing me

Posted: Fri Jul 07, 2006 8:38 pm

lmao.. agreed. ROTFL