[PHP] PHP Execution Functions

2001-07-24 Thread billfarr 

Hello all,

I'm discovering the joys of PHP as supplied by RH on their 7.1 release.
Actually, everything about it is SO much nicer than ASP or pure Perl.  (Not
to take anything away from either--PHP's just a LOT easier to get hold of!)

I'm running PHP as an Apache module (default RedHat installation) but I did
turn Safe Mode on.  None of the execution functions work at all, though.
The Safe Mode directory is set to /usr/local/bin and the script I want to
run is (also) in that directory.  No matter how I approach it, the system()
or passthru() functions apparently execute nothing and return nothing.  Not
even an error message or warning of any kind.  (Backticks give a decidedly
pointed message in Safe Mode, though:  "No can do" as I would expect).

How DO I step out of a PHP page and execute a script or command?  And would
that method be safe to give to "regular" users?  There is no mention in the
manual (to which I constantly refer) nor in any place on the php.net site to
tell me how this should "REALLY" work.

Any advice would be appreciated.  This is the last stumbling block to
converting my web-portal 100% to PHP.

Best regards,
Bill

RE: [PHP] Find and Replace

2001-07-30 Thread billfarr 

It's also possible (if you're allowed to change the httpd.conf file) to put
in a  directive, something like

Order deny,allow
Deny from all


Then no-one can directly access files with those extensions.  You can still
include them (that doesn't require a separate fetch).  That would eliminate
the need to go changing a bunch of files if you don't absolutely have to.

Me, I'll always opt for the easiest way out (chickeeen!)

Regards,
Bill

-Original Message-
From: Matt Kaufman [mailto:[EMAIL PROTECTED]]
Sent: Monday, July 30, 2001 6:01 PM
To: [EMAIL PROTECTED]
Subject: Re: [PHP] Find and Replace


Oh, vi has a find and replace feature if you want to do it through the
terminal.

Matt Kaufman

- Original Message -
From: "Shrout, Ryan" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, July 30, 2001 12:06 PM
Subject: [PHP] Find and Replace


> This isn't exactly PHP I need help with, but it relates to what I learned
> about security.  Up until now, I have been using *.inc extensions for my
> include files.  Well, I didn't realize until recently that anyone can view
> these files.  So, I want to rename them to *.inc.php.  BUT, in almost all
of
> my PHP pages, there are links to : include ('mydir/myfile.inc');
>
> Can someone tell me how to do a recursive find and replace to look for
> /myfile.inc and replace it with myfile.inc.php?  I am running Red Hat 7.1
>
> Thanks!
>
> Ryan
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
>
>


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

RE: [PHP] ODBC for UniVerse Database

2001-07-30 Thread billfarr 

So I'm _not_ the only one still running UV :-)))

Do you have the UV PDF's handy?  There's a section on setting up the ODBC.
If you don't have it, I'll mail you a copy.

UV's ODBC works reasonably well, except that it takes a seat every time you
instantiate a connect.  Perhaps a better way of going about it is to use
Vantage Point's MVServer.  Larry Wilcox, the author of the MVServer, is
working on a Linux version currently.  Dunno when he'll have it ready.

In the meantime, if I can help out, let me know.  There are a few little
setups involved, such as making sure that the (x)inetd service EXEC is
allowed to run.  You might want to lock that down pretty tightly (ie, using
the only_from directive in the xinetd.d setup file) since it possibly could
present a pretty large hole in security.

I'd be glad to assist.

Regard,
Bill

-Original Message-
From: Justin Farnsworth [mailto:[EMAIL PROTECTED]]
Sent: Monday, July 30, 2001 2:54 PM
To: Php-General@Lists. Php. Net
Subject: [PHP] ODBC for UniVerse Database


Anybody on this list:

1.  Have experience with ODBC for Universe
2.  Know where there is a driver available

You may reply privately if you think it is not of interest
to this group

_jef
-- 
Justin Farnsworth
Eye Integrated Communications
321 South Evans - Suite 203
Greenville, NC 27858 | Tel: (252) 353-0722

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

RE: [PHP] ODBC for UniVerse Database

2001-07-30 Thread billfarr 

WHUPS!  Guess I should have asked if you were running UV on *nix or NT... it
makes a difference.  It's dead-easy on NT;  merely tedious to set up on
*nix...
B

-Original Message-
From: Bill Farrell 
Sent: Monday, July 30, 2001 3:19 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RE: [PHP] ODBC for UniVerse Database


So I'm _not_ the only one still running UV :-)))

Do you have the UV PDF's handy?  There's a section on setting up the ODBC.
If you don't have it, I'll mail you a copy.

UV's ODBC works reasonably well, except that it takes a seat every time you
instantiate a connect.  Perhaps a better way of going about it is to use
Vantage Point's MVServer.  Larry Wilcox, the author of the MVServer, is
working on a Linux version currently.  Dunno when he'll have it ready.

In the meantime, if I can help out, let me know.  There are a few little
setups involved, such as making sure that the (x)inetd service EXEC is
allowed to run.  You might want to lock that down pretty tightly (ie, using
the only_from directive in the xinetd.d setup file) since it possibly could
present a pretty large hole in security.

I'd be glad to assist.

Regard,
Bill

-Original Message-
From: Justin Farnsworth [mailto:[EMAIL PROTECTED]]
Sent: Monday, July 30, 2001 2:54 PM
To: Php-General@Lists. Php. Net
Subject: [PHP] ODBC for UniVerse Database


Anybody on this list:

1.  Have experience with ODBC for Universe
2.  Know where there is a driver available

You may reply privately if you think it is not of interest
to this group

_jef
-- 
Justin Farnsworth
Eye Integrated Communications
321 South Evans - Suite 203
Greenville, NC 27858 | Tel: (252) 353-0722

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

RE: [PHP] Spot the difference?

2001-08-03 Thread billfarr 

Hokay, my 2p...

I'm a (former) ASP programmer who just made the leap from ASP to PHP about 2
weeks ago.  A week ago I got my entire web-portal recoded to use PHP, a move
that experience tells me can't be done as quickly and easily with ASP.  All
religious arguments aside, one must admit that (1) PHP is well documented
and VBScript isn't (period); (2) PHP has many more USEFUL functions built-in
that are already debugged and working; (3) the examples one finds on
php.net, phpbuilder.net, or any other knowledge base actually WORK and are
usually pretty clear; (4) there is absolutely no question that PHP's notion
of security is truly secure, 100% in diametric opposition to IIS/ASP.  I've
tested that to destruction and am confident enough in it to release PHP as
an alternative language for my web-hosting customers.

I cannot repose the same confidence in ASP--even less confidence when Front
Page extensions are wrapped around it.  Note that I have never released ASP
as an alternative language for my customers and given its documentation and
security shortcomings, it's not likely to happen.

Mind, I've used ASP for several years and am (unfortunately) intimately
familiar with its shortcomings.  Many of the string-manipulation functions
inherent in PHP must be provided by third parties (like Vantage Point
PowerStrings http://www.vpsoft.com) in order to do some tricky URL or
input-cleaning routines.  I challenge anyone to use M$'s mail objects with
the same degree of security and reliability. Try and find real docs on
VBScript -- there aren't any with any substance.  M$'s site is useless as
are the examples they give (which, by the way, NEVER work as demonstrated).
M$ should be taking notes from php.net on how to present and maintain
documentation.

Now, if a paying customer insists that I do work for them using ASP, of
course that's what I'll use.  But I strongly advise against it now, given
the points above.  With only a couple of weeks of PHP under my belt, I'm
still confident enough in the language itself and the documentation around
it that I will be able to do any web job that comes along.  I might have to
have the manual at my side a bit longer, but as time goes on I find I refer
to it less and less.  All in all, a very natural succession of events.

Guess that was more than two cents...keep the change :-)

Bill

-Original Message-
From: Matthew Loff [mailto:[EMAIL PROTECTED]]
Sent: Thursday, August 02, 2001 4:00 PM
To: [EMAIL PROTECTED]
Subject: RE: [PHP] Spot the difference?




I much prefer PHP, obviously... But posting to a PHP list isn't going to
get you a very objective answer.  I find PHP more versatile and easy to
use, but an ASP programmer may tell you the same thing about ASP.

Also-- try looking stuff up for yourself sometimes... I realize you're
new to PHP, but at last count, you've sent 46 e-mails to this list in
the past 10 days...  99% of your questions could be answered by going to
the PHP manual, www.phpbuilder.net, or any of the FAQs that have been
posted to this list in the past few days.


-Original Message-
From: Kyle Smith [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, August 02, 2001 8:42 PM
To: [EMAIL PROTECTED]
Subject: Re: [PHP] Spot the difference?


Well which is easier to program?


-lk6-
http://www.StupeedStudios.f2s.com
Home of the burning lego man!

ICQ: 115852509
MSN: [EMAIL PROTECTED]
AIM: legokiller666


- Original Message - 
From: "scott [gts]" <[EMAIL PROTECTED]>
To: "php" <[EMAIL PROTECTED]>
Sent: Thursday, August 02, 2001 8:45 AM
Subject: RE: [PHP] Spot the difference?


> ASP is basically like PHP, only it uses a VB-based
> language instead of perl/c-based one.
> 
> which means it sucks - vb is evil.
> 
> > -Original Message-
> > From: Jon Yaggie [mailto:[EMAIL PROTECTED]]
> > Subject: Re: [PHP] Spot the difference?
> >
> > isnt this fact a good enough reason to believe it worthless???
> >
> 
> 
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED] To 
> contact the list administrators, e-mail: [EMAIL PROTECTED]
> 
> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED] To
contact the list administrators, e-mail: [EMAIL PROTECTED]


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

RE: [PHP] Re: PHP in corporate settings?

2001-08-09 Thread billfarr 

Bjorn and Julio, you've got it right.  

I've now a contract with Volvo Aero Services for web design and multivalue
database support.  Ever since Volvo bought AGES, it's been a huge
technological step backwards from Linux and PHP to M$ and ASP.  The big
companies DON'T CARE that M$ puts out a security-hole-ridden, barely
documented, admin-intensive product. And of course, management don't
care--they don't have to deal with the day-to-day grind of trying to keep
Win and its attendant components up and going.

In my own business I've seen how the use of open-source, solid,
proudly-written-and-supported software takes great amounts of time away from
administrative busy-work and gives it back in the form of more time to
develop new products and sales.  It's a very simple equation, actually.  As
a super-small businessman, anything (like Apache and PHP) that puts time and
money back on MY side of the tally-board is a Good Thing.

I call the sort of problem we're discussing the "In-Flight Syndrome."  You
know, where a Big Corporate Executive goes on a junket somewhere and sees a
glossy ad in a glossy in-flight magazine and arrives back at the home office
to insist that current baby-and-bathwater be thrown out in favour of
something glossy but wholly inappropriate.  Or, "If I haven't seen in in a
glossy magazine, it isn't what the Joneses are doing, therefore neither will
we."

In VAS's situation, it's SAP.  Now, mind you, SAP has no component that even
remotely deals with the way aircraft parts brokerages actually do business.
There's no module for FAA repairs, no way to deal with special consignment
deals, and worst, no way to deal with the all-important documentation.  In
this business, "no documentation" equals "no sale."  

Would YOU get on an aircraft if you suspected that undocumented parts were
on it?  I think not and I wouldn't get on it either.  Airlines simply won't
buy from brokers who cannot prove the authenticity and condition of
life-limited parts.

But that hasn't stopped Volvo in the least.  Obviously, corporate Powers
That Be in Sweden are conveniently immune to such things as the law (Thou
shalt document well all thy parts back to birth).  The corporate philosophy
is "If it runs on Windows, then it's Good Thing and We Must Use It," however
inappropriate.

Face it:  most large businesses have more dollars than sense.  This sort of
problem isn't limited to PHP, Apache, or Open Source products in general.
Plain, honest horse-sense is what's missing.  I see it happening at VAS and
I see it happening it a lot of other large companies.

If the people in charge of IT took a good look at what's available and
appropriate, there would be a lot more money made and a lot more happy
technicians.  "Happy technician" will also probably be loyal and productive.
My prediction is that those of us who embrace Open Source and place such
products in our businesses to limit downtime and administrative burdens will
be the most profitable in the upcoming years.

Conversely, those like Volvo Aero, who insist on throwing good money after
bad, will likely be out of business soon.  The Cult of Microsoft is still
strong in upper management, simply because they don't know (and are
unwilling to countenance) any better.

That's what I call a self-correcting problem :-)

Respectfully to all,
Bill

-Original Message-
From: Bjorn Van Simaeys [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, August 08, 2001 6:15 PM
To: [EMAIL PROTECTED]
Subject: Re: [PHP] Re: PHP in corporate settings?


That's right. I have been working for a large computer
company (2800 people), and my project manager had
never even heard about PHP and such.


Bjorn Van Simaeys


--- Inércia Sensorial <[EMAIL PROTECTED]> wrote:
>   I don't think the problem is the open source
> nature. Corporate people
> usually do not see flaws on it. But they do not see
> the advantages too
> because there is little advertising.
> 
> --
> 
> 
>   Julio Nobrega.
> 
> 2B||!BB - That's the question.
> 
> "Jeff Lewis" <[EMAIL PROTECTED]> wrote in message
> 00dd01c1203b$60d62210$76a1a8c0@LEWISJCIT">news:00dd01c1203b$60d62210$76a1a8c0@LEWISJCIT...
> I still rarely ever see PHP mentioned in job
> listings and the like.
> Especially here in Canada I find it very hard to
> find any kinds of contacts
> for companies using PHP.  My previous employer that
> I was with for 3+ years
> insisted on Micro$oft products and wanted to go with
> ASP.
> 
> My current employer, a HUGE media/newspaper in
> Ontario goes with strictly
> Java.
> 
> Is it that people still are hesitant to go wth open
> source based technology?
> 
> Jeff Lewis
> 
> 
> 
> 
> -- 
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail:
> [EMAIL PROTECTED]
> For additional commands, e-mail:
> [EMAIL PROTECTED]
> To contact the list administrators, e-mail:
> [EMAIL PROTECTED]
> 


__
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yaho

RE: [PHP] subroutines?

2001-08-09 Thread billfarr 

Hi again,

As a new PHP convert, I ran into this same problem (below) yesterday while
designing a form.  ASP programmers (if they're THINKING) will use subs to
keep "if" blocks tidy.  In ASP, I'd use something like:

If Request.ServerVariables( "REQUEST_METHOD" ) = "GET" Then
DisplayForm
Else
SendFormData
End If

which at first I replaced with:
if ( getenv( "REQUEST_METHOD" ) == "GET" ) {
display_form();
} else {
send_email();
}
...making functions out of what used to be subroutines.  All well-and-good,
except my global variables disappeared and nothing I could do (even
declaring the few important ones explicitly global) seemed to allow me to
get at the variable contents.

I wound up compromising by sending just the bits I needed in the function
INTO the function like so:

$MyURI = $SCRIPT_NAME;
$TheFormVars = $HTTP_POST_VARS;
if ( getenv( "REQUEST_METHOD" ) == "GET" ) {
display_form( $MyURI );
} else {
send_email( $TheFormVars, $ThisWebServerFQDN );
}

Seems a bit tacky at first, but it works (properly!) and that's all that
counts.  I can do much more with PHP functions just as they are than I ever
could with ASP;  moreover, I have much more secure control of what gets
exposed where.  To me, a beautiful compromise since at no point is there
ever an actual email address exposed to the outside world.  My "Support
Topic" selection box contains arbitrary codes that allow me to generate the
appropriate email address on the fly.

Hope my experience will be helpful to other noobies making the Big
Transition.

Best regards,
Bill

-Original Message-
From: Christian Reiniger [mailto:[EMAIL PROTECTED]]
Sent: Thursday, August 09, 2001 8:21 AM
To: CGI GUY; [EMAIL PROTECTED]
Subject: Re: [PHP] subroutines?


On Wednesday 08 August 2001 01:37, CGI GUY wrote:
> How does PHP compensate for an apparent lack of
> traditional subroutines (as with Perl, etc.)? It seems
> like I'm going to have to script separate pages for
> ea. set of processes in my search (i.e., print FORM,
> print results for SEARCH,
> print DETAILS, etc.).  Please tell me I'm mistaken!

http://www.php.net/manual/en/functions.php
http://www.php.net/manual/en/function.require-once.php
http://www.php.net/manual/en/control-structures.switch.php
http://www.php.net/manual/en/language.oop.php

-- 
Christian Reiniger
LGDC Webmaster (http://lgdc.sunsite.dk/)

"World domination. Fast." (Linus Torvalds about Linux)

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

RE: [PHP] rename problem...

2001-08-09 Thread billfarr 

Hi Martin,

Question:  who actually OWNS the document?  Does it have your logname and
group?  If you're trying to do a rename from the server, remember that the
server generally runs as "apache" or "nobody"... and to coin a phrase,
"nobody" owns nothing.

If you're trying to manipulate files in your own home directory (or
http_docs or whatever suffices as your servable area), you have just about
two choices.  Either make the documents you're working with owned by nobody
(not really a good idea) or make a virtual web server in Apache that has the
appropriate User and Group directives to make that virtual server run "as"
you on your behalf.  About 5 minutes of httpd.conf configuration and a quick
DNS trick.

We've all tripped-up on this one at one time or another.  It's not much
setup either way, but whatever you do, make sure that YOUR security and the
security of your server come before all other considerations.

Best regards,
Bill

-Original Message-
From: Martin [mailto:[EMAIL PROTECTED]]
Sent: Thursday, August 09, 2001 7:20 AM
To: [EMAIL PROTECTED]
Subject: [PHP] rename problem...


Hi!
When i'm trying to run this script:


I get this error:

Warning: Rename failed (Permission denied) in
C:\Inetpub\WEBS\mysko\uploads\rename.php on line 4

The directoy has change permissions. What am i donig wrong...?

/martin



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

RE: [PHP] Return Adress

2001-08-09 Thread billfarr 

Hey, there...

I ran into this yesterday along with learning a heap more PHP.  Adding a
"Reply-To: [EMAIL PROTECTED]" header seemed to work fine.

Hope this helps,
Bill

-Original Message-
From: Jean-Arthur Silve [mailto:[EMAIL PROTECTED]]
Sent: Thursday, August 09, 2001 5:23 AM
To: [EMAIL PROTECTED]
Subject: [PHP] Return Adress




Hi !

I ve got a problem with the mail function :

My http server (Apache) is running as user "web" and php is compiled as a 
module.

When I send a mail with the mail function and, for example, the recipient 
does not exists, the return message is sent to [EMAIL PROTECTED]

I would like the error messages are sent to another email adress.

I tried with the mail header "Return-path: [EMAIL PROTECTED]" but 
the error messages keep going to [EMAIL PROTECTED]

My code is :

$head="From: ".$EMAILADMIN."\nReturn-Path: [EMAIL PROTECTED]\n";
mail($to,$sub,$msg,$head);

Is there a way to force the error messages to go to another email adress ?
Another header ?
If it's sendmail that change the return address, is there a way to prevent 
this ?

Thanks !

jean-arthur





---
EuroVox
4, place Félix Eboue
75583 Paris Cedex 12
Tel : 01 44 67 05 05
Fax : 01 44 67 05 19
Web : http://www.eurovox.fr



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

RE: [PHP] RedHat 7.1

2001-08-09 Thread billfarr 

Hey, Scott:

I'm running RH7.1 myself.  PHP sort-of "came out the box" when I installed
the default server installation, as an Apache module.  All's I had to do was
make a PHP page (a timid "echo 'hello';"), throw it in the right directory,
and *poof* it served.

Astonished me, too.

Seems as if when you install Apache from RH7.1, you get PHP as a module.
Someone please correct me if this is a misunderstanding. But if you look,
the httpd.conf for RH7.1 has "index.php" as one of its default index
documents.  

Best regards,
Bill

-Original Message-
From: Scott Pathel [mailto:[EMAIL PROTECTED]]
Sent: Thursday, August 09, 2001 1:31 PM
To: [EMAIL PROTECTED]
Subject: [PHP] RedHat 7.1


Hello,

I'm running RedHat 7.1 and have installed PHP 4 from the RedHat  
installation disk. It is a normal RPM file for the PHP install (prebuilt). 
PHP does not seem to work. Looking at the INSTALL file as if I were to 
build PHP from scratch it mentions some shared libraries that are not to be 
found. Any Ideas?

Thanks for any help
Scott




-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

RE: [PHP] new one is it ??

2001-08-13 Thread billfarr 

Way cool... with a bit of work, one could query ARIN, RIPE, and APNIC until
an answer was received (that's what I'm modifying it to do) else die.  With
the timeout set to "forever", what would we care if it takes a few extra
seconds to go spy-out a potential (would-be-if-we-were-running-IIS)intruder.

The author made a really nifty framework and left it pretty easy to modify.
I already swiped a copy (thanks, Mark!!) and am having a ball adding my own
"bends" to it.

Tim, the part that does the WHOIS query is only querying RIPE.  I'm
modifying mine to loop through a known set of authorities (right now, the
three I mentioned above) and to set a flag ($IGotIt or something I can test
afterward with "if ( $IGotIt ) { yaddayadda }"), and to quit looking when it
gets a reasonable answer.

If I get it working before anyone else (doubtful, I'm still a bit slow with
PHP and I'm also at work), I'd be more than happy to share.

CY'all,
Bill

-Original Message-
From: Tim [mailto:[EMAIL PROTECTED]]
Sent: Monday, August 13, 2001 1:16 PM
To: Mark Roedel
Cc: Mark Lo; php general
Subject: RE: [PHP] new one is it ??


That's pretty cool.   Alas, the 'whois' part of the code doesn't work
properly (at least on my system).

- Tim

On 13 Aug 2001 10:21:45 -0500, Mark Roedel wrote:
> I rather liked this approach that I saw posted in another list:
> 
>   http://www.klippan.seths.se/default.phps
> 
> (Does some hostname/whois lookups on the infected server and attempts to
> email some people who might be able to do something about it.)



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

RE: [PHP] PHP and Perl script in same file?

2001-08-17 Thread billfarr 

Not any convenient or secure way I've yet found.  But I do have PHP pages
that slip out and exec() a Perl script to grab specific results that I need.

Anyone else?

B

-Original Message-
From: Tom Beidler [mailto:[EMAIL PROTECTED]]
Sent: Thursday, August 16, 2001 4:46 PM
To: php list
Subject: [PHP] PHP and Perl script in same file?


Can php and perl code reside in the same file? When the document is served
up it parses the PHP and then the Perl?


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

RE: [PHP] new one is it ??

2001-08-20 Thread billfarr 
Title: RE: [PHP] new one is it ??





Hiya again, Erik:


Here's the barely-tested but apparently functional Code Red detector.  I added some variables at the top for configuring email destinations.  The important change is that it will query ARIN, RIPE, and APNIC until it finds a reasonable answer.  In the case of ARIN, it's necessary to query twice to get the email address you REALLY want, due to the number of Tier II providers in the States.  Those don't always show up in the WHOIS. That caused me to do a bit more looping and fiddling until the answers came out the way I would expect if I were looking by eye.

It may be a bit late for Code Red, but the part of the routine that does the authority-queries is re-usable all over the place.  The code ain't pretty (I'm no PHP maven YET :-) but it appears to do the job.

Enjoy!
Bill



-Original Message-
From: Erik H. Mathy [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, August 14, 2001 3:43 PM
To: Bill Farrell
Subject: RE: [PHP] new one is it ??



No worries. I'm not going to get all worked up when something that's free takes a bit longer than expected! :)
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, August 14, 2001 2:45 PM
To: [EMAIL PROTECTED]
Subject: RE: [PHP] new one is it ??



Hey! 
Just wanted to let ya know that I didn't get time to work on it last night, but have been playing with it through the day.  I should finish the thing tonight and test it.

I hadn't forgot ya! 
Regards, 
B 
-Original Message- 
From: Erik H. Mathy [mailto:[EMAIL PROTECTED]] 
Sent: Monday, August 13, 2001 1:44 PM 
To: Bill Farrell 
Subject: RE: [PHP] new one is it ?? 



You da man! You da man! 
Or, in other words, that's awesome and, um, I'll take a copy when you're 
done. ;) 
- Erik 
> -Original Message- 
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] 
> Sent: Monday, August 13, 2001 12:44 PM 
> To: [EMAIL PROTECTED] 
> Subject: RE: [PHP] new one is it ?? 
> 
> 
> Way cool... with a bit of work, one could query ARIN, RIPE, and APNIC 
> until 
> an answer was received (that's what I'm modifying it to do) else die. 
> With 
> the timeout set to "forever", what would we care if it takes a few extra 
> seconds to go spy-out a potential 
> (would-be-if-we-were-running-IIS)intruder. 
> 
> The author made a really nifty framework and left it pretty easy to 
> modify. 
> I already swiped a copy (thanks, Mark!!) and am having a ball adding my 
> own 
> "bends" to it. 
> 
> Tim, the part that does the WHOIS query is only querying RIPE.  I'm 
> modifying mine to loop through a known set of authorities (right now, 
> the 
> three I mentioned above) and to set a flag ($IGotIt or something I can 
> test 
> afterward with "if ( $IGotIt ) { yaddayadda }"), and to quit looking 
> when it 
> gets a reasonable answer. 
> 
> If I get it working before anyone else (doubtful, I'm still a bit slow 
> with 
> PHP and I'm also at work), I'd be more than happy to share. 
> 
> CY'all, 
> Bill 
> 
> -Original Message- 
> From: Tim [mailto:[EMAIL PROTECTED]] 
> Sent: Monday, August 13, 2001 1:16 PM 
> To: Mark Roedel 
> Cc: Mark Lo; php general 
> Subject: RE: [PHP] new one is it ?? 
> 
> 
> That's pretty cool.   Alas, the 'whois' part of the code doesn't work 
> properly (at least on my system). 
> 
> - Tim 
> 
> On 13 Aug 2001 10:21:45 -0500, Mark Roedel wrote: 
> > I rather liked this approach that I saw posted in another list: 
> > 
> > http://www.klippan.seths.se/default.phps 
> > 
> > (Does some hostname/whois lookups on the infected server and attempts 
> to 
> > email some people who might be able to do something about it.) 
> 
> 
> 
> -- 
> PHP General Mailing List (http://www.php.net/) 
> To unsubscribe, e-mail: [EMAIL PROTECTED] 
> For additional commands, e-mail: [EMAIL PROTECTED] 
> To contact the list administrators, e-mail: [EMAIL PROTECTED] 
> 


 



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

RE: [PHP] new one is it ??

2001-08-21 Thread billfarr 

DOH!  Thanks for the heads-up, David.  Here's the code I promised.

My apologies!

Bill
---8<---8<---8<---8<---8<---8<---8<-

http://www.microsoft.com/technet/security/bulletin/MS01-033.asp\n\n";; 
 
  $message .= "Because of the importance of this threat, "; 
  $message .= "this alert is being made jointly by: \n"; 
  $message .= "Microsoft \n"; 
  $message .= "The National Infrastructure Protection Center \n"; 
  $message .= "Federal Computer Incident Response Center (FedCIRC) \n"; 
  $message .= "Information Technology Association of America (ITAA) \n"; 
  $message .= "CERT Coordination Center \n"; 
  $message .= "SANS Institute \n"; 
  $message .= "Internet Security Systems \n"; 
  $message .= "Internet Security Alliance \n"; 
 
  $headers .= "From: $name <$from>\n"; 
  $headers .= "X-Mailer: PHP\n"; // mailer 
  $headers .= "X-Priority: 1\n"; // Urgent message! 
  $headers .= "Reply-To: $from\n"; // jwwf - in case the ISP actually
replies
  $headers .= "Return-Path: <$from>\n";  // Return path for errors 


// jwwf - more fiddling with the original code
$GotResponse = false; 
 
// ARIN makes a messy output.  To get what we want we have to requery using
the NIC  
// handle to get the email address for the contact.  First, replace this
skimpy output 
// with the output that has the required data in it 
 
foreach ( $Authorities as $Authority ) { 
if ( $GotResponse ) { break; } 
$RespondingAuthority = $Authority; 
@exec("/usr/bin/whois $ip@$Authority", $WholeResponse, $status ); 
$UWholeResponse = strtoupper( join( " ", $WholeResponse) ); 
if ( ( strpos( $UWholeResponse, "NO ENTRIES" ) === false ) && (
strpos( $UWholeResponse, "NO MATCH" ) === false ) ) { 
$GotResponse = true; 
$Keepgoing = true; 
foreach ( $WholeResponse as $Line ) { 
if ( ( $Authority == "whois.arin.net" ) && ( $Keepgoing ) )
{ 
$StartPos = strpos( $Line, chr(40) ); 
if ( !( $StartPos === false ) ) { 
$StartPos++; 
$RightSide = strpos( $Line, chr(41)
); 
$RightSide = $RightSide - $StartPos;

$Query = substr( $Line, $StartPos,
$RightSide ); 
$Query .= "@whois.arin.net"; 
unset( $WholeResponse ); 
@exec( "/usr/bin/whois !$Query",
$WholeResponse, $status ); 
$Keepgoing = false; 
break;   
}
}
}
}
} 
 
// APNIC and RIPE produce similar reports.  ARIN on the other hand makes 
// you work twice as hard to find an email address.  With ARIN, one must 
// perform a double-query (as above) to get the information associated 
// with a network's NIC handle.  APNIC and RIPE just hand it to you  
// straightaway. 
 
unset( $SendTo ); // just for effect 
if ( $RespondingAuthority != "whois.arin.net" ) { 
foreach ( $WholeResponse as $Line ) { 
list( $Key, $Value ) = explode( ":", $Line ); 
if ( strtoupper( $Key ) == "E-MAIL" ) {  
$SendTo = trim( $Value ); 
break;   
}
} 
} else { 
foreach ( $WholeResponse as $Line ) { 
$Words = explode( " ", trim( $Line ) ); 
foreach ( $Words as $Word ) { 
if
(eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*$",$Word)) { 
$SendTo = $Word; 
break; 
} 
} 
if ( isset( $SendTo ) ) { break; } 
} 
} 
 
if ( !isset( $SendTo ) ) { 
$SendTo = $DefaultSendTo; 
} else { 
$SendTo .= ",".$DefaultSendTo; 
} 
 
  if($logt == "file") 
  { 
   $fp = fopen($path . "/code-red_ips.txt","a+"); 
  } 
  elseif($logt == "syslog") 
  { 
   define_syslog_variables(); 
   openlog("httpd", LOG_PERROR, LOG_DAEMON); 
  } 
 
  /* Email the offender's ISP and also send a copy to our own sysops */ 
  if(!empty($abuse))  
  { 
   while(list($key,$var) = each($abuse))  
{ 
mail($var, $subject, $message, $headers); 
if($logt == "file") 
{ 
 fputs($fp,"$host " . date(r) . " - Email sent to $var\n");  
} 
elseif($logt == "syslog")  
{ 
 syslog(LOG_WARNING,"Code red from $host email sent to $var"); 
} 
   } 
  }  
  elseif(!empty($notabuse))  
  { 
   while(list($key,$var) = each($notabuse))  
   { 
mail($var, $subject, $message, $headers); 
if($logt == "file")   
{

[PHP] Code Red Catcher

2001-09-10 Thread billfarr 

Hi All!
 
I had to unsubscribe for a little while due to the volume but did want to
follow up on the Code Red catcher script.  Anyone wanting a new copy of the
script, please email me directly.  I made a gob of changes to the original
code, slimming it down some and improving the lookups just a bit.
 
What I DIDN'T expect was the reporting of over 100 Code Red attack reports
per day.  My word!!  Obviously, the problem is STILL ongoing and far worse
than has been reported in the news.
 
Mind you, I run a teeny-tiny, no-great-shakes, niche-ISP business.  We're
hardly mentioned in search engines and due to the type of data mining and
collation we do, we're also hardly interesting.  This leads me to believe
that Code Red is still rampant and hungrily devouring as much of the 'net's
bandwidth as it can grab from as many locations as it can.  Those large
ISP's serving millions of hits a day (as opposed to our meager 20 million a
month) must be suffering!
 
Never have I been so grateful for Linux, Apache, and PHP.  Having a little
door-guard watching the fort written in a language all-but immune to the
attacks has certainly opened my eyes and made me aware that even still, many
people on the net are completely irresponsible about their updates and their
security.
 
I won't lay the blame entirely at Microsoft for leaving such inexcusably
wide holes in products destined for interaction with the Web, but I'll
certainly lay a god bit of it on those who insist on using M$ software,
putting it directly on the net with no firewall and no updates.  Putting the
PHP Code Red detector script online has really shown me how bad the problem
really is...and STILL is!
 
Bottom line, Hooray for PHP and Hooray for Apache... what a great
combination!
 
Best regards,
 
Bill

[PHP] Code Red Catcher

2001-09-10 Thread billfarr 

Hi again, Everyone:

I didn't expect such a response so quickly.  With your indulgence, I'll
quote the code in this message.  I just found out that Outlook (which is
what I'm forced to use at Volvo) won't attach .ida files and I *think* this
list strips attachments in any case.

I don't remember offhand who put the link on this list for the original
code.  Most of it I didn't write, but have done some heavy carving and
additions in spots.  The IP-to-ISP lookup misses entirely about 2% of the
time and needs a tiny-bit better parsing to determing the "best" of several
provided email addresses for the ISP.  I just haven't got that far yet :-)
But the script works as intended, unattended.  BTW, do remember to insert
the AddType directive (near the top of the script in the propaganda) into
your Apache config and reload Apache else the script won't activate.

Be ready for your mailbox to fill.  Personally, I had to turn off CC'ing
myself on every complaint it generated, but I do check all the logs (syslog
and the Apache logs) several times a day and I do keep a running count in a
database for offline processing.

I'd appreciate any modifications or bug-fixes.  I'm not a spit-hot PHP
programmer YET, but maybe someday when I grow up with all of your help.  I
really appreciate the education and encouragement that is freely handed out
over this list.  THIS is more like a community of folks actually doing GOOD
things than any other list to which I've subscribed.

Best regards,
Bill

file: default.ida

http://www.microsoft.com/technet/security/bulletin/MS01-033.asp\n\n";;

  $message .= "For more information on this situation, \n";
  $message .= "point your browser here:\n";
  $message .=
"http://www.microsoft.com/technet/security/bulletin/MS01-033.asp\n";;
  $message .= "http://news.excite.com/news/ap/010805/20/code-red\n";;
  $message .= "http://news.cnet.com/news/0-1003-201-6625599-0.html\n";;
  $message .= "If you have are running this Operating System, Microsoft
suggests that \n";
  $message .= "you obtain and run the patch as soon as possible:\n";
  $message .= "For Windows NT:\n";
  $message .=
"http://www.microsoft.com/Downloads/Release.asp?ReleaseID=30833\n";;
  $message .= "For Windows 2000:\n";
  $message .=
"http://www.microsoft.com/Downloads/Release.asp?ReleaseID=30800\n";;

  $message .= "Because of the importance of this threat, ";
  $message .= "this alert is being made jointly by: \n";
  $message .= "Microsoft \n";
  $message .= "The National Infrastructure Protection Center \n";
  $message .= "Federal Computer Incident Response Center (FedCIRC) \n";
  $message .= "Information Technology Association of America (ITAA) \n";
  $message .= "CERT Coordination Center \n";
  $message .= "SANS Institute \n";
  $message .= "Internet Security Systems \n";
  $message .= "Internet Security Alliance \n";

  $headers .= "From: $name <$from>\n";
  $headers .= "Reply-To: Administrator <[EMAIL PROTECTED]>\n";
  $headers .= "X-Mailer: PHP\n"; // mailer
  $headers .= "X-Priority: 1\n"; // Urgent message!
  $headers .= "Return-Path: Administrator <[EMAIL PROTECTED]>\n";
// Return path for errors

$GotResponse = false;

// jwwf - major patching to accommodate multiple authority lookups

// ARIN makes a messy output.  To get what we want we have to requery using
the NIC 
// handle to get the email address for the contact.  First, replace this
skimpy output
// with the output that has the required data in it

foreach ( $Authorities as $Authority ) {
if ( $GotResponse ) { break; }
$RespondingAuthority = $Authority;
@exec("/usr/bin/whois $ip@$Authority", $WholeResponse, $status );
$UWholeResponse = strtoupper( join( " ", $WholeResponse) );
if ( ( strpos( $UWholeResponse, "NO ENTRIES" ) === false ) && (
strpos( $UWholeResponse, "NO MATCH" ) === false ) ) {
$GotResponse = true;
$Keepgoing = true;
foreach ( $WholeResponse as $Line ) {
if ( ( $Authority == "whois.arin.net" ) && ( $Keepgoing ) )
{
$StartPos = strpos( $Line, chr(40) );
if ( !( $StartPos === false ) ) {
$StartPos++;
$RightSide = strpos( $Line, chr(41)
);
$RightSide = $RightSide - $StartPos;
$Query = substr( $Line, $StartPos,
$RightSide );
$Query .= "@whois.arin.net";
unset( $WholeResponse );
@exec( "/usr/bin/whois !$Query",
$WholeResponse, $status );
$Keepgoing = false;
break;  
}   
}   
}   
}   
}

// APNIC and RIPE pr

[PHP] Once more, with feeling

2001-09-11 Thread billfarr 

Dear All:
 
Due to popular demand I've put the newest version of the Code Red detector
on one of my servers in public, anonymous FTP.  The URL is
ftp://ftp.compuphrase.net/pub/codered
 .  After some research (annotated in
the propaganda), I added the last 10 or so lines of code late yesterday to
do the following:
 
1.  Ascertain if this is a browser poking around or is it a true attack?
Apparently the worm doesn't send a User-Agent header.
2.  If there's no user agent, it's most likely that the attack is coming
from IIS directly.  If this is the case, cause a browser to pop up on the
infected machine's console advising the admin that the attack has been
detected and reported.
3.  If User-Agent has a value in it, then the supposed attack is coming from
a browser.  Redirect that browser to the "anticodered.html" page.  
 
There are two items in the codered FTP folder:  codered.php which must be
put in your default web server's top directory.  Remember, the worm isn't
sending Host headers, either, so if you're using virtual name hosting on
Apache, ONLY the default server will be hit.  You must also rename this file
to "default.ida" and do remember to make the AddType directive change in
Apache.  This is also annotated at the top of codered.php.
 
The second item is the body of the anti-Code Red html page.  There's no head
or body section in that HTML codelet, which will allow you to cut-and-paste
it directly into your template to keep your site's look and feel.  Name it
what you will, but make sure that the configuration at the top of
default.ida matches.
 
Any improvements or suggestions will be welcome.  I'm still logging over 100
attempts per day and it doesn't seem to be slowing down any at all.  I'd
love to hear about your results and possibly some better techniques for the
free-text parsing bit in the middle that finds the ISP from one of the major
authorities.
 
I realise that this appears kinda hasty.  I didn't expect such a heavy or
fast response.  I really appreciate all of your help in getting me on my
feet in PHP.  The transition from ASP to PHP was much easier due to the warm
support and education from all of you on the list.
 
Enjoy!

Bill Farrell
Web Implementer
http://www.compuphrase.com