I needed to upload some backups, then move them to my /home directory. I only use Linux a little bit, not even every day (But moreso recently), so sometimes the simple things are hard.
I was doing this:
mv backup-9.16.2010_15-28-13_user.tar.gz /home/backup-9.16.2010_15-28-13_user.tar.gz
and then repeating for each file. Then I tried
mv backup-9.16.2010*.gz /home/backup-9.16.2010*.gz
and got an error that /home/backup-9.16.2010*.gz was not a directory, leading me to understand that
mv backup-9.16.2010*.gz /home
Was all I needed.
Friday, September 17, 2010
Thursday, September 2, 2010
Site Hacks
I found out today how some site attacks have gotten through. They used "../" to traverse directories in my include files and find a file that, when loaded, would include the contents of thier User-Agent string. Then they put php code into their User-Agent string and re-visited the site with that specially corrupted query string and BAM! they were in.
The solution: sanitze the query string to exclude the double dot.
written like this:
\.\.
for regex matching.
That's one less open door!
Update: 2010-09-07:
For the attack above to work, the null byte had to be parsed. (all my includes had the extension concatenated to the end of the query string value. The null byte "%00" was used to make PHP ignore the concatenation.) In PHP4, magic_quotes_gpc would prevent this. In PHP5, magic_quotes_gpc is deprecated. Only sites using PHP5 were effected on my server.
The solution: sanitze the query string to exclude the double dot.
written like this:
\.\.
for regex matching.
That's one less open door!
Update: 2010-09-07:
For the attack above to work, the null byte had to be parsed. (all my includes had the extension concatenated to the end of the query string value. The null byte "%00" was used to make PHP ignore the concatenation.) In PHP4, magic_quotes_gpc would prevent this. In PHP5, magic_quotes_gpc is deprecated. Only sites using PHP5 were effected on my server.
Subscribe to:
Posts (Atom)