Nr57 - UK Web Hosting | Dedicated Server Windows and Linux VPS Forum

**DavidAllen** · #1 (**permalink**) 13-03-2007, 18:00

Hi - I have a problem with php that has me very puzzled. One of my customers rang to say that the website kept bombing out whenever she tried to update a particular record. After a lot of hair pulling i eventually tracked the problem down to one thing NR57 Now what is it about those 4 characters that php doesn't like???
I've created a simple form at www. serinasecure.com/testint.php all it does is display whatever you type in. Give it a go - all works fine until you type in NR57 when you get sent to the index.htm page - ????
Anyone got ant ideas why ????
David

**jarv** · #2 (**permalink**) 13-03-2007, 23:47

That's a strange one! I thought it was a wind up at first

but I tried it out and strangely enough it does a 302 redirect whenever the input contains "r57", whether it be nr57, fsdfdsr57, r57a

It doesn't do it on my local server or on my other web host so it must be something specifically on eukhost

**jarv** · #3 (**permalink**) 13-03-2007, 23:53

I wonder if it's anything to do with this:
www. sarc.com/avcenter/venc/data/php.rstbackdoor.html
Look up r57.php or r57shell.php on Google and you'll notice a whole load of stuff about security exploits, maybe the server is blocking anything incoming with r57 in it as a security precaution

**DavidAllen** · #4 (**permalink**) 14-03-2007, 08:39

Yes, I was wondering that as well. I tried the same test page on my windows hosting and that allows r57 quite happily. So I guess it's either an Apache security thing or a feature of php4 (the windows hosting has php5). ???????

**eUKhost.com** · #5 (**permalink**) 14-03-2007, 09:22

Initially I didn't reply to this thread as I thought David's account was on windows server and we never had any such security setting on windows server to block file names with specific characters.

We have high security on for apache and php on our linux servers and we have disabled almost all insecure php functions in php.ini and commonly used vulnerability scripts are disabled through mod_security. If you see forums of other hosting companies then you will notice that websites of their customers get injected every day but that rarely occurs on our servers. We had injection problem on 2 servers before 5 months but our CTO taken steps to disallow similar thing to happen again in future.

**DavidAllen** · #6 (**permalink**) 14-03-2007, 09:32

Thanks Mark - I have reseller hosting with you on both Windows and Linux, and the Linux server I'm on was one of those that got injected around xmas, so I know of the problems. However this isn't a file name - it's just an input field in a form. Why does the security need to block that??
David

**eUKhost.com** · #7 (**permalink**) 14-03-2007, 09:44

I'll ask him to look into this.

As per my knowledge shell_exec and uname functions are disabled in php.ini so there is no need to block r57 in character rules, but he is expert with security of servers so he has to to make a decision on what should be allowed and what should be blocked.

**DavidAllen** · #8 (**permalink**) 15-03-2007, 21:13

Did you get any answer from him on this??

**eUKhost.com** · #9 (**permalink**) 15-03-2007, 22:29

Not yet. He got married on Sunday and he had sanctioned leave till Wednesday but he needs 2 days more to return.

I can ask other System Admins to look into it if thats a priority. Others are also good with System Security so let me know if you need a solution immediately.

**DavidAllen** · #10 (**permalink**) 16-03-2007, 08:08

No it's ok - I managed to alter the data on my customers system and changed all occurences of r57 so for now the problem has 'gone away'. A proper solution when he gets back would be fine.
David
Ps Congratulations to him