Announcement

Collapse
No announcement yet.

Nr57

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Nr57

    Hi - I have a problem with php that has me very puzzled. One of my customers rang to say that the website hosting kept bombing out whenever she tried to update a particular record. After a lot of hair pulling i eventually tracked the problem down to one thing NR57 Now what is it about those 4 characters that php doesn't like???
    I've created a simple form at www. serinasecure.com/testint.php all it does is display whatever you type in. Give it a go - all works fine until you type in NR57 when you get sent to the index.htm page - ????
    Anyone got ant ideas why ????
    David
    David Allen - www.serina.co.uk

  • #2
    That's a strange one! I thought it was a wind up at first but I tried it out and strangely enough it does a 302 redirect whenever the input contains "r57", whether it be nr57, fsdfdsr57, r57a

    It doesn't do it on my local server or on my other web host so it must be something specifically on eukhost

    Comment


    • #3
      I wonder if it's anything to do with this:
      www. sarc.com/avcenter/venc/data/php.rstbackdoor.html
      Look up r57.php or r57shell.php on Google and you'll notice a whole load of stuff about security exploits, maybe the server is blocking anything incoming with r57 in it as a security precaution

      Comment


      • #4
        Yes, I was wondering that as well. I tried the same test page on my windows hosting and that allows r57 quite happily. So I guess it's either an Apache security thing or a feature of php4 (the windows hosting has php5). ???????
        David Allen - www.serina.co.uk

        Comment


        • #5
          Initially I didn't reply to this thread as I thought David's account was on windows server and we never had any such security setting on windows server to block file names with specific characters.

          We have high security on for apache and php on our linux servers and we have disabled almost all insecure php functions in php.ini and commonly used vulnerability scripts are disabled through mod_security. If you see forums of other hosting companies then you will notice that website hostings of their customers get injected every day but that rarely occurs on our servers. We had injection problem on 2 servers before 5 months but our CTO taken steps to disallow similar thing to happen again in future.
          eUKhost - eNlight Cloud Hosting || eUKhost Knowledgebase
          Toll Free : 0808 262 0255 || Skype : mark_ducadi

          Comment


          • #6
            Thanks Mark - I have reseller hosting with you on both Windows and Linux, and the Linux server I'm on was one of those that got injected around xmas, so I know of the problems. However this isn't a file name - it's just an input field in a form. Why does the security need to block that??
            David
            David Allen - www.serina.co.uk

            Comment


            • #7
              I'll ask him to look into this.

              As per my knowledge shell_exec and uname functions are disabled in php.ini so there is no need to block r57 in character rules, but he is expert with security of servers so he has to to make a decision on what should be allowed and what should be blocked.
              eUKhost - eNlight Cloud Hosting || eUKhost Knowledgebase
              Toll Free : 0808 262 0255 || Skype : mark_ducadi

              Comment


              • #8
                Did you get any answer from him on this??
                David Allen - www.serina.co.uk

                Comment


                • #9
                  Not yet. He got married on Sunday and he had sanctioned leave till Wednesday but he needs 2 days more to return.

                  I can ask other System Admins to look into it if thats a priority. Others are also good with System Security so let me know if you need a solution immediately.
                  eUKhost - eNlight Cloud Hosting || eUKhost Knowledgebase
                  Toll Free : 0808 262 0255 || Skype : mark_ducadi

                  Comment


                  • #10
                    No it's ok - I managed to alter the data on my customers system and changed all occurences of r57 so for now the problem has 'gone away'. A proper solution when he gets back would be fine.
                    David
                    Ps Congratulations to him
                    David Allen - www.serina.co.uk

                    Comment

                    Working...
                    X