Announcement

Collapse
No announcement yet.

Nr57

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • DavidAllen
    started a topic Nr57

    Nr57

    Hi - I have a problem with php that has me very puzzled. One of my customers rang to say that the website hosting kept bombing out whenever she tried to update a particular record. After a lot of hair pulling i eventually tracked the problem down to one thing NR57 Now what is it about those 4 characters that php doesn't like???
    I've created a simple form at www. serinasecure.com/testint.php all it does is display whatever you type in. Give it a go - all works fine until you type in NR57 when you get sent to the index.htm page - ????
    Anyone got ant ideas why ????
    David

  • DavidAllen
    replied
    No it's ok - I managed to alter the data on my customers system and changed all occurences of r57 so for now the problem has 'gone away'. A proper solution when he gets back would be fine.
    David
    Ps Congratulations to him

    Leave a comment:


  • eUKhost.com
    replied
    Not yet. He got married on Sunday and he had sanctioned leave till Wednesday but he needs 2 days more to return.

    I can ask other System Admins to look into it if thats a priority. Others are also good with System Security so let me know if you need a solution immediately.

    Leave a comment:


  • DavidAllen
    replied
    Did you get any answer from him on this??

    Leave a comment:


  • eUKhost.com
    replied
    I'll ask him to look into this.

    As per my knowledge shell_exec and uname functions are disabled in php.ini so there is no need to block r57 in character rules, but he is expert with security of servers so he has to to make a decision on what should be allowed and what should be blocked.

    Leave a comment:


  • DavidAllen
    replied
    Thanks Mark - I have reseller hosting with you on both Windows and Linux, and the Linux server I'm on was one of those that got injected around xmas, so I know of the problems. However this isn't a file name - it's just an input field in a form. Why does the security need to block that??
    David

    Leave a comment:


  • eUKhost.com
    replied
    Initially I didn't reply to this thread as I thought David's account was on windows server and we never had any such security setting on windows server to block file names with specific characters.

    We have high security on for apache and php on our linux servers and we have disabled almost all insecure php functions in php.ini and commonly used vulnerability scripts are disabled through mod_security. If you see forums of other hosting companies then you will notice that website hostings of their customers get injected every day but that rarely occurs on our servers. We had injection problem on 2 servers before 5 months but our CTO taken steps to disallow similar thing to happen again in future.

    Leave a comment:


  • DavidAllen
    replied
    Yes, I was wondering that as well. I tried the same test page on my windows hosting and that allows r57 quite happily. So I guess it's either an Apache security thing or a feature of php4 (the windows hosting has php5). ???????

    Leave a comment:


  • jarv
    replied
    I wonder if it's anything to do with this:
    www. sarc.com/avcenter/venc/data/php.rstbackdoor.html
    Look up r57.php or r57shell.php on Google and you'll notice a whole load of stuff about security exploits, maybe the server is blocking anything incoming with r57 in it as a security precaution

    Leave a comment:


  • jarv
    replied
    That's a strange one! I thought it was a wind up at first but I tried it out and strangely enough it does a 302 redirect whenever the input contains "r57", whether it be nr57, fsdfdsr57, r57a

    It doesn't do it on my local server or on my other web host so it must be something specifically on eukhost

    Leave a comment:

Working...
X