DeveloperSide.NET Forums
October 20, 2019, 06:48:15 PM *
Welcome, Guest. Please login or register.

Login with username, password and session length
News:
 
  Home Help Search Login Register  
  Show Posts
Pages: [1]
1  DeveloperSide.NET / Tools of the Trade / Re: Publsih Web Site Locally on: November 10, 2007, 11:43:23 PM
Here is the memberedo.conf:
________________________________________________________________________
Alias /memberedo "/www/webapps/memberedo"

<Directory "/www/webapps/memberedo">
   Options None
   AllowOverride None

   order allow,deny
   allow from 127.0.0.1
#   allow from all

   AddType text/html .php
   AddHandler application/x-httpd-php .php
</Directory>
________________________________________________________________________

I am using phprunner4.1 for code generation and I discovered that  it is putting my project paths in the httpd.conf. I currently am running
wdc from d:\www... and my phprunner project paths are on C: under the user documents directory(running vista with "uac" turned off to avoid
admin execution requirements).

Below are the entries in the httpd.conf - the first two I edited to the www/webapps directory. I also tried commenting the entries out and apache wouldn't
restart with them commented out.
______________________________________________________________________

  Alias "/memberedo" "d:\www\webapps\memberedo"


   <Directory "d:\www\webapps\memberedo">
        Options FollowSymLinks Indexes
        AllowOverride None
        Order allow,deny
        allow from all
    </Directory>

  <Directory "C:\Users\jim\Documents\memberedo\output">
        Options FollowSymLinks Indexes
        AllowOverride None
        Order allow,deny
        allow from all
    </Directory>

   Alias "/Church Members" "C:\Program Files\PHPRunner4.1\projects\Church Members\output"


   <Directory "C:\Program Files\PHPRunner4.1\projects\Church Members\output">
        Options FollowSymLinks Indexes
        AllowOverride None
        Order deny,allow
        allow from all
    </Directory>

   Alias "/memberedo" "C:\Users\jim\Documents\memberedo\output"


   <Directory "C:\Users\jim\Documents\memberedo\output">
        Options FollowSymLinks Indexes
        AllowOverride None
        Order deny,allow
        allow from all
    </Directory>

   Alias "/memberedo" "C:\Users\jim\Documents\memberedo\output"


   <Directory "C:\Users\jim\Documents\memberedo\output">
        Options FollowSymLinks Indexes
        AllowOverride None
        Order deny,allow
        allow from all
    </Directory>
_________________________________________________________________________________

Thanks

Jim Freeman

Below are part of the error logs for today.

I am not sure I understand what is going on with the backdoor access messages.
______________________________________________________________________________________________________

Sat Nov 10 10:58:42 2007] [error] [client 127.0.0.1] File does not exist: D:/www/webroot/mmembredo
[Sat Nov 10 11:04:27 2007] [error] [client 127.0.0.1] File does not exist: D:/www/webroot/sserver-info
[Sat Nov 10 11:04:37 2007] [error] [client 127.0.0.1] ModSecurity: Warning. Pattern match "(?:<title>[^<]*?(?:\\\\b(?:(?:c(?:ehennemden|gi-telnet)|gamma web shell)\\\\b|imhabirligi phpftp)|(?:r(?:emote explorer|57shell)|aventis klasvayv|zehir)\\\\b|\\\\.::(?:news remote php shell injection::\\\\.| rhtools\\\\b)|ph(?:p(?:(?: commander|-terminal)\\\\b|remot ..." at RESPONSE_BODY. [id "950922"] [msg "Backdoor access"] [severity "CRITICAL"] [hostname "localhost"] [uri "/server-info"] [unique_id "GBvcY8CoAQQAAA507UYAAAD5"]
[Sat Nov 10 11:04:37 2007] [error] [client 127.0.0.1] ModSecurity: Warning. Pattern match "\\\\b(?:th(?:is (?:(?:analysis was produced by .{0,100} ana|report was generated by web)log|summary was generated by .{0,100} wwwstat)|ese statistics were produced by (?:getstats|pelab))|generated by webalizer)\\\\b" at RESPONSE_BODY. [id "970002"] [msg "Statistics Information Leakage"] [severity "WARNING"] [hostname "localhost"] [uri "/server-info"] [unique_id "GBvcY8CoAQQAAA507UYAAAD5"]
[Sat Nov 10 11:04:37 2007] [error] [client 127.0.0.1] ModSecurity: Warning. Pattern match "\\\\b(?:(?:s(?:(?:elect list because it is not contained in (?:an aggregate function and there is no|either an aggregate function or the) group by claus|yntax error converting the \\\\w+ value .*? to a column of data typ)e|upplied argument is not a valid ( ..." at RESPONSE_BODY. [id "970003"] [msg "SQL Information Leakage"] [severity "WARNING"] [hostname "localhost"] [uri "/server-info"] [unique_id "GBvcY8CoAQQAAA507UYAAAD5"]
[Sat Nov 10 11:04:37 2007] [error] [client 127.0.0.1] ModSecurity: Warning. Pattern match "(?:\\\\b(?:adodb\\\\.command\\\\b.{0,100}\\\\b(?:application uses a value of the wrong type for the current operation\\\\b|error')|microsoft vbscript (?:compilation|runtime) (?:\\\\(0x8|error)\\\\b|object required: '|error '800)|(?:\\\\/errormessage\\\\.aspx\\\\?error|>er ..." at RESPONSE_BODY. [id "970004"] [msg "IIS Information Leakage"] [severity "WARNING"] [hostname "localhost"] [uri "/server-info"] [unique_id "GBvcY8CoAQQAAA507UYAAAD5"]
[Sat Nov 10 11:04:37 2007] [error] [client 127.0.0.1] ModSecurity: Warning. Pattern match "(?:\\\\b(?:f(?:tp_(?:nb_)?f?(?:ge|pu)t|get(?:s?s|c)|scanf|write|open|read)|gz(?:(?:encod|writ)e|compress|open|read)|s(?:ession_start|candir)|read(?:(?:gz)?file|dir)|move_uploaded_file|(?:proc_|bz)open)|\\\\$_(?:(?:pos|ge)t|session))\\\\b" at RESPONSE_BODY. [id "970015"] [msg "PHP source code leakage"] [severity "WARNING"] [hostname "localhost"] [uri "/server-info"] [unique_id "GBvcY8CoAQQAAA507UYAAAD5"]
[Sat Nov 10 11:04:37 2007] [error] [client 127.0.0.1] ModSecurity: Warning. Pattern match "(?:(?:<h1>internal server error<\\\\/h1>.*?<h2>part of the server has crashed or it has a configuration error\\\\.<\\\\/h2|microsoft ole db provider for sql server \\\\(0x80040e31\\\\)<br>timeout expired<br)>|cannot connect to the server: timed out)" at RESPONSE_BODY. [id "970118"] [msg "The application is not available"] [severity "NOTICE"] [hostname "localhost"] [uri "/server-info"] [unique_id "GBvcY8CoAQQAAA507UYAAAD5"]
[Sat Nov 10 11:07:42 2007] [error] [client 127.0.0.1] File does not exist: D:/www/webroot/wd-guide
[Sat Nov 10 11:13:22 2007] [notice] Parent: Received shutdown signal -- Shutting down the server.
[Sat Nov 10 11:13:22 2007] [notice] Child 3700: Exit event signaled. Child process is ending.
[Sat Nov 10 11:13:23 2007] [notice] Child 3700: Released the start mutex
[Sat Nov 10 11:13:24 2007] [notice] Child 3700: Waiting for 250 worker threads to exit.
[Sat Nov 10 11:13:24 2007] [notice] Child 3700: All worker threads have exited.
[Sat Nov 10 11:13:25 2007] [notice] Child 3700: Child process is exiting
[Sat Nov 10 11:13:28 2007] [notice] Parent: Child process exited successfully.
[Sat Nov 10 11:13:39 2007] [notice] ModSecurity for Apache 2.1.0 configured
[Sat Nov 10 11:13:42 2007] [notice] Apache/2.2.4 (Win32) mod_ssl/2.2.4 OpenSSL/0.9.8e mod_fastcgi/mod_fastcgi-SNAP-0404142202 PHP/5.2.1 mod_perl/2.0.3 Perl/v5.8.8 configured -- resuming normal operations
[Sat Nov 10 11:13:42 2007] [notice] Server built: Mar 20 2007 13:02:00
[Sat Nov 10 11:13:42 2007] [notice] Parent: Created child process 6672
[Sat Nov 10 11:13:45 2007] [notice] ModSecurity for Apache 2.1.0 configured
[Sat Nov 10 11:13:48 2007] [notice] Child 6672: Child process is running
[Sat Nov 10 11:13:48 2007] [notice] Child 6672: Acquired the start mutex.
[Sat Nov 10 11:13:48 2007] [notice] Child 6672: Starting 250 worker threads.
[Sat Nov 10 11:13:48 2007] [notice] FastCGI: process manager initialized
[Sat Nov 10 11:13:48 2007] [notice] Child 6672: Starting thread to listen on port 443.
[Sat Nov 10 11:13:48 2007] [notice] Child 6672: Starting thread to listen on port 80.
[Sat Nov 10 11:18:00 2007] [error] [client 127.0.0.1] ModSecurity: Warning. Pattern match "(?:<title>[^<]*?(?:\\\\b(?:(?:c(?:ehennemden|gi-telnet)|gamma web shell)\\\\b|imhabirligi phpftp)|(?:r(?:emote explorer|57shell)|aventis klasvayv|zehir)\\\\b|\\\\.::(?:news remote php shell injection::\\\\.| rhtools\\\\b)|ph(?:p(?:(?: commander|-terminal)\\\\b|remot ..." at RESPONSE_BODY. [id "950922"] [msg "Backdoor access"] [severity "CRITICAL"] [hostname "localhost"] [uri "/server-info"] [unique_id "R-7dE8CoAQQAABoQQ7EAAAD4"]
[Sat Nov 10 11:18:00 2007] [error] [client 127.0.0.1] ModSecurity: Warning. Pattern match "\\\\b(?:th(?:is (?:(?:analysis was produced by .{0,100} ana|report was generated by web)log|summary was generated by .{0,100} wwwstat)|ese statistics were produced by (?:getstats|pelab))|generated by webalizer)\\\\b" at RESPONSE_BODY. [id "970002"] [msg "Statistics Information Leakage"] [severity "WARNING"] [hostname "localhost"] [uri "/server-info"] [unique_id "R-7dE8CoAQQAABoQQ7EAAAD4"]
[Sat Nov 10 11:18:00 2007] [error] [client 127.0.0.1] ModSecurity: Warning. Pattern match "\\\\b(?:(?:s(?:(?:elect list because it is not contained in (?:an aggregate function and there is no|either an aggregate function or the) group by claus|yntax error converting the \\\\w+ value .*? to a column of data typ)e|upplied argument is not a valid ( ..." at RESPONSE_BODY. [id "970003"] [msg "SQL Information Leakage"] [severity "WARNING"] [hostname "localhost"] [uri "/server-info"] [unique_id "R-7dE8CoAQQAABoQQ7EAAAD4"]
[Sat Nov 10 11:18:00 2007] [error] [client 127.0.0.1] ModSecurity: Warning. Pattern match "(?:\\\\b(?:adodb\\\\.command\\\\b.{0,100}\\\\b(?:application uses a value of the wrong type for the current operation\\\\b|error')|microsoft vbscript (?:compilation|runtime) (?:\\\\(0x8|error)\\\\b|object required: '|error '800)|(?:\\\\/errormessage\\\\.aspx\\\\?error|>er ..." at RESPONSE_BODY. [id "970004"] [msg "IIS Information Leakage"] [severity "WARNING"] [hostname "localhost"] [uri "/server-info"] [unique_id "R-7dE8CoAQQAABoQQ7EAAAD4"]
[Sat Nov 10 11:18:00 2007] [error] [client 127.0.0.1] ModSecurity: Warning. Pattern match "(?:\\\\b(?:f(?:tp_(?:nb_)?f?(?:ge|pu)t|get(?:s?s|c)|scanf|write|open|read)|gz(?:(?:encod|writ)e|compress|open|read)|s(?:ession_start|candir)|read(?:(?:gz)?file|dir)|move_uploaded_file|(?:proc_|bz)open)|\\\\$_(?:(?:pos|ge)t|session))\\\\b" at RESPONSE_BODY. [id "970015"] [msg "PHP source code leakage"] [severity "WARNING"] [hostname "localhost"] [uri "/server-info"] [unique_id "R-7dE8CoAQQAABoQQ7EAAAD4"]
[Sat Nov 10 11:18:00 2007] [error] [client 127.0.0.1] ModSecurity: Warning. Pattern match "(?:(?:<h1>internal server error<\\\\/h1>.*?<h2>part of the server has crashed or it has a configuration error\\\\.<\\\\/h2|microsoft ole db provider for sql server \\\\(0x80040e31\\\\)<br>timeout expired<br)>|cannot connect to the server: timed out)" at RESPONSE_BODY. [id "970118"] [msg "The application is not available"] [severity "NOTICE"] [hostname "localhost"] [uri "/server-info"] [unique_id "R-7dE8CoAQQAABoQQ7EAAAD4"]
Terminating on signal SIGTERM(15)
[Sat Nov 10 11:35:21 2007] [notice] ModSecurity for Apache 2.1.0 configured
[Sat Nov 10 11:35:28 2007] [notice] Apache/2.2.4 (Win32) mod_ssl/2.2.4 OpenSSL/0.9.8e mod_fastcgi/mod_fastcgi-SNAP-0404142202 PHP/5.2.1 mod_perl/2.0.3 Perl/v5.8.8 configured -- resuming normal operations
[Sat Nov 10 11:35:28 2007] [notice] Server built: Mar 20 2007 13:02:00
[Sat Nov 10 11:35:28 2007] [notice] Parent: Created child process 3588
[Sat Nov 10 11:35:31 2007] [notice] ModSecurity for Apache 2.1.0 configured
[Sat Nov 10 11:35:34 2007] [notice] Child 3588: Child process is running
[Sat Nov 10 11:35:34 2007] [notice] Child 3588: Acquired the start mutex.
[Sat Nov 10 11:35:34 2007] [notice] Child 3588: Starting 250 worker threads.
[Sat Nov 10 11:35:34 2007] [notice] FastCGI: process manager initialized
[Sat Nov 10 11:35:34 2007] [notice] Child 3588: Starting thread to listen on port 443.
[Sat Nov 10 11:35:34 2007] [notice] Child 3588: Starting thread to listen on port 80.
[Sat Nov 10 17:17:23 2007] [notice] Server built: Mar 20 2007 13:02:00
[Sat Nov 10 17:17:23 2007] [notice] Parent: Created child process 4764
[Sat Nov 10 17:17:26 2007] [notice] ModSecurity for Apache 2.1.0 configured
[Sat Nov 10 17:17:29 2007] [notice] Child 4764: Child process is running
[Sat Nov 10 17:17:29 2007] [notice] Child 4764: Acquired the start mutex.
[Sat Nov 10 17:17:29 2007] [notice] Child 4764: Starting 250 worker threads.
[Sat Nov 10 17:17:29 2007] [notice] FastCGI: process manager initialized
[Sat Nov 10 17:17:29 2007] [notice] Child 4764: Starting thread to listen on port 443.
[Sat Nov 10 17:17:29 2007] [notice] Child 4764: Starting thread to listen on port 80.
2  DeveloperSide.NET / Tools of the Trade / Re: Publsih Web Site Locally on: November 10, 2007, 06:35:47 PM
I am currently using 1.95 which I installed on 8/22/07 and it puts the apps in
webapps and has no apps  in webroot (same directory level)>.

localhost/memberedo finds my app(memberedo) and displays the files, when I execute
them it gives me the contents of the file(source code). I created from the joomla.conf a
file a memberedo.conf file showing www/webapps/memberedo, tried addding an Include statement
with the path to the conf file in the components for apache, same as your other apps, when
I do this apache will not start.

What am I missing?

Thanks

Jim Freeman
3  DeveloperSide.NET / Tools of the Trade / Re: Publsih Web Site Locally on: November 10, 2007, 02:13:27 PM
No, the point I was making is that I have the included apps(Joomla, phpmyadmin, etc) working with no problem.

My problem is new appplications that I am writing, how do I publish them
so that I can test them locally?

Thanks

Jim Freeman
4  DeveloperSide.NET / Tools of the Trade / Publsih Web Site Locally on: November 10, 2007, 03:33:10 AM
I have the installed apps up and running, in fact I have been using phpmyadmin for DB
configuration locally for quite a while. I maintain several heavy duty Joomla sites and do a
fair amount of LAMP development.  What I want to do is when I gen my php code to be able
to immediately test it locally with out haveing to go through the  hassle of ftp'ing it to the data
center server all of the time, plus give my self the ability to work independently of the net(on airplanes, etc).

What steps do I need to take to publish a new application so that I can execute localhost/application.name
and it will find it.  The only thing I have been able to achieve is for it to goto download mode.

The applications show-up in the server-info, but the conf files never get generated.
Pages: [1]
Powered by MySQL Powered by PHP Powered by SMF 1.1.9 | SMF © 2006-2009, Simple Machines LLC Valid XHTML 1.0! Valid CSS!