Jump to content
The Uniform Server Community

Yoni

Support Team
  • Content Count

    96
  • Joined

  • Last visited

Everything posted by Yoni

  1. What is it running in port 80? Open a command prompt window and type "netstat -aon" What listing in port 80?
  2. This is why everyone should be concerned about the web server security. There are scripts kiddies messing around all day long and trying to find vulnerabilities in your web server. [Wed Jan 11 19:48:14 2012] [error] [client 218.80.254.134] (20024)The given path is misformatted or contained invalid characters: Cannot map GET /w00tw00t.at.blackhats.romanian.anti-sec:) HTTP/1.1 to file [Wed Jan 11 19:48:14 2012] [error] [client 218.80.254.134] File does not exist: D:/UniServer/www/admin [Wed Jan 11 19:48:14 2012] [error] [client 218.80.254.134] File does not exist: D:/UniServer/www/admin [Wed Jan 11 19:48:15 2012] [error] [client 218.80.254.134] File does not exist: D:/UniServer/www/admin [Wed Jan 11 23:58:20 2012] [error] [client 119.60.2.40] (20024)The given path is misformatted or contained invalid characters: Cannot map GET /w00tw00t.at.blackhats.romanian.anti-sec:) HTTP/1.1 to file [Wed Jan 11 23:58:20 2012] [error] [client 119.60.2.40] File does not exist: D:/UniServer/www/phpMyAdmin [Wed Jan 11 23:58:21 2012] [error] [client 119.60.2.40] File does not exist: D:/UniServer/www/phpmyadmin [Wed Jan 11 23:58:22 2012] [error] [client 119.60.2.40] File does not exist: D:/UniServer/www/pma [Wed Jan 11 23:58:22 2012] [error] [client 119.60.2.40] File does not exist: D:/UniServer/www/myadmin [Wed Jan 11 23:58:23 2012] [error] [client 119.60.2.40] File does not exist: D:/UniServer/www/MyAdmin [Thu Jan 12 13:14:10 2012] [error] [client 173.226.105.226] File does not exist: D:/UniServer/www/vhosts [Thu Jan 12 13:14:11 2012] [error] [client 173.226.105.226] File does not exist: D:/UniServer/www/ehcp Never doubt it, even when you don't see it on a daily basis, it is happening. This is when your apache rules rule! The rest is taken care by the firewall...
  3. Obviously there is something not properly configured in your apache configuration. What version are you running? Did you enable vhosts in your httpd.conf? Looks to me as if your vhost config file is disabled hence apache defaults back to the default host /www folder in this case.
  4. This is an old topic but I wanted to bring it up just for future reference. I noted that in your rewriting rules you are trying to point to your /wordpress folder. That tells me that your wordpress installation in under example.com/wordpress folder. Enable Permlinks "/%postname%" without quotes Edit your .htaccess as follow RewriteEngine On RewriteBase / RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] Copy your wp-config.php and index.php to your root folder. (example.com/) Edit index.php /** Loads the WordPress Environment and Template */ require('./wordpress/wp-blog-header.php'); Hope this helps
  5. Bob, nevermind. I reused the original location. Apache needs to have read access to the mysql folder anyways otherwise phpMyAdmin doesn't load. I don't use PHP my admin myself but the guide should be focused more on users than in my personal preferences. Read permissions is still secure enough. No files can be modified by the apache service inside the mysql folder.
  6. The guide is now online, guys. It can be found Here Hope you find it useful. Your ideas an suggestions to improve it are always welcome. Happy web serving
  7. Hi, I have written a guide to secure the Uniform Server and lock it down at the NTFS level for a production environment. In the process I noticed that apache loads libmysql.dll library from X:\Uniserver\usr\local\mysql\bin instead of loading it from X:\Uniserver\usr\local\php as I've seen from previous versions. In my attempt to lock down my Uniserver I denied apache's access (NTFS permissions) to X:\Uniserver\usr\local\mysql folder. I copied libmysql.dll to my PHP folder and edited apache's httpd.conf to load the libmysql.dll from the new location (X:\Uniserver\usr\local\php) Is it there any specific reason why UniServer Coral 8.0.0 is delivering the libmysql.dll in the mysql folder instead of any other location? I really want to understand the propose of it because in my opinion it only prevented me from locking out my apache service from accessing the mysql folder to load this dll, momentarily. By the way, the guide to strength the UniServer security can be found at http://geeks.gotdns.com/archives/uniform-s...rvices-security Maybe someone wants to add a link to it in the wiki. Your suggestions and improvements are always welcome.
  8. I do not run apache and mysql as Administrator. They both have their limited accounts setup in my server and they run fine. I actually have a guide that I'm working on to jail these services. I'm working on it atm.
  9. Open /UniServer/msmtp/msmtprc.ini with notepad or your txt edit application. Edit as needed...
  10. Check your SMTP seetings. Chances are you are not communicating in the right port nor you have SSL enabled which is nodays very common. Are you using your ISP as a relayer? If so, check the smtp settings as I mentioned
  11. You said IIS is currently off so it isn't IIS the service running on port 80. Open a command prompt window and type: netstat -anbp tcp (press enter) {edited} You should have an idea of who's running on that port. By the way, it could easily be skype running in port 80 (I hate skype )
  12. Opinions are like butts, we all have one. I have been running the server in Windows Server 2003 Web Server Edition (gift from a friend). It also hosts my e-mail server services and it seems to hold pretty good. There is a 2GB memory limit in the Web Server edition which is stupid in my case but I welcomed the gift. I believe the OS is awesome for its proposes or serving pages (with apache, of course) and it is also very stripped down. The memory limitation is a factor to consider IF you are planning on serving outrageous amounts of requests (doubtfully in a Home web server). Limited and all, is still a server Set it and forget it.
  13. Hi guys, Sorry I posted here but I do not have access to the beta forum to post my findings. When UniServer 8.1.0RC1 is launched the first time it asks you to change your password as usual. This is what I've reproduced several times... When using complex password, specifically characters such as "@" the installation breaks. MySQL service hangs and the user has to manually force the service to stop and end all running instances of the application. After that, the server configuration window will not longer work. MySQL users cannot be created, permissions cannot be set and databases cannot be created (FROM THE MySQL SERVER CONFIGURATION WINDOW) Users are left with no options but to use phpMyAdmin or a third party application to manage databases. I tried to figure it out before and I have posted about this issue currently in Coral 8.0: http://forum.uniformserver.com/index.php?showtopic=2432 Basically a password such as "mysql@dm1n" will break it because of the "@" not being properly parsed by the script. Test it out.
  14. I was able to reproduce something similar and it was related to what I just pointed out. Do you have another my.ini configuration in that machine? Have you stopped all services or instances of the application and restarted the server (computer)
  15. I believe you have an instance of apache or mysql already running there that's why those options are disabled. Shutdown Uniserver completely, open task manager and ensure there is no mysql1.exe or httpd1.exe service or processes running. Then try again
  16. can you please stop apache and mysql and try to run the run as service.exe Go to Event Viewer and tell us what error(s) you're getting.
  17. What OS did you move it into? Go to the .exe properties and make sure files are not locked. If they are, unlock them and try again.
  18. I have tried to tight up my server as much as possible. Uniform Server seems to be pretty much secure right out of the box but I have some concerns for those who, like me, run their servers in production open to the world. The first thing that I noticed was apache and mysql services running as Administrator. I understand .vbs scripts and .bat files cannot run in Windows without elevated privileges in some cases; this is not one of them though. For all those running Uniform Server as Administrator, please reconsider your NTFS permissions! and the account(s) your apache and MySQL services are running under. I'm attaching a securitycheck.php file to my post. Upload that to your wwwroot and browse to it over http. Welcome to the show! And be extremely careful while testing your security. You will find it crazy but you will have full access to your system because that script is being executed under apache AS ADMINISTRATOR, without proper NTFS permissions your entire server is ONE click away from being wiped out. These are the basics to understand why your NTFS permissions are so darn important and shouldn't be ignored under IIS, apache or any other http server. In my personal case, I have created 2 new users (1 for apache, 1 for MySQL) and 1 Group to manage NTFS permissions more easily). 1 - Create your 2 user accounts (apache, mysql). Make sure the user CANNOT change the password and also the PASSWORD NEVER EXPIRES. 2- Create a new group (let's call it webservices1). 3- Add apache and mysql users to that group (webservices1). 4- HOST your Uniserver Folder off of your C: drive (that's your OS drive after all) 5- Deny ALL permissions to webservices1 GROUP (apache and mysql users) to C: 6- Deny delete and WRITE to your Uniserver folder. Propagate permissions and allow WRITE only where required, ex: X:/Uniserver/tmp 8- Make sure mysql service has MODIFY permission to /Uniserver/usr/local/mysql 9- Make sure apache service has MODIFY permission to apache logs or the service won't start 10- Make sure you go to services and change US_APACHE1 and US_MYSQL1 to run with the new credentials created in step1. There is a lot more to do and denying DELETE might be inconvenient to some admins when updating files but it is a lot more secure. It takes 10 seconds to edit NTFS security permissions (enable DELETE), update your server files, apps, etc. Go back and DENY delete. Hope this helps some of us. securitycheck.zip
  19. Hi all, Is it there a way to fix the MySQL server configuration window? I cannot see any databases nor create one using the unicontroller interface. I have 7 databases up and running and I had to create then from phpMyAdmin. Setting permissions for restricted users doesn't work either. Looks like the entire script is either messed up or I need to manually configure something that I'm not aware of I'm currently running Coral 8.0.0 Please help me understand!
  20. I solved the issue by shutting down the MySQL service and deleting the ib_logfile0 and ib_logfile1. These files are recreated after MySQL is launched next time and since my InnoDB is enabled in my.ini the InnoDB db storage is now loading and showing up in phpMyAdmin. Time to convert a couple of tables from MyISAM to InnoDB now. Good luck everyone.
  21. Hi all, I'm trying to find a way to enable and use InnoDB storage instead of MyISAM. Unfortunately I haven't found a way to enable InnoDB in Coral 8.0. I cannot even see InnoDB in phpMyAdmin. I checked my.ini and as far as I'm concerned InnoDB settings are there and they are enabled. Is it there a way to switch to InnoDB storage instead of using MyISAM as my primary db storage? I'm new to UniServer and I wanna thank everyone of you who worked to make this wonderful "on the go" package possible. By the way, I'm using it in a production environment hosted in VMWare with good uptime and few positive feedbacks from end users. Checking Logs and I found that InnoDB is not initializing... 111230 4:45:01 InnoDB: The InnoDB memory heap is disabled 111230 4:45:01 InnoDB: Mutexes and rw_locks use Windows interlocked functions 111230 4:45:01 InnoDB: Compressed tables use zlib 1.2.3 111230 4:45:01 InnoDB: Initializing buffer pool, size = 200.0M 111230 4:45:02 InnoDB: Completed initialization of buffer pool InnoDB: Error: log file D:\UniServer\usr\local\mysql\data\ib_logfile0 is of different size 0 5242880 bytes InnoDB: than specified in the .cnf file 0 67108864 bytes! 111230 4:45:02 [ERROR] Plugin 'InnoDB' init function returned error. 111230 4:45:02 [ERROR] Plugin 'InnoDB' registration as a STORAGE ENGINE failed. 111230 4:45:02 [Note] Event Scheduler: Loaded 0 events 111230 4:45:02 [Note] D:\UniServer\usr\local\mysql\bin\mysqld1.exe: ready for connections. Version: '5.5.18' socket: '' port: 3306 MySQL Community Server (GPL)
×
×
  • Create New...