Clan x86

Technical (Development, Security, etc.) => Unix / Linux Discussion => Topic started by: Sidoh on December 01, 2005, 02:16:06 am

Title: Apache 1.3.34
Post by: Sidoh on December 01, 2005, 02:16:06 am

Horray!

I installed Apache 1.3.34 today (and had to re-install PHP as well), since I was still running 1.3.31.

I ran into quite a few problems re-installing PHP.  For some rason, GD wouldn't install when I was using --with-gd, so I tried downloading the source on their website and installing it that way then using --with-gd=<PATH>.  It wouldn't work then either.  It was pretty frusturating.  I ended up removing the php-4.4.0 directory, re-extracting it and running it using --with-gd again.  It worked fine then, for some reason.  Oh well, at least it works! :)

Title: Re: Apache 1.3.34
Post by: Ergot on December 01, 2005, 02:25:01 am

??? My upgrade to Apache 1.3.34 went pretty smoothly :P

Title: Re: Apache 1.3.34
Post by: Sidoh on December 01, 2005, 01:01:44 pm

Quote from: Ergot on December 01, 2005, 02:25:01 am

??? My upgrade to Apache 1.3.34 went pretty smoothly :P

# echo "<?= gd_info() ?>" > test.php && php test.php

Gogo.  :P

Title: Re: Apache 1.3.34
Post by: iago on December 01, 2005, 09:07:47 pm

Quote from: Sidoh on December 01, 2005, 01:01:44 pm

Quote from: Ergot on December 01, 2005, 02:25:01 am

??? My upgrade to Apache 1.3.34 went pretty smoothly :P

# echo "<?= gd_info() ?>" > test.php && php test.php

Gogo.  :P

iago@darkside:~$ echo "<?= gd_info() ?>" > test.php && php test.php
Arrayiago@darkside:~$

I'm on 1.3.33 still, though.  But any updates i've made have went smoothly :)

There's no real reason to upgrade to 1.3.34.  They fixed a "vulnerability" that could lead to http smuggling attacks or something stupid.  Nothing I'm worried about :)

Title: Re: Apache 1.3.34
Post by: Sidoh on December 01, 2005, 09:12:04 pm

Haha, ergot IM'd me with that.  I should have said:

# echo "<?= print_r(array_values(gd_info()) . '\n' ?>" > test.php && php test.php

Title: Re: Apache 1.3.34
Post by: iago on December 01, 2005, 09:19:06 pm

Quote from: Sidoh on December 01, 2005, 09:12:04 pm

Haha, ergot IM'd me with that.  I should have said:

# echo "<?= print_r(array_values(gd_info()) . '\n' ?>" > test.php && php test.php

iago@darkside:~$ echo "<?= print_r(array_values(gd_info()) . '\n' ?>" > test.php && php test.php
PHP Parse error:  parse error, unexpected ';' in /home/iago/test.php on line 1

Parse error: parse error, unexpected ';' in /home/iago/test.php on line 1

Title: Re: Apache 1.3.34
Post by: Ergot on December 01, 2005, 09:44:36 pm

root@x86:/home/jimmy# echo "<?= print_r(array_values(gd_info())) ?>" > test.php && php test.php
Array
(
   

• => bundled (2.0.28 compatible)
[1] =>
    [2] =>
    [3] => 1
    [4] => 1
    [5] => 1
    [6] => 1
    [7] => 1
    [8] => 1
    [9] =>
)

Title: Re: Apache 1.3.34
Post by: Newby on December 01, 2005, 09:50:34 pm

Root using newbies.

newby@impaler:~$ echo "<?= print_r(array_values(gd_info())) ?>" > test.php && php test.php
Array
(
    
 => bundled (2.0.28 compatible)
[1] => 
    [2] => 
    [3] => 1
    [4] => 1
    [5] => 1
    [6] => 1
    [7] => 1
    [8] => 1
    [9] => 
)[/pre]

Title: Re: Apache 1.3.34
Post by: Sidoh on December 01, 2005, 10:10:43 pm

I usually log in using root (the only way I ever access my server is SSH).  I should probably change that to using sidoh instead.  Good idea, changing that now. :P

iago, do this:

$ echo "<?php print_r(array_values(gd_info())) ?>" > test.php && php test.php

Title: Re: Apache 1.3.34
Post by: iago on December 01, 2005, 10:14:13 pm

Quote from: Sidoh on December 01, 2005, 10:10:43 pm

I usually log in using root (the only way I ever access my server is SSH).  I should probably change that to using sidoh instead.  Good idea, changing that now. :P

iago, do this:

$ echo "<?php print_r(array_values(gd_info())) ?>" > test.php && php test.php

I did, I was just trying to be difficult (by making fun of your missing bracket) :P

Title: Re: Apache 1.3.34
Post by: Ergot on December 02, 2005, 12:10:32 am

Quote from: N00bee on December 01, 2005, 09:50:34 pm

Root using newbies.

newby@impaler:~$ echo "<?= print_r(array_values(gd_info())) ?>" > test.php && php test.php
Array
(
    
 => bundled (2.0.28 compatible)
[1] => 
    [2] => 
    [3] => 1
    [4] => 1
    [5] => 1
    [6] => 1
    [7] => 1
    [8] => 1
    [9] => 
)[/pre]

No. I just follow directions better. Sidoh put a # therefore I use root. See how it works? Amazing huh?

Title: Re: Apache 1.3.34
Post by: Sidoh on December 02, 2005, 01:25:33 am

Alright, strange problem.

I noticed that my .htaccess file for a certain directory I had served isn't working anymore.  Any ideas why this would be?  I tried $ killall -9 httpd and then starting my old Apache (1.3.31) server (I left it installed, just in case) and it worked fine.  I'm unsure why it wouldn't work with 1.3.34, but maybe I'm missing something.  Here's my httpd.conf (http://www.sidoh.org/httpd.conf).

Oh!  I also checked my error log.  I did see something suspicious, but it doesn't make sense because it didn't deny my access at all.  In fact, try it yourself:

http://www.sidoh.org/phpmyadmin

Quote

[Thu Dec  1 20:07:36 2005] [error] [client 148.78.247.10] File does not exist: /usr/www/public_html/favicon.ico
[Thu Dec  1 20:51:08 2005] [error] [client 161.58.90.12] File does not exist: /usr/www/public_html/cacti/graph_image.php
[Thu Dec  1 20:51:48 2005] [error] [client 10.0.0.25] File does not exist: /usr/www/public_html/media
[Thu Dec  1 23:15:04 2005] [error] [client 10.0.0.25] client denied by server configuration: /usr/www/public_html/phpmyadmin/.htaccess
[Thu Dec  1 23:22:05 2005] [error] [client 10.0.0.25] File does not exist: /usr/www/public_html/www$
[Thu Dec  1 23:25:35 2005] [warn] pid file /usr/local/apache/logs/httpd.pid overwritten -- Unclean shutdown of previous Apache run?
[Thu Dec  1 23:25:35 2005] [notice] Apache/1.3.34 (Unix) PHP/4.4.0 configured -- resuming normal operations
[Thu Dec  1 23:25:35 2005] [notice] Accept mutex: sysvsem (Default: sysvsem)
[Thu Dec  1 23:26:07 2005] [warn] pid file /usr/local/apache/logs/httpd.pid overwritten -- Unclean shutdown of previous Apache run?
[Thu Dec  1 23:26:07 2005] [notice] Apache/1.3.34 (Unix) PHP/4.4.0 configured -- resuming normal operations

Here's the contents of my .htaccess file:

Quote

AuthName "Restricted Area"
AuthType Basic
AuthUserFile /usr/www/.htpasswd
AuthGroupFile /dev/null

require valid-user

Title: Re: Apache 1.3.34
Post by: iago on December 02, 2005, 08:56:55 am

Try getting rid of the Group line completely, I've never seen it pointed at /dev/null before.

Title: Re: Apache 1.3.34
Post by: Sidoh on December 02, 2005, 12:56:14 pm

Quote from: iago on December 02, 2005, 08:56:55 am

Try getting rid of the Group line completely, I've never seen it pointed at /dev/null before.

Alright.

Quote

AuthName "Restricted Area"
AuthType Basic
AuthUserFile /usr/www/.htpasswd


require valid-user

Still no good. :(

Title: Re: Apache 1.3.34
Post by: MyndFyre on December 05, 2005, 05:49:52 pm

Only a few more builts til ultimate 1.3.37ness occurs!  :P

Title: Re: Apache 1.3.34
Post by: Quik on December 05, 2005, 07:14:43 pm

Quote from: MyndFyre[x86] on December 05, 2005, 05:49:52 pm

Only a few more builts til ultimate 1.3.37ness occurs!  :P

How much do you wager that they will skip over it?