l11h

Hi burnttoastnice, Thanks for the reply $_SERVER["REMOTE_ADDR"] gives me the IP of the gateway which is now what I want I know if I get another loadbalancer that can do SSL Termination it will work I have tested this But due to limitations cannot move over to the new loadbalancer right now Is there no way of maybe using an external service to give the users external IP? Thanks

Hi, I was thinking if there is a way of getting the users IP address without using X-Forwarded-For or any headers? The reason for this is the server is behind a loadbalancer that cannot do SSL Termination HTTP works fine but HTTPS does not but I guess this is because of no SSL Termination capabilities so it cannot add the headers so the server just sees the loadbalancer IP So is there a way of doing this without changing the loadbalancer? Maybe an external service that can do this? Thanks

Hi Guys, Not sure where this should go, if this is Networking or Software .... I have got Snort setup and working on a CentOS 7 VM Has PulledPork for getting new rules, barnyard2 to read log files and insert into a database and Snorby for a web interface The issue that I am having is how do I setup Snort behind a NAT? My Architecture is as follows: VMWare vShield Edge (Has to have NAT) -> Snort Device -> Internal VMs I need to route all traffic through the Snort device If I did not have the Edge device it would be easy, Point external IP e.g. to IPS which will be in Bridged mode and that will transfer the traffic to required VMs I have done the following: External IPs: 1.0.0.1 | 1.0.0.2 | 1.0.0.3 Internal IPs: 172.0.0.1 | 172.0.0.2 | 172.0.0.3 Server IPs: Snort VM -> 172.0.0.1 | Internal VMs -> 172.0.0.2 | 172.0.0.3 On the NAT I have to point all external to the Snort VM, if I NAT to actual VM it will bypass Snort VM But when NAT external -> Internal it will just see the internal IPs (172.0.0.1) Is there a way of me to see the External IP and use maybe IPTABLES to route that? Thanks

Hi, Just got a little further with this if I go to: https://localhost/ecp/-> It does not work If I go to: https://localhost/ecp/?ExchClientVer=15-> It does work and I can login to the admin section no problem. However, https://localhost/owa/still does not work even adding ?ExchClientVer=15 makes no difference so any ideas what could be going on? Thanks

Hi, I just installed Exchange Server 2013 and I keep on getting a white screen after I login (this is with localhost/ecp and localhost/owa) Seeing the ecp / owa pages are fine it's after I login I get this problem. I did some research and the main problems are SSL certificate / Virtual Directories. I checked the SSL certificate and all that is fine from what I can see. The virtual directory they say remove and re-add using remove -owaVirtualDirectory however, running this is powershell says that command doesn't exist. So does anyone know how I execute that command or do I need to load in a library in powershell to do that or is that an IIS command? Is there anything else I can do to diagnose this, looking at event viewer is useless as nothing comes up. Any help will be appreciated with this. Thanks

with regards to mounting this is really simple. Make sure the O/S can see the Seagate drive, you can find this out by doing fdisk -l or looking in /dev/sd* Your main disk will be sda so the Seagate will be sdb (normally this is the case) Like manikyah said you mount the drive to a folder the syntax is the following: mount /dev/sdb1 /storage And that's it simple as that. You can edit the /etc/fstab to auto-mount the drive at boot up, example could be: /dev/sdb1 /storage ext4 defaults 0 2 ext4 is the file system type, if you do not know then just doing df -T will tell you the type I hope this helps.

FileZilla is what I use for day to day use, it's simple and easy to use. I'd recommend you use FileZilla, it supports everything you need really.

I am just doing this for a school project that I have to create a site, (not going to be a programmer as a career) It's just something I came across while doing testing (part of the project, and found this vulnerability) I just want to know how this can be stopped and as soon as the project is done, the site is going to be deleted anyway. Just need some ideas on how this can be stopped whether on the O/S level which can be done through .htaccess, I know with .htaccess I can do block all accessed to .php except certain files if there are .php in that directory. But can this be done on a code level to avoid this or is the O/S level the best option (.htaccess / a linux script to not allow any .php files in a certain directory)? Thanks

Seems like could be a permission issue, do you have the correct permissions set up?

Thanks for the info gabrielcarvfer. I was doing some research and it seems that when uploading the file they tamper with the header and change the file type. Just doing quick googling around you can find out how to exactly bypass the form security. This is kind of worrying because if this is how they got in originally, they will do it again. So is there a way to stop it completely in PHP so this cannot happen and the .htaccess will be the 2nd line defense if they get through that. Any information will be appreciated. Thanks

Hi, My web server recently got hacked by someone uploading a .php file which gave them control to the web server. From the CMS I did not allow anyone to upload any files other than .jpg .png (image files). I did some googling around and I found that you can tamper with the upload so you can upload an allowed file e.g. .jpg and then tamper with it before it actually it uploaded to .php. This way the web server thinks you have uploaded a .jpg file but in fact it was a .php if you know what I mean. Is there a way to completely stop all .php files to the website? I guess I can add a .htaccess file that days if file matches to ".php" then do not allow But is there any other way of stopping this, at FTP level or server level? Any information will be greatly appreciated. I am using CentOS 6.5. Thanks

Hi, So i've done a bit of research and apparently PHP throws out these errors because the variable has not existed before so it has to create new ones. So i'm guessing it's referring to: $array[$row][$i]? But why does it give out these errors only when the username / password has 0, 1 ... (if the array has those numbers too) So any ideas why this could be happening? Thanks

Hi, I am trying to create users for adding users. The program basically gets the username / password from a CSV file and then saves the data into an array and then puts this data into the server. The program is written in PHP as the server supports PHP scripts and the script does not however, it does not work in some conditions. If the array has 4 values e.g. array[0], array[1], array[2] ..... and the username / password has 0. 1, 2 ... in their name then the error I get is the following: PHP Notice: Undefined offset: 2 (or 3 sometimes) in (Script location) The script still does work and does create the users if I run it from the command line however, this will not work if I run it from the software itself as any output (even errors) causes the script to not run. The code is below: $fileName = "D:\Scripts\array.csv";$csvData = file_get_contents($fileName);$lines = explode(PHP_EOL, $csvData);$array = array();foreach ($lines as $line) { $array[] = str_getcsv($line);} for ($row = 0; $row < count($array); $row++) {// echo "Row number $row";for ($i = 0, $k = 1; $i < count($array), $k < count($array); $i+=2, $k+=2) {if (isset($i, $k, $row)) { $adduser_xml ="<?xml version='1.0' encoding='utf-8'?>\n"; $adduser_xml.="<user>\n"; $adduser_xml.="<username>{$array[$row][$i]}</username>\n"; $adduser_xml.="<password>{$array[$row][$k]}</password>\n"; $adduser_xml.="<rootdir><![CDATA[D:\\test\\{$array[$row][$i]}]]></rootdir>\n"; The error says it's around the username, password and rootdir field. Is there anything I can do to hide the errors / notices from showing up? Any help will be appreciated. Thanks

I love Linux as a server option, I find it stable, easy to use and what you can do on the Windows O/S it can be done on Linux, but I do prefer Active Directory to OpenLDAP just cause AD just works but with OpenLDAP a lot more messing around lol but as a Linux consultant you'll be more concentrated on the server side right? I do still prefer Linux on the server side lol

Right I see, I was reading this some where else where it said something wrong with the GUI or something similar. I actually never knew what X meant, I've always used startx or a similar expression from going from total command line to a GUI but never really cared to research into it lol. I know Raspberry Pi also does this, i still prefer the command line for a server package So I guess i've just got to wait for Wayland to come then. Like I said before, i'll be more than happy to move to Linux and leave Windows behind just as soon as the user experience is as good as Windows. I love everything else about Linux, the scripting, the applications it currently has are what I need, it's just that user experience just holding it back for me ...