sKunKbad

Have you tried the -f option? I've had this work for me in the past. This is straight from php.net: additional_parameters (optional) The additional_parameters parameter can be used to pass an additional parameter to the program configured to use when sending mail using the sendmail_path configuration setting. For example, this can be used to set the envelope sender address when using sendmail with the -f sendmail option. The user that the webserver runs as should be added as a trusted user to the sendmail configuration to prevent a 'X-Warning' header from being added to the message when the envelope sender (-f) is set using this method. For sendmail users, this file is /etc/mail/trusted-users.

I ended up using some simple regex that I created with regexbuddy. It seems to work, so I'm pleased, but hoping it doesn't somehow backfire on me later: foreach ($_POST as $dirtyString){ if (preg_match('/[^-\s A-Z0-9~!@#$%^&*()_+`=;:\'",<.>?|}{[\]\/\\\\]/i', $dirtyString)) { die(); } }

PHP 5.2.5 I'm trying to validate some post vars so that the only thing that gets through is standard english keyboard type characters. So far I've added some Russian and Hebrew characters, but I'd expect that at some time I may encounter Chinese, Japanese, and many other characters. Here is what I have so far: <?php $badWord = array( //phpfreaks converts the Russian and Hebrew chars, so I can't show you the chars, but they are just standard Russian and Hebrew chars. ); foreach ($_POST as $dirtyString){ foreach ($badWord as $unwanted){ $testedString = strpos($dirtyString,$unwanted); if ($testedString){ die(); } } } ?> Is there a better way, and more complete way of doing what I want to do for all non-english chars?

I've been checking out getmxrr() and the associated comments on php.net, and wondering if the following code, which was given to me, is going to work well or get me in trouble: <?php // validate the f0rm before submitting // hardcore e-mail validation function MailVal($Addr, $Level, $Timeout = 15000) { // Valid Top-Level Domains $gTLDs = "com:net:org:edu:gov:mil:int:arpa:"; $CCs = "ad:ae:af:ag:ai:al:am:an:ao:aq:ar:as:at:au:aw:az:ba:bb:bd:be:bf:". "bg:bh:bi:bj:bm:bn:bo:br:bs:bt:bv:bw:by:bz:ca:cc:cf:cd:cg:ch:ci:". "ck:cl:cm:cn:co:cr:cs:cu:cv:cx:cy:cz:de:dj:dk:dm:do:dz:ec:ee:eg:". "eh:er:es:et:fi:fj:fk:fm:fo:fr:fx:ga:gb:gd:ge:gf:gh:gi:gl:gm:gn:". "gp:gq:gr:gs:gt:gu:gw:gy:hk:hm:hn:hr:ht:hu:id:ie:il:in:io:iq:ir:". "is:it:jm:jo:jp:ke:kg:kh:ki:km:kn:kp:kr:kw:ky:kz:la:lb:lc:li:lk:". "lr:ls:lt:lu:lv:ly:ma:mc:md:mg:mh:mk:ml:mm:mn:mo:mp:mq:mr:ms:mt:". "mu:mv:mw:mx:my:mz:na:nc:ne:nf:ng:ni:nl:no:np:nr:nt:nu:nz:om:pa:". "pe:pf:pg:ph:pk:pl:pm:pn:pr:pt:pw:py:qa:re:ro:ru:rw:sa:sb:sc:sd:". "se:sg:sh:si:sj:sk:sl:sm:sn:so:sr:st:su:sv:sy:sz:tc:td:tf:tg:th:". "tj:tk:tm:tn:to:tp:tr:tt:tv:tw:tz:ua:ug:uk:um:us:uy:uz:va:vc:ve:". "vg:vi:vn:vu:wf:ws:ye:yt:yu:za:zm:zr:zw:"; // The countries can have their own 'TLDs', e.g. mydomain.com.au $cTLDs = "com:net:org:edu:gov:mil:co:ne:or:ed:go:mi:"; $fail = 0; // Shift the address to lowercase to simplify checking $Addr = strtolower($Addr); // Split the Address into user and domain parts $UD = explode("@", $Addr); if (sizeof($UD) != 2 || !$UD[0]) $fail = 1; // Split the domain part into its Levels $Levels = explode(".", $UD[1]); $sLevels = sizeof($Levels); if ($sLevels < 2) $fail = 1; // Get the TLD, strip off trailing ] } ) > and check the length $tld = $Levels[$sLevels-1]; $tld = ereg_replace("[>)}]$|]$", "", $tld); if (strlen($tld) < 2 || strlen($tld) > 3 && $tld != "arpa") $fail = 1; $Level--; // If the string after the last dot isn't in the generic TLDs or country codes, it's invalid. if ($Level && !$fail) { $Level--; if (!ereg($tld.":", $gTLDs) && !ereg($tld.":", $CCs)) $fail = 2; } // If it's a country code, check for a country TLD; add on the domain name. if ($Level && !$fail) { $cd = $sLevels - 2; $domain = $Levels[$cd].".".$tld; if (ereg($Levels[$cd].":", $cTLDs)) { $cd--; $domain = $Levels[$cd].".".$domain; } } // See if there's an MX record for the domain if ($Level && !$fail) { $Level--; if (!getmxrr($domain, $mxhosts, $weight)) $fail = 3; } // Attempt to connect to port 25 on an MX host if ($Level && !$fail) { $Level--; while (!$sh && list($nul, $mxhost) = each($mxhosts)) $sh = fsockopen($mxhost, 25); if (!$sh) $fail = 4; } // See if anyone answers if ($Level && !$fail) { $Level--; set_socket_blocking($sh, false); $out = ""; $t = 0; while ($t++ < $Timeout && !$out) $out = fgets($sh, 256); if (!ereg("^220", $out)) $fail = 5; } if ($sh) fclose($sh); return $fail; } // End E-Mail Validation Function ?> I've tested it using a few email addresses, and so far it works as expected, but the php.net page for getmxrr says not to use getmxrr for email validation. I'm getting a rediculous amount of spam, and I need some sort of better email address validation. Currently, my $Level is set to 4.

You might check that your php.ini has allow_url_fopen set to on. Also, if this is your own server, you might check that your /etc/resolv.conf, /etc/hosts, or DNS is otherwise properly configured.

Excellent. It's one thing to read books about linux, and then it's another to actually know whats going on. Thanks for your help.

Thorpe, thanks for your response. I finally understand /etc/resolv.conf. Now, how about /etc/hosts. If there are no other hosts that my server would need to communicate with, should the only entry in /etc/hosts be 127.0.0.1 localhost?

So, specifically in regards to my etc/resolv.conf, I want to ask if I configured it correctly. First, I listed my linksys router's IP as a nameserver, then I listed my ISP's DNS nameservers (both primary and secondary) as nameservers, then I have search set to lan. nameserver 192.168.1.1 nameserver 66.51.205.100 nameserver 66.51.206.100 search lan I understand that names would need to be resolved, and I am thinking that my router should not be listed as a nameserver, but I might be wrong. Would there be a reason for my router to be listed as a nameserver? Also, I only chose search lan because of the book I am reading says this is the default. This was not what it was after installation of the O/S, but since I didn't back up resolv.conf, and can't remember what search was set to, I can't tell you what it was. Do I need the search setting at all?

I'm interested to know if there are very common security issues for Linux servers in general, that are easy targets for hackers, and if you have personally had your server(s) hacked, and how they were hacked. Do friends let friends try to hack their server(s) to learn more about Linux? I have none of these friends anyways, but I've been thinking about finding some. I'm not trying to learn hacking... I just want to learn to be a good server admin. I know in the business world there are ethical hackers that get paid to show people their vulnerabilities, but I'm not in a position to pay for this kind of thing just to learn. Comments?

Wow, that is sweet! I did it with relative ease. I got hung up thinking that putty was somehow going to display as a browser, but once I figured out (by reading) that all I needed to do was to change the way my Firefox connects to the internet, all was good. I actually tested the connection without modifying the phpmyadmin.conf, but now that I know how it works making that change is simple enough. Thanks! Thread Solved!

First thing you gotta do is log in to your LAN's router. Once logged in, you need to find the port forwarding configuration. Make sure to forward http traffic (port 80) to your machine. If you don't know your LAN address, try checking the router's DHCP table to see the name of your computer. In most cases it will be something like 192.168.1.104 or similar. Once you set up the port forwarding to your machine, as long as your router isn't reset, you will be able to access your website using your static or dynamic WAN IP (assuming Apache is listening on port 80). It is better to set up a static connection from your machine to the router if you can, that way there is one less DNS setting to go wrong. As far as WAN goes, dyndns is ok, but I prefer zoneedit. Once a zoneedit account is configured, you can use ddclient to update zoneedit, and your connection will be as good as a static connection.

OK, yes phpmyadmin is installed to /user/share/phpmyadmin on ubuntu also. As for using it via ssh tunnel... remember I am just learning. I would need to find a tutorial or more info to do that.

Thanks, I probably should have thought better about my questions, and worded them differently (or put them somewhere else). Yes, I am just trying to see how things work. I'd like to eventually have enough experience (and I know that may be a long ways away) to add "linux web server administration" to my list of skills. Yes, I am running the latest Ubuntu Server Edition (8.04). Yes, I installed with apt-get, but there is no vhost listed for phpmyadmin in /etc/apache2/sites-available. There is also no phpmyadmin directory in www, even though phpmyadmin is accessible from http://localhost/phpmyadmin. I'll have to look around and see what I can find. Since I am still just learning, I will want to have experience with all of the different ways to configure. I've kept a log of what I have done, and uploaded all of the files I have changed, so I can use them as reference in the future. While there are plenty of "Install Ubuntu LAMP Server" tutorials out there, they only represent one way of doing things, and my goal is to learn. I'd like to attempt to run other distros as well, but want to feel that I have at least semi-mastered the one I am working with now before moving on. On the side, have you or have you ever thought about writing a linux how-to book? You seem to know everything, and explain things well. There are a lot of books out there, but one that would specifically speak in detail about web server administration would be great. The one I have is 350 pages, and only 15 pages are dedicated to web server info.

I have used phpmyadmin many times on shared hosting accounts, and so I wanted to set it up on the server I am testing out. The default installation doesn't seem to have a configuration of any kind, and it places access to phpmyadmin at localhost/phpmyadmin. In the past I had read that having the phpmyadmin access in the public view wasn't secure, and wondering how other people are installing/configuring phpmyadmin. Do I just need a REALLY strong password, or is there some better way of setting it up? I'm using name based virtual hosts, and all of the domains have access to the same phpmyadmin installation, which would obviously be bad if the domains were owned by different users. I guess in a real hosting environment that the domains would all have their own virtual server, with their own services, but can there be a separation on a simple name based virtual hosts setup?

I use both. Wampserver2 is probably the easiest for me. I'm spending less and less time on Windows machines though. My latest project has been setting up a Ubuntu web server. Nothing has taught me more about Apache or PHP.

What do you mean by signature?

Is this because if a malicious user somehow got control of Apache they could overwrite anything in a directory that was owned by www-data?

I have figured out that if I CHOWN the /var/www directory that I can use Filezilla in SSH mode to move files back and forth easily from my home computer. Another person suggested that if Apache/PHP needs to write to a file in the www directory that it would no longer be able to. So, I'm guessing that CHOWNing the directory was the wrong thing to do, and wondering if I should join the www-data group, or what is the proper way of handling this? Was the person that suggested that Apache/PHP would no longer be able to write to the www directory correct?

No. I was not aware of those commands. I will take a look at the everything you have shared. I really hate reading real books, so the more info I can get in pdf, html, or txt the better. Thanks

I've been setting up my first web server, and everything seems to be working fine. I installed Ubuntu Server Edition 8.04. I've configured name based virtual hosting, ddclient for updating my A record on zoneedit.com, a static connection to my router, etc. During the configuration of the server, I mainly used info I found from the internet to help me. I found myself editing: /etc/hosts /etc/resolv.conf /etc/apache2/sites-available /etc/apache2/sites-enabled /etc/network/interfaces The problem, at least for me, is that I am setting up this server to learn, not to just set up a server. In fact, I don't consider the hardware or environment suitable for a real server. I just want to know how all of this stuff is working, and not just do it by example. I have a couple of Ubuntu books, one is specific to server administration, but these books don't go into great detail about how these files work. Can someone suggest a book or website that explains what I am seeking to learn? I am primarily a web designer, but have done work in php, and am interested in expanding my knowledge by learning linux server administration.

After searching around I found out that those errors are from my DNS being messed up. I had configured my server to run name based virtual hosts, but apparently messed up the resolv.conf. Once I fixed that everything is OK. The real problem is that I really don't know what I'm doing... but I guess all of this is part of a learning process.

I'm trying to read in a file from an outside source, and it seems that either php, apache, or my server isn't letting me do it. Perhaps if I show you the simple php script and associated error you can tell me what is wrong? test.php <?php $file = file_get_contents('http://dynamic.zoneedit.com/checkip.html'); ?> associated errors Warning: file_get_contents() [function.file-get-contents]: php_network_getaddresses: getaddrinfo failed: Name or service not known in /var/www/dns/test.php on line 3 Warning: file_get_contents(http://dynamic.zoneedit.com/checkip.html) [function.file-get-contents]: failed to open stream: Connection refused in /var/www/dns/test.php on line 3 I'm not interested in using cURL or an alternate method. I just want to know what is wrong.

I tried the code up posted, and for some reason Digg's XML doesn't read in like other XML I have used, so I played around with it, and this is what I came up with (and it works): <?php $diggFeed = file_get_contents('http://www.digg.com/rss/index.xml'); $feed = new SimpleXMLElement($diggFeed); $namespaces = $feed->getNamespaces(true); foreach ($feed->channel->item as $item) { $title = $item->title; $guid = $item->guid; $description = $item->description; $digg = $item->children($namespaces['digg']); echo "<p><a href='$guid'>$title</a> by " . $digg->submitter->username . "<br />$description</p><br />\n"; } ?>

cURL is not necessary. This is not perfect, but it should get you headed in the right direction: <?php $feed = simplexml_load_file('http://digg.com/rss/index.xml'); $digg = $feed->channel->item->children('http://digg.com/docs/diggrss/'); //this shows simpleXML how to parse the custom namespace elements $title = $feed->channel->item->title; //this may not work without being looped so that it parses the entire XML document echo "<h2>$title</h2>\n"; echo "$digg->diggCount"; //this should get you at the special digg:diggCount element, which shows an example of retrieving info out of custom namespaces ?> There is still some work for you to do with looping through the XML... so let me know if you get stuck again

Thorpe, Thanks for your reply. I'm looking forward to a great learning experience by doing this, and I'm sure I will have other questions along the way.