Jump to content

Recommended Posts

I run cronjobs on my website. After one of my visitors got curious and tinkered around he realized he could reset my cron jobs...woohoo....

 

Is there a way to get information from the server to make sure it is who it is?

 

I have my idea below but I would like to know if there was another more secure way of doing this or if my way is fine. Since I also automaticly updating incoming CPA Leads and Paypal IPN the same way as my cronjobs.  Paypal IPN does have to make sure there 'account balance' has money through Database so they can't just go throwing money at themselves..Luckily I had thought of that before the visitor went tinkering.  ;D

 

I basicly figured something like if i ran a cronjob and my server ip was 1.1.1.1 and the cronjob sent to http://site.com/cron.php?id=admin22113 coding would be as followed:

 

$id=$_GET["id"];
$ip=@$REMOTE_ADDR; 



if ($ip==1.1.1.1){
if ($id="admin22113"){

DoFunctions(CronJobs)

}
}

 

the $id(admin22113) I put as a secondary security measure. Say my own personal passcode to check if its there to say its me.

 

Only problem with this is my CPA Company IP changes and doesn't do "passcodes". I have to use Get functions to receive data through server so this is a little harder for a visitor to call. If there are any other possible ways please help me out.

 

 

Link to comment
https://forums.phpfreaks.com/topic/177925-ip-based-cron-jobs/
Share on other sites

Instead of banning everyone but yourself (or a group of IPs), you should try to ban the individual IP or IP block. If this was a one time event, then it might not happen again. For now, just look through your server logs and you are sure to find out who did what.

Link to comment
https://forums.phpfreaks.com/topic/177925-ip-based-cron-jobs/#findComment-938141
Share on other sites

ya i made it clear for who it was not to do it again or else he will be banned. I now added to call the username if there is one when the cronjob is accessed and mail the Username to me. I have enough members if someone gets ****ed off tho they could just do it from not being logged in just by going to site.com/cron.php...so I'm just trying to limit who has the ability to do it(Server mostly) Because currently I switched it over to moderator based. So that only select moderators can do it. But i'd like it automated cause I have a big trust issue when it deals with a website dealing with other peoples money and want to be as secure as possible. So far it seems all the cronjobs comes from 1 IP address ( Have it $_get the server IP and then echo it so it shows in an email to myself).  Would the IP address IF statement work fine is all I need to know. If the IP changes I can just set the if statement that if IP does not match ip to say there was an error then I can run the cron job myself.

Link to comment
https://forums.phpfreaks.com/topic/177925-ip-based-cron-jobs/#findComment-938211
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.