The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

php attack issue please help

Discussion in 'General Discussion' started by promak, Feb 2, 2008.

  1. promak

    promak Well-Known Member

    Joined:
    Oct 6, 2001
    Messages:
    248
    Likes Received:
    0
    Trophy Points:
    16
    Hi,

    one of our customer php get below message , i found that not only one site attack our customer script.

    may i know how can i prevent it , as i can't upgrade the php as this time.

    I try block site ip , but too many.

    this site is a members base system.

    Thanks.

    Below is the error log i check in nobody email.:mad:

    <B>Unknown Error No.:</B><BR> Cannot modify header information - headers already sent by (output started at /home/user/public_html/outputpubfile.php:15) (# 2).<br>
    Sorry, but you have been logged out due to an unknown error.<BR>
    The system developer has been sent the following message: <BR>
    <B>Unknown</B> error in line 69 of script /home/user/public_html/outputpubfile.php. <BR>
    getVars
    ID : 324
    PHPSESSID : http://www.salva-sebastien.de/galerie/landschaft/ogiga/mefu/

    useHTTPS :
    dbRow
    0 : %PDF-1.3
    6 0 obj
    <<
    /Linearized 1
    /O 8
    /H [ 853 195 ]
    /L 97293
    /E 95522
    /N 1
    /T 97056
    >>
    endobj
    xref
    6 21
    0000000016 00000 n
    0000000764 00000 n
    0000001048 00000 n
    0000001199 00000 n
    0000001357 00000 n
    0000002063 00000 n
    0000002482 00000 n
    0000002702 00000 n
    0000002917 00000 n
    0000003070 00000 n
    0000003109 00000 n
    0000003905 00000 n
    0000006742 00000 n
    0000039486 00000 n
    0000055675 00000 n
    0000092318 00000 n
    0000094995 00000 n
    0000095211 00000 n
    0000095414 00000 n
    0000000853 00000 n
    0000001028 00000 n
    trailer
    <<
    /Size 27
    /Info 4 0 R
    /Root 7 0 R
    /Prev 97047
    /ID[<a371ea0d0ee56f2ea22230d8ec09a439><43f400e1b7580e4df88b50a449b531ae>]
    >>
    startxref
    0
    %%EOF

    7 0 obj
    <<
    /Type /Catalog
    /Pages 3 0 R
    /Metadata 5 0 R
    /PageLabels 2 0 R
    >>
    << /S 36 /L 97 /Filter /FlateDecode /Length 26 0 R >>
    stream
     
  2. jer2eydevil88

    jer2eydevil88 Member

    Joined:
    Mar 14, 2006
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    1
    I am not an expert in this area I am only offering help because no one else has. Take my advice as nothing more than helpful advice and do your own research!

    I googled PHP XSS (Cross Site Scripting Attacks) and found this http://blog.php-security.org/archives/94-Suhosin-0.9.21-XSS-Protection.html

    I have compiled Apache a few times myself on my server through WHM and know that suhosin along with other PHP protection modules are available as options.

    If I were in your shoes I would be reading up on these security modules and find one that suites your needs.
     
Loading...

Share This Page