Current time: 07-03-2020, 11:22 PM Hello There, Guest! (LoginRegister)


Post Reply 
 
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Verschlüsselte Seiten bieten PHP Dateien zum Download
Author Message
mr.x Offline
Development Team
*****
Dev Team

Posts: 232
Joined: Nov 2006
Reputation: 3
Post: #11
RE: Verschlüsselte Seiten bieten PHP Dateien zum Download
(04-04-2011 03:20 AM)5kyy Wrote:  irgendwie stell ich mich grad offensichtlich zu doof an.
ssl logs kann ich überhaupt keine finden und die apache2 logs hab ich ewig dateien in dem ordner wobei die je nach domain ne -combined.log und ne -traf.log haben.
In der combined stehen aber ned wirklich sonderliches sachen drin?

Hallo,

es ist ganz einfach.
Zeige und deine Configs und Logs und es wird dir geholfen !
04-04-2011 03:29 AM
Find all posts by this user Quote this message in a reply
tomhb Offline
Member
***

Posts: 336
Joined: Apr 2010
Reputation: 4
Post: #12
RE: Verschlüsselte Seiten bieten PHP Dateien zum Download
(04-04-2011 03:20 AM)5kyy Wrote:  Bin jetzt selbst etwas im ungewissen wie ich hier weitermachen soll?

Ohne die Config vom VHost wird Dir hier niemand weiterhelfen koennen.

Wenn Du keine LogFiles findest/hast, vielleicht hast Du einfach kein
ErrorLog [ http://httpd.apache.org/docs/current/mod...l#errorlog ]
fuer die SSL-Sites angegeben?

Anfangen kannst Du schon mal damit:
# apache2ctl -t -D DUMP_VHOSTS

Sieht das "vernuenftig" aus?


Gruss Tom
04-04-2011 03:51 AM
Find all posts by this user Quote this message in a reply
5kyy Offline
Junior Member
*

Posts: 58
Joined: Feb 2010
Reputation: 0
Post: #13
RE: Verschlüsselte Seiten bieten PHP Dateien zum Download
Hey,

nundenn dann will ich mal doch etws mehr dazu erzählen. Hoff ich geb ned aus versehen zu viel Preis. Bin ein eher VORSICHTIGER "admin". Admin bewusst in Anführungszeichen und klein geschrieben ;-)

die default-error.log des apache2
Quote:[Sat Apr 02 02:58:34 2011] [error] [client 209.190.38.14] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFindSmile
[Sat Apr 02 08:24:14 2011] [error] [client 184.154.77.226] File does not exist: /var/www/ispcp/gui/webdav
[Sat Apr 02 10:07:43 2011] [error] [client 87.230.91.130] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.test0Smile
[Sat Apr 02 12:58:51 2011] [error] [client 67.205.76.172] File does not exist: /var/www/ispcp/gui/w00tw00t.at.blackhats.romanian.anti-secSmile
[Sat Apr 02 12:58:52 2011] [error] [client 67.205.76.172] File does not exist: /var/www/ispcp/gui/phpMyAdmin
[Sat Apr 02 12:58:52 2011] [error] [client 67.205.76.172] File does not exist: /var/www/ispcp/gui/phpmyadmin
[Sat Apr 02 12:58:52 2011] [error] [client 67.205.76.172] File does not exist: /var/www/ispcp/gui/tools/pma/scripts/setup.php
[Sat Apr 02 12:58:52 2011] [error] [client 67.205.76.172] File does not exist: /var/www/ispcp/gui/myadmin
[Sat Apr 02 12:58:52 2011] [error] [client 67.205.76.172] File does not exist: /var/www/ispcp/gui/MyAdmin
[Sat Apr 02 14:16:22 2011] [error] [client 206.126.46.42] File does not exist: /var/www/ispcp/gui/thisdoesnotexistahaha.php
[Sat Apr 02 19:09:02 2011] [error] [client 69.46.23.47] File does not exist: /var/www/ispcp/gui/proxychecker, referer: http://www.google.com/search?hl=ru&q=fre...f&ie=UTF-8
[Sun Apr 03 01:39:10 2011] [error] [client 178.33.202.187] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFindSmile
[Sun Apr 03 01:53:13 2011] [error] [client 85.14.217.19] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFindSmile
[Sun Apr 03 02:26:05 2011] [error] [client 87.230.91.130] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.test0Smile
[Sun Apr 03 07:22:17 2011] [error] [client 178.33.202.187] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFindSmile
[Sun Apr 03 07:35:34 2011] [error] [client 174.133.188.74] File does not exist: /var/www/ispcp/gui/webdav
[Sun Apr 03 09:51:16 2011] [error] [client 95.211.9.164] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFindSmile
[Sun Apr 03 13:18:26 2011] [error] [client 178.33.202.187] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFindSmile
[Sun Apr 03 13:58:46 2011] [error] [client 74.52.158.98] File does not exist: /var/www/ispcp/gui/phpmyadmin
[Sun Apr 03 13:58:46 2011] [error] [client 74.52.158.98] File does not exist: /var/www/ispcp/gui/phpmyadmin0
[Sun Apr 03 13:58:47 2011] [error] [client 74.52.158.98] File does not exist: /var/www/ispcp/gui/phpmyadmin1
[Sun Apr 03 13:58:47 2011] [error] [client 74.52.158.98] File does not exist: /var/www/ispcp/gui/phpMyAdmin
[Sun Apr 03 13:58:47 2011] [error] [client 74.52.158.98] File does not exist: /var/www/ispcp/gui/phpmyadmin2
[Sun Apr 03 13:58:48 2011] [error] [client 74.52.158.98] File does not exist: /var/www/ispcp/gui/mysql
[Sun Apr 03 13:58:48 2011] [error] [client 74.52.158.98] File does not exist: /var/www/ispcp/gui/sql
[Sun Apr 03 13:58:48 2011] [error] [client 74.52.158.98] File does not exist: /var/www/ispcp/gui/php
[Sun Apr 03 13:58:48 2011] [error] [client 74.52.158.98] File does not exist: /var/www/ispcp/gui/help
[Sun Apr 03 13:58:49 2011] [error] [client 74.52.158.98] File does not exist: /var/www/ispcp/gui/utilities
[Sun Apr 03 13:58:49 2011] [error] [client 74.52.158.98] File does not exist: /var/www/ispcp/gui/cms
[Sun Apr 03 13:58:49 2011] [error] [client 74.52.158.98] File does not exist: /var/www/ispcp/gui/mysql
[Sun Apr 03 13:58:49 2011] [error] [client 74.52.158.98] File does not exist: /var/www/ispcp/gui/xampp
[Sun Apr 03 13:58:50 2011] [error] [client 74.52.158.98] File does not exist: /var/www/ispcp/gui/typo3
[Sun Apr 03 13:58:50 2011] [error] [client 74.52.158.98] File does not exist: /var/www/ispcp/gui/phpmyadmin-old
[Sun Apr 03 13:58:50 2011] [error] [client 74.52.158.98] File does not exist: /var/www/ispcp/gui/pma-old
[Sun Apr 03 13:58:57 2011] [error] [client 74.52.158.98] File does not exist: /var/www/ispcp/gui/catalog
[Sun Apr 03 13:58:57 2011] [error] [client 74.52.158.98] File does not exist: /var/www/ispcp/gui/shop
[Sun Apr 03 13:59:00 2011] [error] [client 74.52.158.98] File does not exist: /var/www/ispcp/gui/phpadmin
[Sun Apr 03 13:59:01 2011] [error] [client 74.52.158.98] File does not exist: /var/www/ispcp/gui/myadmin
[Sun Apr 03 13:59:01 2011] [error] [client 74.52.158.98] File does not exist: /var/www/ispcp/gui/mysqlAdmin
[Sun Apr 03 13:59:01 2011] [error] [client 74.52.158.98] File does not exist: /var/www/ispcp/gui/mysqladmin
[Sun Apr 03 13:59:01 2011] [error] [client 74.52.158.98] File does not exist: /var/www/ispcp/gui/admin/server_export.php
[Sun Apr 03 13:59:02 2011] [error] [client 74.52.158.98] File does not exist: /var/www/ispcp/gui/admin/pma
[Sun Apr 03 13:59:02 2011] [error] [client 74.52.158.98] File does not exist: /var/www/ispcp/gui/admin/phpmyadmin
[Sun Apr 03 13:59:02 2011] [error] [client 74.52.158.98] File does not exist: /var/www/ispcp/gui/dbadmin
[Sun Apr 03 13:59:02 2011] [error] [client 74.52.158.98] File does not exist: /var/www/ispcp/gui/db
[Sun Apr 03 13:59:03 2011] [error] [client 74.52.158.98] File does not exist: /var/www/ispcp/gui/database

Hier ein Auszug von dem VHOST DUMP:
Quote:xxx.xxx.xxx.xxx:443 is a NameVirtualHost
default server xxx.xxx.xxx (/etc/apache2/sites-enabled/02_ssl_xxx.conf:117)
port 443 namevhost xxx.xxx.xxx (/etc/apache2/sites-enabled/02_ssl_xxx.conf:117)
port 443 namevhost xxx.xxx.xxx (/etc/apache2/sites-enabled/02_ssl_xxx.conf:218)
port 443 namevhost xxx.xxx.xxx (/etc/apache2/sites-enabled/02_ssl_xxx.conf:305)
port 443 namevhost xxx.xxx.xxx (/etc/apache2/sites-enabled/02_ssl_xxx.conf:392)
port 443 namevhost xxx.xxx.xxx (/etc/apache2/sites-enabled/02_ssl_xxx.conf:479)
port 443 namevhost xxx.aaa.xxx (/etc/apache2/sites-enabled/ispcp.conf:184)
port 443 namevhost xxx.aaa.xxx (/etc/apache2/sites-enabled/ispcp.conf:374)
Syntax OK

Kleine Erläuterung. Die letzten beiden haben aaa als Domain, da diese eine andere Domain haben und ein anderes Zertifikat

Und hier die vHost der ispcp.conf für diese Domain bzw. Subdomain.
Als erster die Weiterleitung von Port 80 auf 443:
Quote:<VirtualHost xxx.xxx.xxx.xxx:80>

ServerAdmin xxx@xxx.de
DocumentRoot /var/www/virtual/aaa.de/xxx/htdocs
ServerName xxx.aaa.de
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://xxx.aaa.de$1 [R,L]
ErrorLog /var/log/apache2/users/xxx.aaa.de-error.log
TransferLog /var/log/apache2/users/xxx.aaa.de-access.log
CustomLog /var/log/apache2/xxx.aaa.de-traf.log traff
CustomLog /var/log/apache2/xxx.aaa.de-combined.log combined

</VirtualHost>

# httpd [xxx.aaa.de] sub entry BEGIN.
<VirtualHost xxx.xxx.xxx.xxx:443>

#
#User xxx
#Group xxx
#

<IfModule suexec_module>
SuexecUserGroup xxx xxx
</IfModule>

#
# GnuTLS Start
#
GnuTLSEnable on
GnuTLSPriorities SECURE:!MD5
GnuTLSCertificateFile /etc/apache2/ssl-aaa/aaa-gnutls.crt
GnuTLSKeyFile /etc/apache2/ssl-aaa/aaa.key
#
# GnuTLS End
#

ServerAdmin xxx@xxx.de
DocumentRoot /var/www/virtual/xxx.de/aaa/htdocs

ServerName xxx.aaa.de
ServerAlias http://www.xxx.aaa.de xxx.aaa.de

Alias /errors /var/www/virtual/aaa.de/errors/

RedirectMatch permanent ^/ftp[\/]?$ http://xxx.xxx.xx/ftp/
RedirectMatch permanent ^/pma[\/]?$ http://xxx.xxx.xx/pma/
RedirectMatch permanent ^/webmail[\/]?$ http://xxx.xxx.xx/webmail/
RedirectMatch permanent ^/ispcp[\/]?$ http://xxx.xxx.xx.net/

ErrorDocument 401 /errors/401.html
ErrorDocument 403 /errors/403.html
ErrorDocument 404 /errors/404.html
ErrorDocument 500 /errors/500.html
ErrorDocument 503 /errors/503.html

<IfModule mod_cband.c>
CBandUser aaa.de
</IfModule>

# httpd sub entry cgi support BEGIN.
# httpd sub entry cgi support END.

<Directory /var/www/virtual/aaa.de/xxx/htdocs>
# httpd sub entry PHP support BEGIN.
# httpd sub entry PHP support END.
Options -Indexes Includes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
Allow from all
</Directory>

# httpd sub entry PHP2 support BEGIN.
<IfModule mod_php5.c>
php_admin_value open_basedir "/var/www/virtual/aaa.de/xxx/:/var/www/virtual/aaa.de/xxx/phptmp/:/usr/share/php/"
php_admin_value upload_tmp_dir "/var/www/virtual/aaa.de/xxx/phptmp/"
php_admin_value session.save_path "/var/www/virtual/aaa.de/xxx/phptmp/"
php_admin_value sendmail_path '/usr/sbin/sendmail -f vu2021 -t -i'
</IfModule>
<IfModule mod_fastcgi.c>
ScriptAlias /php5/ /var/www/fcgi/aaa.de/
<Directory "/var/www/fcgi/aaa.de">
AllowOverride None
Options +ExecCGI -MultiViews -Indexes
Order allow,deny
Allow from all
</Directory>
</IfModule>
<IfModule mod_fcgid.c>
<Directory /var/www/virtual/aaa.de/xxx/htdocs>
FCGIWrapper /var/www/fcgi/aaa.de/php5-fcgi-starter .php
Options +ExecCGI
</Directory>
<Directory "/var/www/fcgi/aaa.de">
AllowOverride None
Options +ExecCGI MultiViews -Indexes
Order allow,deny
Allow from all
</Directory>
</IfModule>
# httpd sub entry PHP2 support END.

Include /etc/apache2/ispcp/xxx.aaa.de.conf

</VirtualHost>
# httpd [xxx.aaa.de] sub entry END.

Ich hoff ich hab nix vergessen und ihr könnt so was anfangen.

Und vielen vielen Dank vorab schonmal

MfG
5ky
04-04-2011 04:17 AM
Find all posts by this user Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread: 1 Guest(s)