Jump to content
Sign in to follow this  
resoman

Easypopulate upload EP file

Recommended Posts

Hello folks!

 

I had easypopulate working on my server, until last night. I went to upload a text file and it gave me a 403 forbidden error.

 

I used the text file I downloaded from easypopulate, completely unmodified!

 

So its not the text file, my temp directory is chmod to 777, and yes my $DOCUMENT_ROOT is set in the admin/includes/configure.php

 

I was under the impression it may be server side, because I was reading on hostdime/surpass hosting forums about the security issues they are having.

 

Apparently they installed a security module called PHPsuexec

 

PHPsuexec is supposed to eliminate security issues, only allowing user/groups to execute scripts.

This means all files only need 755 permissions

 

According to this thread, there is more, but I am not sure if anything more is valid on this topic:

http://www.surmunity.com/showthread.php?t=16226

 

I could use some expert advice, is PHPsuexec my problem? Is there something I am missing after searching these and many other forums these past two days?


Jesse Rooney

Share this post


Link to post
Share on other sites

I also looked at my log files.

 

Raw access log:

65.29.50.85 - king [11/Jan/2006:23:54:32 -0500] "POST /admin/easypopulate.php?split=0 HTTP/1.1" 403 - "http://www.bavender.com/admin/easypopulate.php?osCAdminID=9685bcb46768e9ff61d3c9d32af969d2" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"

65.29.50.85 - king [11/Jan/2006:23:54:33 -0500] "GET /admin/easypopulate.php?osCAdminID=9685bcb46768e9ff61d3c9d32af969d2 HTTP/1.1" 200 13130 "http://www.bavender.com/admin/categories.php?cID=4&osCAdminID=9685bcb46768e9ff61d3c9d32af969d2" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"

65.29.50.85 - king [11/Jan/2006:23:59:48 -0500] "POST /admin/easypopulate.php?split=0 HTTP/1.1" 403 - "http://www.bavender.com/admin/easypopulate.php?osCAdminID=9685bcb46768e9ff61d3c9d32af969d2" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"

65.29.50.85 - king [11/Jan/2006:23:59:55 -0500] "GET /admin/easypopulate.php?osCAdminID=9685bcb46768e9ff61d3c9d32af969d2 HTTP/1.1" 200 14423 "http://www.bavender.com/admin/categories.php?cID=4&osCAdminID=9685bcb46768e9ff61d3c9d32af969d2" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"

65.29.50.85 - king [12/Jan/2006:00:00:00 -0500] "POST /admin/easypopulate.php?split=0 HTTP/1.1" 403 - "http://www.bavender.com/admin/easypopulate.php?osCAdminID=9685bcb46768e9ff61d3c9d32af969d2" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"

65.29.50.85 - king [12/Jan/2006:00:00:04 -0500] "GET /admin/easypopulate.php?osCAdminID=9685bcb46768e9ff61d3c9d32af969d2 HTTP/1.1" 200 14422 "http://www.bavender.com/admin/categories.php?cID=4&osCAdminID=9685bcb46768e9ff61d3c9d32af969d2" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"

 

error log shows nothing..

 

Hotlink protection is on, but that shouldnt effect this.

 

anyone?


Jesse Rooney

Share this post


Link to post
Share on other sites
I also looked at my log files.

 

Raw access log:

error log shows nothing..

 

Hotlink protection is on, but that shouldnt effect this.

 

anyone?

 

 

here is my server config: http://www.bavender.com/phpinfo.php

 

here is my admin/includes/configure.php file

 

 

 

<?php

/*

osCommerce, Open Source E-Commerce Solutions

http://www.oscommerce.com

 

Copyright © 2003 osCommerce

 

Released under the GNU General Public License

*/

 

// Define the webserver and path parameters

// * DIR_FS_* = Filesystem directories (local/physical)

// * DIR_WS_* = Webserver directories (virtual/URL)

define('HTTP_SERVER', 'http://www.bavender.com/'); // eg, http://localhost - should not be empty for productive servers

define('HTTP_CATALOG_SERVER', 'http://www.bavender.com/');

define('HTTPS_CATALOG_SERVER', 'https://www.bavender.com');

define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module

define('DIR_FS_DOCUMENT_ROOT', $DOCUMENT_ROOT); // where the pages are located on the server

define('DIR_WS_ADMIN', 'admin/'); // absolute path required

define('DIR_FS_ADMIN', '/home2/theking/public_html/admin/'); // absolute pate required

define('DIR_WS_CATALOG', ''); // absolute path required

define('DIR_FS_CATALOG', '/home2/theking/public_html/'); // absolute path required

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/');

define('DIR_WS_INCLUDES', 'includes/');

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

define('DIR_WS_CATALOG_LANGUAGES', DIR_WS_CATALOG . 'includes/languages/');

define('DIR_FS_CATALOG_LANGUAGES', DIR_FS_CATALOG . 'includes/languages/');

define('DIR_FS_CATALOG_IMAGES', DIR_FS_CATALOG . 'images/');

define('DIR_FS_CATALOG_MODULES', DIR_FS_CATALOG . 'includes/modules/');

define('DIR_FS_BACKUP', DIR_FS_ADMIN . 'backups/');


Jesse Rooney

Share this post


Link to post
Share on other sites

Hello,

 

I was browsing this site and happened to see this thread. Just wanted to let you know that you are on Pass2 which does not have phpsuexec enabled yet. Please subscribe to the phpsuexec thread in our forum to keep up to date with the implementation schedule.

 

I hope that your issue with Easypopulate is fixed already... :o

 

Thanks!

Kayla

http://www.surpasshosting.com

http://www.surmunity.com

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×