Apache and suexec issue that wont let me run my python script

[Íéêüëáïò Êïýñáò]

Ôç ÔåôÜñôç, 5 Éïõíßïõ 2013 12:29:10 ì.ì.. UTC+3, ï ÷ñÞóôçò Heiko Wundram Ýãñáøå:

Am 05.06.2013 11:19, schrieb Chris Angelico:





I understood that - I rather got the impression that he (as a person)

wasn't technically capable of changing it. Alas, the internets didn't

remain a better place for long.

It will remain, if you go away.

 

[Íéêüëáïò Êïýñáò]

Ôç ÔåôÜñôç, 5 Éïõíßïõ 2013 12:31:37 ì.ì.. UTC+3, ï ÷ñÞóôçò Chris Angelico Ýãñáøå:

I've actually tried on MANY occasions to help you. I have put in a

number of hours of volunteer time researching and posting for you,

which I don't regret only because the list is of value to more people

than just the one who asked the question. You are unhelpable.








So you'll casually give out your root password again, yet you think

you are not naive? The next person you meet might actually do you some

harm.



You most definitely *are* a fool.

TheRE is this saying that applis to you:
A THIEF BELEIVES EVERYBODY STEALS.

You do not trust people because you think all of them are likely to screw you, when its the other way around.

 

[Chris Angelico]

iI got back root access and i

'rm -y /home/user/public_html/Hello_from_ROSUAV'
so to delete your deface. Thank God you just placed that text file there and did not deface frontpages.

Indeed. That's one of the few truly accurate statements you've made. I
am a God-fearing man, a Christian, a man of ethics, and that is why I
did not deface anything. All I did was create those files and read a
few little pieces like the .contactemail nuggets (btw, thanks - those
are the very people who have the right to know about this).

Then i run 'history' to see what exactly you ahve typed but the history log only showed me my own commands.

Precisely. My commands are not in your .bash_history file. Someone
could have done anything and you wouldn't even know.

ChrisA

 

[Íéêüëáïò Êïýñáò]

And here us Alex23 private mail that sent out to me:

There would have been no violation if he just look into en encoding issueand not meddled with my customers mail and data.

"Waaah, why didn't this stranger do my job for me for free? I'm so
confused!"

Alex23, you are the *WORST* character i ever encountered in this list andforums in gernal.

Hooray!

You probably haven't noticed because you don't give a shit about any
other problems here but your own, but I do help people on this list,
when it's clear they actually want to learn and not just palm off
their confusion onto other people. What I don't do is some lazy
dickwad's work for him; I get enough of that from my project managers.
I don't suffer fools gladly, and boy, are you ever a fool.

Idiot and ignorant too not knowing that ~/www is a symlink to ~/public_html and pretending to help.

Firstly, that's why I _asked_ if they were the same. Secondly, excuse
me if I don't set up my web servers using shitty obsolete mechanisms
like CGI.

And given I'm not the one who's handing out root access to his
commercial server like it's candy, you really shouldn't be throwing
terms like "ignorant" around.

**** you too and sod off.

You're such a charmer



What a fucker...

 

[Chris Angelico]

TheRE is this saying that applis to you:
A THIEF BELEIVES EVERYBODY STEALS.

You do not trust people because you think all of them are likely to screwyou, when its the other way around.

You really need to do a basic course in internet security. Why do we
have SSL? Is it because everyone's honest and trustworthy? Why do you
access your server using a password in the first place? I mean, if
people are honest, wouldn't it be fine to just use TELNET and simply
enter your name to get access?

Please don't misunderstand me. If I hated you, thought you worthless,
and/or was angry at you, I would not be trying to explain this; you
would have been in my killfile weeks ago and I would not even be aware
of your problems. I think you have the capacity to learn and improve,
but you really need to put some effort into figuring out what you're
doing.

I dread to think what you're charging your clients for the shoddy
service you're offering them. With ten clients, you're probably having
to charge them the equivalent of $US50/year just for cpanel, on top of
all your other costs. No wonder the economy of Greece is in trouble.

ChrisA

 

[alex23]

And here us Alex23 private mail that sent out to me:

Which I spared the list from because it was off-topic, but I don't
think that's a concept you're overly familiar with given your posting
history.

 

[alex23]

No wonder the economy of Greece is in trouble.

This isn't addressed just to Chris, as this isn't the first time the
joke has been made, but could we not? There's a term for applying the
failings of an individual to an entire genetic or cultural collective,
and it isn't a pretty one.

 

[Heiko Wundram]

Am 05.06.2013 11:33, schrieb Íéêüëáïò Êïýñáò:

It will remain, if you go away.

Look, pal, I work as a programmer for a (medium size) network service
provider, and due to that I (should) know my networking security 101.
It's generally people like you who are:

1) extremely careless about their system
2) intolerably naive and persistently refusing to learn

and who as a consequence hand out root logins for hosts with big (!)
pipes to people that should - under no circumstances ever, EVER - be
trusted, who are in turn causing the scourge of the public internets
that's called a botnet. It doesn't matter whether you're simply so
stupid (yes, I said it!) as to hand out actual root logins or whether
you refuse to update your system or whether you use weak passwords: in
all cases, your system is compromised, and due to the rather big pipe
that your system has it in turn compromises the integrity of the whole
network that the system is connected to.

Chris is completely right: you shouldn't thank him for not doing 'rm -rf
/' on your system (that's utter peanuts, and only hits you), you should
rather thank him for not copying your complete client data (and in turn
their client's data, let's talk about identity theft) and/or for not
installing a bot on your system which would in turn cause me to have
headaches when the bot's misused to DDoS or for any other form of
network-based attack on the network that I need to administer.

It's you who's the untrustworthy, completely unreliable and utterly
irresponsible member of the community of networks that's called the
Internet. Please go somewhere else.

 

[Chris Angelico]

This isn't addressed just to Chris, as this isn't the first time the
joke has been made, but could we not? There's a term for applying the
failings of an individual to an entire genetic or cultural collective,
and it isn't a pretty one.

Sorry. You're right, that was un-called-for. I retract that comment.

My main point I still stand by, though. These people are paying good
money for a service that probably seems fine, to them. It's probably
seemed fine for several years, even. But underneath, the systems admin
is constantly breaking stuff and then coming in a panic to an open
forum, begging for help, and then giving root access to strangers in
the hope that they'll magically fix everything. This is not the sort
of service I would pay for, and this is why I do not regret the
potential damage to Nikos's revenue. The complaint is equivalent to
begging a bank not to put in security cameras, because bank robbers
might get less income.

ChrisA

 

[Íéêüëáïò Êïýñáò]

Ôç ÔåôÜñôç, 5 Éïõíßïõ 2013 12:55:49 ì.ì.. UTC+3, ï ÷ñÞóôçò Heiko Wundram Ýãñáøå:

Am 05.06.2013 11:33, schrieb �������� ������:

It's you who's the untrustworthy, completely unreliable and utterly
irresponsible member of the community of networks that's called the
Internet.

I dont care what you do for a living, you never helped me a bit in anything, you just presented to me your self 1 hour ago to join the party.

Please go somewhere else.

Please sod off from my thread. Thank you.

 

[Íéêüëáïò Êïýñáò]

Ôç ÔåôÜñôç, 5 Éïõíßïõ 2013 1:12:55 ì.ì.UTC+3, ï ÷ñÞóôçò Chris Angelico Ýãñáøå:

Sorry. You're right, that was un-called-for. I retract that comment.



My main point I still stand by, though. These people are paying good

money for a service that probably seems fine, to them. It's probably

seemed fine for several years, even. But underneath, the systems admin

is constantly breaking stuff and then coming in a panic to an open

forum, begging for help, and then giving root access to strangers in

the hope that they'll magically fix everything. This is not the sort

of service I would pay for, and this is why I do not regret the

potential damage to Nikos's revenue. The complaint is equivalent to

begging a bank not to put in security cameras, because bank robbers

might get less income.

I dont own e-shops websites that require credit cards to make transactions.
I just host 10 peoples who happen to be my friends websites, most of them created by Joomla CMS.

50 euros they pay me for the year for my services and some of them the half..
I barely make some money out of this which with your actions today might loose them too. I hope you are happy.
What ever i try is expicitly under my user account for python issues and not system wide, so hell brakes loose. And even if it did, my company whos server i rent, would have been abel to fix that.

What you did is unforgivable, you should have decalred that:

"Nik, i actually dont want to help you with your damn enodnig issue, bur rather mess with your system to prove a point and i dont even regret if you loose some of your customers."

Having said that, you could have been honest.
At some point i will pay someone here to modify my templates and python scripts to use web frameworks.
You and Heiko of course would be excluded from the programmer for hire list..

Michael Torrie
Steven D'aprano
Lele Gaifax
Cameron Simpson

are possible candidates.

 

[Íéêüëáïò Êïýñáò]

Ôç ÔåôÜñôç, 5 Éïõíßïõ 2013 12:49:13 ì.ì.. UTC+3, ï ÷ñÞóôçò alex23 Ýãñáøå:

Which I spared the list from because it was off-topic, but I don't

think that's a concept you're overly familiar with given your posting

history.

You spare it from the list because you wanted to bitch in private.
Now sod off.

 

[Heiko Wundram]

Am 05.06.2013 12:21, schrieb Íéêüëáïò Êïýñáò:

I dont care what you do for a living, you never helped me a bit in anything, you just presented to me your self 1 hour ago to join the party.

Guess why I did so: you're presently touching a subject (network safety)
that I hold dear, and not only being a troll.

 

[Heiko Wundram]

Am 05.06.2013 12:30, schrieb Íéêüëáïò Êïýñáò:

You and Heiko of course would be excluded from the programmer for hire list.

Guess what: I have a job. And I don't give a damn.

 

[Antoon Pardon]

Op 05-06-13 11:19, Íéêüëáïò Êïýñáò schreef:

I'am a perosn that eaisly trust other people to have ethics, especially python programmers who knows how difficult its to debug a script and have it working.
Some people can be trusted, and actually try to help.
Some dont.
Chris is na example of the latter. At least he didnt wipe the whoile system out.
And i do have access of my system 30 mins now.
And yes i will again root access to another person, which i beleive he can be trsuted and give me some friendly help.

You believing so, is not enough.

Tha is all i have to say and i'm not naive or fool.
As i said some people can actually be trusted.

Yes you are naive and a fool. The existance of trustworthy people is not
the issue. The issue is how do you protect your server from the
untrustworthy ones.

Chris has shown you that your method for the latter sucks, yet here you
are publicly stating you will just proceed in the same way.

Someone with malice in mind has only to win your trust here or elsewhere
by faking he wants to help you and you seem willing to give them the
root password to your server. On top of that you have made it public
that this will likely work.

That certainly makes you naive and a fool.

 

[Íéêüëáïò Êïýñáò]

Ôç ÔåôÜñôç, 5 Éïõíßïõ 2013 1:39:28 ì.ì.UTC+3, ï ÷ñÞóôçò Antoon Pardon Ýãñáøå:

Op 05-06-13 11:19, �������� ������ schreef:







You believing so, is not enough.



Yes you are naive and a fool. The existance of trustworthy people is not

the issue. The issue is how do you protect your server from the

untrustworthy ones.



Chris has shown you that your method for the latter sucks, yet here you

are publicly stating you will just proceed in the same way.



Someone with malice in mind has only to win your trust here or elsewhere

by faking he wants to help you and you seem willing to give them the

root password to your server. On top of that you have made it public

that this will likely work.

I will understand by his attitude in general if he is likely to help me or not.
With Chris, being an expert and all, i was 60%-40% that he was likely to help me, but i was rather worrying if he would solve the filename encoding and suexec issues more that harming the server(whoch he did not)

Btw, since history doesnt show me his history comamnds when he logged in from .au(why not really?), how can i tell what exactly did he do when he logged on to the server?

 

[alex23]

Btw, since history doesnt show me his history comamnds when he logged in from .au(why not really?)

http://lmgtfy.com/?q=centos+clear+command+line+history

You're welcome.

 

[Heiko Wundram]

Am 05.06.2013 13:07, schrieb Íéêüëáïò Êïýñáò:

Btw, since history doesnt show me his history comamnds when he logged in from .au(why not really?), how can i tell what exactly did he do when he logged on to the server?

As root has full access to your system (i.e., can change file contents
and system state at will), and you gave him root access: you can't. And
he made sure to remove things such as .bash_history and the syslog
contents, I guess. At least that's what I'd have done to prove a point.

 

[Íéêüëáïò Êïýñáò]

Ôç ÔåôÜñôç, 5 Éïõíßïõ 2013 2:14:34 ì.ì.UTC+3, ï ÷ñÞóôçò Heiko Wundram Ýãñáøå:

Am 05.06.2013 13:07, schrieb �������� ������:

As root has full access to your system (i.e., can change file contents
and system state at will), and you gave him root access: you can't. And
he made sure to remove things such as .bash_history and the syslog
contents, I guess. At least that's what I'd have done to prove a point.

I see. Thanks.
Is there some logging utility i can use next time iam offering root access to someone(if i do it) or perhaps logging a normal's account activity?

 

[Heiko Wundram]

Am 05.06.2013 13:19, schrieb Íéêüëáïò Êïýñáò:

Is there some logging utility i can use next time iam offering root access to someone(if i do it) or perhaps logging a normal's account activity?

Short answer: Not for root, no.

Long answer: as I've already said: root can change file contents, or
more explicitly _any_ system state, and (s)he can do that at will, and
as such you can't ever be sure that what any form of logging is telling
you will be the "truth" in some form or another if you've had a
malicious root user on your system.

Now: think again why it's such a plain stupid and incredibly bad idea to
hand out root credentials to people you shouldn't trust, and why people
(like me) keep telling you that you're naive and a fool to even consider
handing out root logins.

PS: the same is true for normal logins. You don't know whether some form
of privilege escalation exists on your system, so even by handing out
supposedly safe non-root accounts, your installation might get
compromised due to insecure SUID software or due to privilege escalation
bugs in the kernel.