[01:21] apparently china is upgrading it's great firewall to do more blocking of vpn';s. [04:07] *** SpaceDum1 has quit IRC (Ping timeout: 256 seconds) [04:09] *** SpaceDump has joined #arpnetworks [05:50] GOOGLE is quite stupid and intrusive!!! They force HTTPS on thier search engine for MOST BROWSERS.. They force that crap on thier email server WHICH SUCKS because it doesnt work right!!!!! (@ least on my browser (I have to keep refreshing the page or it doesnt load (I HAD SSL DISABLED ON GMAIL (IT doesnt matter anyway,i would not use GOOGLEs email for anything!!! (I DO NOT TRUST THEM [05:50] IDIOTS))))) [05:50] Remember GOOGLE works with the GOVT,they are just as bad!!!!!!! THEY MAY HAVE CONCOCTED THE WHOLE THING TO MAKE PPL CHANGE THIER SSL SETTINGS AND MAKE THEM THINK THEY ARE NOW SAFE WHEN THEY ARENT!!!!! (You dont know who you are cooperating with) [05:50] I DONT BELIEVE ANY OF THIS SSL BS!!!!!!!! -- I THINK ITS STAGED CRAP TO GET PEOPLE LOCKED INTO A MORE EASILY MONITORING ABILITY!! ITS NOT GOOD TO BLINDLY BELIEVE THE BS WHEN THERE IS NO PROOF OF ANYTHING HAPPENING!! (Gives them all the power in the world to further thier agendas,etc) [05:50] sorry, wrong window, irssi didn't prompt on rightclick [06:03] *** _Zodiac has joined #arpnetworks [06:04] *** _Zodiac has left [10:31] still good for a chuckle [10:36] the best part is that that's a WHT post [10:39] bahaha [10:39] NS(SL)A [10:41] *** mkb has quit IRC (Ping timeout: 244 seconds) [11:25] And here I thought hazardous had lost his mind [11:25] Glad those weren't your words [11:30] before i scrolled up to see who sent it to the channel, i figured it was one of those random users who show up in channels to send crazy shit for no reason [11:30] I thought so too before I looked to the side [11:44] This email is to notify you that you may be temporarily unable to access your SpiderOak account. Earlier this evening we experienced a network outage which cut off access for some of our users. We are working around the clock to resolve the problem, and we will continue to update you as we make progress. Please accept our sincere apologies for the inconvenience. [11:44] wee [12:42] *** mkb has joined #arpnetworks [12:42] *** mkb is now known as Guest10431 [13:02] *** Guest10431 is now known as mkb [14:50] *** hive-mind has quit IRC (Remote host closed the connection) [14:51] *** hive-mind has joined #arpnetworks [15:00] *** zeshoem has quit IRC (Ping timeout: 245 seconds) [15:19] *** zeshoem has joined #arpnetworks [15:34] does anyone know if cacti requires any of these functions: "fsockopen, show_source, system, shell_exec, passthru, exec, popen, proc_open, strrev" [15:35] I added them to my disabled function list and now cacti stopped working [15:36] I suspect so, I believe it shells out for some things [15:36] Check the error logs [15:37] Unless you have php error reporting turned silent, it will bitch when something tries to use a denied function. [15:42] enabled those functions and now the graphs appear [15:42] not sure which one exactly caused it to stop working [15:42] mnathani: Why would you block strrev? [15:42] just before 22nd of Jan - the graphs go dark [15:43] I found some malicious wordpress hack [15:43] that used it [15:43] with base64 decode / encode [15:43] All it does is reverse a string. In and of itself, it's not malicious [15:43] I can msg you the code if you care to check it out [15:43] if you've seen one wp hack, you've seen them all [15:43] (and I've seen a couple) [15:44] That's a lot like blocking "echo" because it's used in wp hack :P [15:45] mnathani: Confirmed taht strrev is used in cacti site/lib/snmp.php [15:46] Three times [15:46] *that [15:46] s/taht/that [15:46] mnathani: Confirmed that strrev is used in cacti site/lib/snmp.php [15:46] ok [15:46] Also popen is used [15:47] And proc_open [15:47] Man, you hit every one on the head ;p [15:47] That's what she said!! [15:47] those can all be used to attack a system though [15:47] agreed [15:47] But they're also used so cacti can call out to rrdtool, perform snmp stuff, etc [15:48] so there should be massive firewalls infront of a cacti box [15:48] Ehhhh not necessarily [15:48] Provided that cacti isn't executing arbitrary code, for instance [15:48] (I mean, yeah, practice good firewalling anyways) [15:48] But the only times those functions are inherently bad is when they can be used to execute arbitrary commands. [15:49] (fwiw, I'm just grep'ing /usr/share/cacti/, and you can too) [15:49] grep -Irn strrev /usr/share/cacti/ [15:50] i wonder if there's a way to map used functions to programs when compiling or such [15:50] i suppose modules is the difficult part [15:50] Compiling? This is PHP, it's scripted. (unless you meant inside PHP itself) [15:50] oh right [15:50] for some reason i think of php like a normal app :/ [15:50] lol [15:51] but yeah it's not even php frontend [15:51] it's php through isn't it? [15:51] I mean, there is an rrd module for PHP that Cacti could (or might even) use assuming it's installed. I'm not digging in further. [15:51] Yeah, all of Cacti is written/scripted in PHP [15:51] well it does use rrdtool [15:52] but yeah that's external program [15:52] it's also meant to be the main perforamnce issue of cacti [15:52] well on larger installs [15:55] mnathani: most installs you need to login to do anything [15:55] so the attack vector for random internet users is greatly decreased. [15:56] I guess I am more concerned with wordpress sites on the same box [15:56] which can get compromised using said fuctions [15:56] use a separate ini file for them [15:56] s/fuct/funct [15:56] which can get compromised using said functions [15:57] * zeshoem and mnathani are the same person [15:57] ahh [15:57] also alternate nick treshoem sometimes [15:57] if you can split off the php config and uid's that's good [15:58] I will look into that [18:10] *** josephb_ has joined #arpnetworks [18:17] *** technoid_ has quit IRC (*.net *.split) [18:17] *** vissborg has quit IRC (*.net *.split) [18:17] *** pcn has quit IRC (*.net *.split) [18:17] *** josephb has quit IRC (*.net *.split) [18:20] *** pcn has joined #arpnetworks [18:23] *** vissborg has joined #arpnetworks [18:25] *** qbit_ has joined #arpnetworks [18:35] *** qbit has quit IRC (*.net *.split) [18:37] *** CaZe has joined #arpnetworks [18:43] *** abthorpet has joined #arpnetworks [18:46] *** hive-mind has quit IRC (Disconnected by services) [18:46] *** kevr_ has joined #arpnetworks [18:46] *** hive-mind has joined #arpnetworks [18:49] *** relrod_ has joined #arpnetworks [18:49] *** relrod_ has quit IRC (Remote host closed the connection) [18:50] *** kevr has quit IRC (*.net *.split) [18:50] *** relrod has quit IRC (*.net *.split) [18:50] *** tabthorpe has quit IRC (*.net *.split) [18:50] *** JC_Denton has quit IRC (*.net *.split) [18:50] *** JC_Denton has joined #arpnetworks [18:50] *** relrod_ has joined #arpnetworks [18:50] *** JC_Denton is now known as Guest71727 [18:53] *** relrod_ is now known as relrod [19:06] *** jbergstroem has quit IRC (Ping timeout: 250 seconds) [19:06] *** jbergstroem has joined #arpnetworks [19:16] *** Guest71727 is now known as JC_Denton [19:16] *** joepie91_ has quit IRC (Ping timeout: 252 seconds) [19:23] *** joepie91_ has joined #arpnetworks [19:29] *** dj_goku has quit IRC (Read error: No route to host) [19:29] *** dj_goku_ has joined #arpnetworks [19:29] *** dj_goku_ has quit IRC (Changing host) [19:29] *** dj_goku_ has joined #arpnetworks [19:52] *** toeshred_ has joined #arpnetworks [19:52] *** toeshred has quit IRC (Ping timeout: 628 seconds) [19:59] *** dj_goku_ has quit IRC (Ping timeout: 245 seconds) [20:03] *** hive-mind has quit IRC (Ping timeout: 245 seconds) [20:05] *** hive-mind has joined #arpnetworks [20:19] *** dj_goku has joined #arpnetworks [20:19] *** dj_goku has quit IRC (Changing host) [20:19] *** dj_goku has joined #arpnetworks [20:35] *** dj_goku has quit IRC (Ping timeout: 252 seconds) [20:38] *** dj_goku has joined #arpnetworks [20:38] *** dj_goku has quit IRC (Changing host) [20:38] *** dj_goku has joined #arpnetworks