***: SpaceDum1 has quit IRC (Ping timeout: 256 seconds)
SpaceDump has joined #arpnetworks hazardous: GOOGLE is quite stupid and intrusive!!! They force HTTPS on thier search engine for MOST BROWSERS.. They force that crap on thier email server WHICH SUCKS because it doesnt work right!!!!! (@ least on my browser (I have to keep refreshing the page or it doesnt load (I HAD SSL DISABLED ON GMAIL (IT doesnt matter anyway,i would not use GOOGLEs email for anything!!! (I DO NOT TRUST THEM
IDIOTS)))))
Remember GOOGLE works with the GOVT,they are just as bad!!!!!!! THEY MAY HAVE CONCOCTED THE WHOLE THING TO MAKE PPL CHANGE THIER SSL SETTINGS AND MAKE THEM THINK THEY ARE NOW SAFE WHEN THEY ARENT!!!!! (You dont know who you are cooperating with)
I DONT BELIEVE ANY OF THIS SSL BS!!!!!!!! -- I THINK ITS STAGED CRAP TO GET PEOPLE LOCKED INTO A MORE EASILY MONITORING ABILITY!! ITS NOT GOOD TO BLINDLY BELIEVE THE BS WHEN THERE IS NO PROOF OF ANYTHING HAPPENING!! (Gives them all the power in the world to further thier agendas,etc)
sorry, wrong window, irssi didn't prompt on rightclick ***: _Zodiac has joined #arpnetworks
_Zodiac has left m0unds: still good for a chuckle hazardous: the best part is that that's a WHT post m0unds: bahaha
NS(SL)A ***: mkb has quit IRC (Ping timeout: 244 seconds) brycec: And here I thought hazardous had lost his mind
Glad those weren't your words m0unds: before i scrolled up to see who sent it to the channel, i figured it was one of those random users who show up in channels to send crazy shit for no reason brycec: I thought so too before I looked to the side m0unds: This email is to notify you that you may be temporarily unable to access your SpiderOak account. Earlier this evening we experienced a network outage which cut off access for some of our users. We are working around the clock to resolve the problem, and we will continue to update you as we make progress. Please accept our sincere apologies for the inconvenience.
wee ***: mkb has joined #arpnetworks
mkb is now known as Guest10431
Guest10431 is now known as mkb
hive-mind has quit IRC (Remote host closed the connection)
hive-mind has joined #arpnetworks
zeshoem has quit IRC (Ping timeout: 245 seconds)
zeshoem has joined #arpnetworks mnathani: does anyone know if cacti requires any of these functions: "fsockopen, show_source, system, shell_exec, passthru, exec, popen, proc_open, strrev"
I added them to my disabled function list and now cacti stopped working brycec: I suspect so, I believe it shells out for some things
Check the error logs
Unless you have php error reporting turned silent, it will bitch when something tries to use a denied function. mnathani: enabled those functions and now the graphs appear
not sure which one exactly caused it to stop working brycec: mnathani: Why would you block strrev? mnathani: just before 22nd of Jan - the graphs go dark
I found some malicious wordpress hack
that used it
with base64 decode / encode brycec: All it does is reverse a string. In and of itself, it's not malicious mnathani: I can msg you the code if you care to check it out brycec: if you've seen one wp hack, you've seen them all
(and I've seen a couple)
That's a lot like blocking "echo" because it's used in wp hack :P
mnathani: Confirmed taht strrev is used in cacti site/lib/snmp.php
Three times
*that mnathani: s/taht/that BryceBot: <brycec> mnathani: Confirmed that strrev is used in cacti site/lib/snmp.php mnathani: ok brycec: Also popen is used
And proc_open
Man, you hit every one on the head ;p BryceBot: That's what she said!! mnathani: those can all be used to attack a system though brycec: agreed
But they're also used so cacti can call out to rrdtool, perform snmp stuff, etc mnathani: so there should be massive firewalls infront of a cacti box brycec: Ehhhh not necessarily
Provided that cacti isn't executing arbitrary code, for instance
(I mean, yeah, practice good firewalling anyways)
But the only times those functions are inherently bad is when they can be used to execute arbitrary commands.
(fwiw, I'm just grep'ing /usr/share/cacti/, and you can too)
grep -Irn strrev /usr/share/cacti/ mercutio: i wonder if there's a way to map used functions to programs when compiling or such
i suppose modules is the difficult part brycec: Compiling? This is PHP, it's scripted. (unless you meant inside PHP itself) mercutio: oh right
for some reason i think of php like a normal app :/ brycec: lol mercutio: but yeah it's not even php frontend
it's php through isn't it? brycec: I mean, there is an rrd module for PHP that Cacti could (or might even) use assuming it's installed. I'm not digging in further.
Yeah, all of Cacti is written/scripted in PHP mercutio: well it does use rrdtool
but yeah that's external program
it's also meant to be the main perforamnce issue of cacti
well on larger installs
mnathani: most installs you need to login to do anything
so the attack vector for random internet users is greatly decreased. zeshoem: I guess I am more concerned with wordpress sites on the same box
which can get compromised using said fuctions mercutio: use a separate ini file for them zeshoem: s/fuct/funct BryceBot: <zeshoem> which can get compromised using said functions -: zeshoem and mnathani are the same person mercutio: ahh zeshoem: also alternate nick treshoem sometimes mercutio: if you can split off the php config and uid's that's good zeshoem: I will look into that ***: josephb_ has joined #arpnetworks
technoid_ has quit IRC (*.net *.split)
vissborg has quit IRC (*.net *.split)
pcn has quit IRC (*.net *.split)
josephb has quit IRC (*.net *.split)
pcn has joined #arpnetworks
vissborg has joined #arpnetworks
qbit_ has joined #arpnetworks
qbit has quit IRC (*.net *.split)
CaZe has joined #arpnetworks
abthorpet has joined #arpnetworks
hive-mind has quit IRC (Disconnected by services)
kevr_ has joined #arpnetworks
hive-mind has joined #arpnetworks
relrod_ has joined #arpnetworks
relrod_ has quit IRC (Remote host closed the connection)
kevr has quit IRC (*.net *.split)
relrod has quit IRC (*.net *.split)
tabthorpe has quit IRC (*.net *.split)
JC_Denton has quit IRC (*.net *.split)
JC_Denton has joined #arpnetworks
relrod_ has joined #arpnetworks
JC_Denton is now known as Guest71727
relrod_ is now known as relrod
jbergstroem has quit IRC (Ping timeout: 250 seconds)
jbergstroem has joined #arpnetworks
Guest71727 is now known as JC_Denton
joepie91_ has quit IRC (Ping timeout: 252 seconds)
joepie91_ has joined #arpnetworks
dj_goku has quit IRC (Read error: No route to host)
dj_goku_ has joined #arpnetworks
dj_goku_ has quit IRC (Changing host)
dj_goku_ has joined #arpnetworks
toeshred_ has joined #arpnetworks
toeshred has quit IRC (Ping timeout: 628 seconds)
dj_goku_ has quit IRC (Ping timeout: 245 seconds)
hive-mind has quit IRC (Ping timeout: 245 seconds)
hive-mind has joined #arpnetworks
dj_goku has joined #arpnetworks
dj_goku has quit IRC (Changing host)
dj_goku has joined #arpnetworks
dj_goku has quit IRC (Ping timeout: 252 seconds)
dj_goku has joined #arpnetworks
dj_goku has quit IRC (Changing host)
dj_goku has joined #arpnetworks