Register Members List Search Today's Posts Mark Forums Read

Reply
 
Thread Tools
  #1  
Old 23 Oct 2014, 14:12
madness85 madness85 is offline
 
Join Date: Jun 2012
NGINX with fastcgi

ive just been reading about this http://www.vbulletin.com/forum/foru....xecuted-as-php

am i right saying if i add somefilename.php at the end of my avy i should get a 404 because it just loads the avy again. Is my server vulnerable?

I'm not even sure what info to provide for you guys to help me tbh but NGINX.config looks like this

#user nginx;
worker_processes 1;

#error_log /var/log/nginx/error.log;
#error_log /var/log/nginx/error.log notice;
#error_log /var/log/nginx/error.log info;

#pid /var/run/nginx.pid;


events {
worker_connections 1024;
}


http {
include mime.types;
default_type application/octet-stream;

#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';

#access_log /var/log/nginx/access.log main;

sendfile on;
#tcp_nopush on;

#keepalive_timeout 0;
keepalive_timeout 65;
#tcp_nodelay on;

#gzip on;
#gzip_disable "MSIE [1-6]\.(?!.*SV1)";

server_tokens off;

include /etc/nginx/conf.d/*.conf;
}

Last edited by madness85; 23 Oct 2014 at 15:58.
Reply With Quote
  #2  
Old 23 Oct 2014, 14:47
Dave Dave is offline
 
Join Date: Jun 2010
Real name: Dave
The configuration you posted doesn't contain the information we need.
The configuration files are stored at /etc/nginx/conf.d/*.conf.
__________________
https://technidev.com - security, development, exploits, vBulletin
dave[at]technidev[dot]com

Contact me for custom vBulletin 3/4 work & server/website management.
Reply With Quote
  #3  
Old 23 Oct 2014, 16:05
madness85 madness85 is offline
 
Join Date: Jun 2012
Originally Posted by Dave View Post
The configuration you posted doesn't contain the information we need.
The configuration files are stored at /etc/nginx/conf.d/*.conf.
hi dave i only have one file in that location zz010_psa_nginx.conf

#ATTENTION!
#
#DO NOT MODIFY THIS FILE BECAUSE IT WAS GENERATED AUTOMATICALLY,
#SO ALL YOUR CHANGES WILL BE LOST THE NEXT TIME THE FILE IS GENERATED.
include /etc/nginx/plesk.conf.d/server.conf;
include /etc/nginx/plesk.conf.d/webmail.conf;
include /etc/nginx/plesk.conf.d/vhosts/*.conf;
include /etc/nginx/plesk.conf.d/forwarding/*.conf;
include /etc/nginx/plesk.conf.d/wildcards/*.conf;
Reply With Quote
  #4  
Old 23 Oct 2014, 16:10
Dave Dave is offline
 
Join Date: Jun 2010
Real name: Dave
I guess we need to see the contents of the file /etc/nginx/plesk.conf.d/server.conf.
Just find the file which contains the PHP fastcgi configuration.
__________________
https://technidev.com - security, development, exploits, vBulletin
dave[at]technidev[dot]com

Contact me for custom vBulletin 3/4 work & server/website management.
Reply With Quote
  #5  
Old 23 Oct 2014, 17:59
madness85 madness85 is offline
 
Join Date: Jun 2012
Originally Posted by Dave View Post
I guess we need to see the contents of the file /etc/nginx/plesk.conf.d/server.conf.
Just find the file which contains the PHP fastcgi configuration.
think ive found it /etc/httpd/conf.d btw thanks for your help its very much appreciated

# This is the Apache server configuration file for providing FastCGI support
# via mod_fcgid
#
# Documentation is available at http://fastcgi.coremail.cn/doc.htm

LoadModule fcgid_module modules/mod_fcgid.so

<IfModule mod_fcgid.c>

<IfModule !mod_fastcgi.c>
AddHandler fcgid-script fcg fcgi fpl
</IfModule>

FcgidIPCDir /var/run/mod_fcgid/sock
FcgidProcessTableFile /var/run/mod_fcgid/fcgid_shm

FcgidIdleTimeout 40
FcgidProcessLifeTime 30
FcgidMaxProcesses 20
FcgidMaxProcessesPerClass 8
FcgidMinProcessesPerClass 0
FcgidConnectTimeout 30
FcgidIOTimeout 45
FcgidInitialEnv RAILS_ENV production
FcgidIdleScanInterval 10

</IfModule>
Reply With Quote
  #6  
Old 24 Oct 2014, 08:33
Dave Dave is offline
 
Join Date: Jun 2010
Real name: Dave
That part also does not show the PHP configuration we need to see.
__________________
https://technidev.com - security, development, exploits, vBulletin
dave[at]technidev[dot]com

Contact me for custom vBulletin 3/4 work & server/website management.
Reply With Quote
Reply



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


New To Site? Need Help?

All times are GMT. The time now is 15:48.

Layout Options | Width: Wide Color: