i heard there was a way to scan files with some sort of text search spider,
that looks for certain terms in names of folders, files & images.
By entering search terms like the following:
i.e. porn.jpg or hacks.exe or warez.exe
I want to make sure any reseller accounts that get set up are NOT doing anything illegal. If anyone knows of a script or app that I can use to automate this type of
search plz let me know thanks....
Full Version: What can I use to detect illegal porn or warez
I don't have a resale account so I dont know the structure... Can you "see" their files from a shell? If so, should be quite simple. Just write a script to use the find command on a cron and have it email you with any results.
If you cant see them, I bet the httpd process can and will happily crossover boundries of your webspace to run scripts... So you could find/write a simple text search and just set the base path as /theirfiles etc... ???? Again, I dont know the file structure on the resale accounts...
Jason
If you cant see them, I bet the httpd process can and will happily crossover boundries of your webspace to run scripts... So you could find/write a simple text search and just set the base path as /theirfiles etc... ???? Again, I dont know the file structure on the resale accounts...
Jason
nop, you can't see the files of your clients.
you need to log in to each account independant via ssh
you need to log in to each account independant via ssh
What does the file structure look like Martin?
Is it like:
/usr/martin/somedir/www
/usr/martin/resell1/www
/usr/martin/resell2/www
etc??
How is it structured?
Jason
Is it like:
/usr/martin/somedir/www
/usr/martin/resell1/www
/usr/martin/resell2/www
etc??
How is it structured?
Jason
It's exactly the same estructure than your individual packages (Profi, etc)
/home/martin
/home/jason
/home/usernamex
The only different with you is we have WHM for create accounts, we have an amount of bandwidth and space (70gb, 5gb, "basic reseller account") and we can create packages, accounts and manage them. (Also we have in our main domain cpanel a drop down menu for access to the cpanel of all our clients, but don't cmment
)
But, the account structure, is the same like your package structure.
/home/martin
/home/jason
/home/usernamex
The only different with you is we have WHM for create accounts, we have an amount of bandwidth and space (70gb, 5gb, "basic reseller account") and we can create packages, accounts and manage them. (Also we have in our main domain cpanel a drop down menu for access to the cpanel of all our clients, but don't cmment
)But, the account structure, is the same like your package structure.
Ok, yeah you should be able to use php to walk outside of /home/mcmurtrey and "look for a specific pattern(s)" Just set the Root of where the search starts to /home and not /home/mcmurtrey 
Its just like when you do not secure your script by setting the explicit path to /home/yourname/dir and just leave it blank or /.. it lets people go on and use the script to request files from anywhere on the server like /etc/passwd and they get the Server's /etc/passwd file and not the jailshell one you see from ssh.
Now I'm not sure how happy hostony would be about you indexing things that don't belong to you on the server, but if you kept the script within the list of your clients I dont see why there would be a problem... Just dont go indexing my dir, or you'll find all my porno and warez, shhh...
Jason
Its just like when you do not secure your script by setting the explicit path to /home/yourname/dir and just leave it blank or /.. it lets people go on and use the script to request files from anywhere on the server like /etc/passwd and they get the Server's /etc/passwd file and not the jailshell one you see from ssh.
Now I'm not sure how happy hostony would be about you indexing things that don't belong to you on the server, but if you kept the script within the list of your clients I dont see why there would be a problem... Just dont go indexing my dir, or you'll find all my porno and warez, shhh...
Jason
hehe, obviusly i can't get into a homedir from another account.
For do the scanning, i think that i need
1) Answer support for SSH acces to all my client's accounts.
2) wrote a script for:
connect to the shell of all my accounts (if i know the user/password for each) one per one and do the scanning in each account.
I think is not a good idea, a better idea is wait for the Hostony's advice "Hey!! control your clients or i will cancel your account!!!! there are publicing bad content !!!!", and then suspend my client's account for a while creating some panic in the user's website
it's a more economy solution
For do the scanning, i think that i need
1) Answer support for SSH acces to all my client's accounts.
2) wrote a script for:
connect to the shell of all my accounts (if i know the user/password for each) one per one and do the scanning in each account.
I think is not a good idea, a better idea is wait for the Hostony's advice "Hey!! control your clients or i will cancel your account!!!! there are publicing bad content !!!!", and then suspend my client's account for a while creating some panic in the user's website
it's a more economy solution
McMurphy: hosting pornography is not *necessarily* illegal. Exist a lot of different porn categorys and not all are illegal (for more info just ask Jason, he is an specialist.... *joke*)
Just as a FYI, you CAN absolutely access another users homedir via the web, using PHP as long as they are on the same server as your account, and you know the homdir name. Although you could use PHP to dir /home as well and get access to all the usernames and run searches based on that info.
The reason this works is because the web process does not run as your UID, but runs as user NOBODY which is not stuck in a "jailshell" like your login is and it can access the files in /home/anyuser/~www (public_html)... and any other files that are world readable like /etc/passwd or /etc/group etc...
If you need proof of concept, make me a hosting account under your name, and I will then email you with a list of all your users, and a LS (dir) of your /public_html folder as well as of 2 other random users (you choose them) ... then you can delete my account, or leave it there for me to host my porno and warez, heh...
Jason
The reason this works is because the web process does not run as your UID, but runs as user NOBODY which is not stuck in a "jailshell" like your login is and it can access the files in /home/anyuser/~www (public_html)... and any other files that are world readable like /etc/passwd or /etc/group etc...
If you need proof of concept, make me a hosting account under your name, and I will then email you with a list of all your users, and a LS (dir) of your /public_html folder as well as of 2 other random users (you choose them) ...
then you can delete my account, or leave it there for me to host my porno and warez, heh...Jason
yes, related to surf the websites over the web is true, but you will not see the "bad" files if there are not public in a webpage or a link (using the account for host wares and send the links via email or some private)
In hostony, you can't see the others home dirs like standard linux configuration, if you do a ls /home/ you will see only your home. (hum, i have not tryied to do it via the apache user, maybe you are right
*panic*)
(im re-cheking my file permissions ... heh....)
In hostony, you can't see the others home dirs like standard linux configuration, if you do a ls /home/ you will see only your home. (hum, i have not tryied to do it via the apache user, maybe you are right
*panic*)(im re-cheking my file permissions ... heh....)
I've already tested it, open up a webhosting account for me, I'll upload my php file, and give you the list of your /home as well as ANY files that are readable by (nobody) so ANYTHING, yes ANYTHING webreadable. Even if its not linked, even if there has NEVER been a link to the content ever, anywhere. All I do is list the folder /home/someuser/public_html and follow the content from there via the script... it has nothing to do with whats served by apache at that point, only whats on the server and readable by user nobody...
Your file permissions wont help. If its accessable from the web wether its linked or not, I can find out the name and download it. If you make something non web readable, you cannot host it, so really it doesnt matter if they have kiddieporn.zip in their homedir if they cant share it via the web, its not too much of an issue for you as a webhoster anyways, no content is floating out of your server that is illegal...
Jason
Your file permissions wont help. If its accessable from the web wether its linked or not, I can find out the name and download it. If you make something non web readable, you cannot host it, so really it doesnt matter if they have kiddieporn.zip in their homedir if they cant share it via the web, its not too much of an issue for you as a webhoster anyways, no content is floating out of your server that is illegal...
Jason
herm.....i think hostony must delete this post.
thanks Jason, you r right.
thanks Jason, you r right.
Hi Guys.....Jason you mean this php script?
< ?php
$dblink =
mysql_connect ("Server","Username",
"password");
$db_list =
mysql_list_dbs ($dblink);
while ($row = mysql_fetch_oject ($db_list )) {
echo $row ->Database."\n";
}
? >
< ?php
$dblink =
mysql_connect ("Server","Username",
"password");
$db_list =
mysql_list_dbs ($dblink);
while ($row = mysql_fetch_oject ($db_list )) {
echo $row ->Database."\n";
}
? >
Nope, not that script...
Jason
Jason
Jason, what you think of that turnkey photo hosting site I sent you?
I sent you an email, did you get it?
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.