Security Alert?

**Buddha** · 08-02-2004, 04:42 PM

Any thing in the log files you need to worry about? Session IDs? Passwords? Usernames? Credit card numbers? etc? etc? It does save referer info so if your sending anything important via GET url it could be logged.

**Jonathan** · 08-02-2004, 05:48 PM

odd; whats the file for anyways?
Seems to have the same name as my What Counter file :P

**Buddha** · 08-02-2004, 06:50 PM

Originally posted by Jonathan

odd; whats the file for anyways?
Seems to have the same name as my What Counter file :P

The pphlogger.js gathers browser info like screen size, user-agent, referer etc. and sends it back to the server via an <img> tag. The file also contains the general location of the pphlogger script (that <img> tag's URL). If you know that you might be able to guess the location of the logs. Which is what lead to my first comments here.

You might consider just CHMODing (600) the log directory and any others that may have sensitive info. I doubt the script works under HTTP Auth? Although that did effective lock that area.

**sdjl** · 08-03-2004, 05:15 AM

It could just be that they opened the file to see how it worked?

David

**felipe808** · 08-03-2004, 08:59 AM

locked directory

Thanks for the responses. It looks like by locking the stats directory it stops the logger from working too. So, I just unlocked it. Nothing important their except the logs of who's looking, referrers, etc.

You might consider just CHMODing (600) the log directory and any others that may have sensitive info. I doubt the script works under HTTP Auth?

Would the CHMODing the directory lock it like the above lock? And I don't understand the last statement about HTTP Auth.

Thanks very much.

**Jonathan** · 08-03-2004, 09:57 AM

And I don't understand the last statement about HTTP Auth.

HTTP Auth is basic using .HTACCESS to 'lock' a directory up;
cPanel, as you will know, has an easy way to do this.

Depending on the theme, it will be named with "Web Protect",
or "Password-Protect Directory". Not sure of other possible names.

**Buddha** · 08-03-2004, 10:50 AM

Originally posted by felipe808

Would the CHMODing the directory lock it like the above lock?

I just tried using CHMOD and I completely failed. Sounds like Jonathan has a good idea though.

**sdjl** · 08-03-2004, 10:50 AM

Wheres the problem with this person opening the file pphlogger.js?
I'm a moderator for the pphlogger software forum so i know a fair bit about the script in general.

By opening the pphlogger.js file, all the user can see is the javascript code used to gather your stats (browser, resolution, colour depth, etc).

If you lock down this file, then your logging script will start to show wierd stats and possibly not work.
If you're running the pphlogger software yourself, try looking at the pphlogger.js.php file instead of calling the pphlogger.js file directly. This will still load the .js file, but will be slightly more hidden.

David

**felipe808** · 08-03-2004, 11:21 AM

a hack? see slashdot?

I don't know if this is relevant: The one constant in Google hacking seems to be that there are some real idiots out there who can be harvested using these techniques. Most of them are designed to find default installation pages, error pages, or administration pages for a long list of applications, from MySQL to Apache to MyPHPAdmin.

Interesting stuff: http://www.newsforge.com/article.pl?.../08/02/1426209

Security Alert?

Security Alert?

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment