09-26-2005
List of HTTP/FTP-clients on a server
The other day, a friend of mine had his Linux webserver compromised because he was running a vulnerable PHP-script. The "hacker" had used a malformed URL to include a wget-command to fetch some stuff off the net and install it in /dev/shm where it ran undetected. Fortunately, the webserver ran as a non-priviledged user, so no serious harm was done.
I cleaned his machine for him and took some preventive measures.
I mounted /dev/shm
noexec and I moved (what I thought) all HTTP- and FTP-clients to /root/bin and symlinked those from their original location. This way, only the root-user can use these clients. However... my list of clients was not complete and the "hacker" tried once again (using GET) to compromise the system. This time he failed though, because /dev/shm did not allow execution of his scripts.
The clients I moved to /root/bin included:
- GET (the one I initially forgot)
- lftp thanks to LanceBoyles
- snarf thanks to LanceBoyles
but I somehow feel this list is not complete.
Can you help me assemble a complete list of all clients that can be used to download stuff off the net.
Last edited by indo1144; 09-28-2005 at 06:15 AM..
9 More Discussions You Might Find Interesting
1. Shell Programming and Scripting
I have got a unix server ( AIX ) and 20 clients ( windows 2000 ) . I have to transfer a file through FTP from the server to each of 20 clients daily to check the network speed.
But each time I do ftp, I have to enter username and password and then transfer the file using "put <filename>". I... (2 Replies)
Discussion started by: sharuvman
2 Replies
2. UNIX for Advanced & Expert Users
i need to write a program to know how many users are presently connected to my ftp server and http server .
i need to keep a count of this and this count should be available to other different software . how to make this GLOBAL so that other softwares can access this count value (7 Replies)
Discussion started by: hariprasad
7 Replies
3. Solaris
Ladies and Gentlemen:
I have successfully configured a Solaris 8 server with Jumpstart! I can Jumpstart Solaris 8 client systems with no problem. My configuration is as follows:
Jumpstart Server: Solaris 8 patched with Recommended Patches from June 05.
I have installed Solaris 8 in... (4 Replies)
Discussion started by: rambo15
4 Replies
4. Shell Programming and Scripting
Hello,
I would want to list files of an server FTP with the path of the file...
i try "ls -R" but ftp don't accept this command...
Is it possible with curl command ???
Regards. (5 Replies)
Discussion started by: protocomm
5 Replies
5. AIX
I work for a fairly large organization who recently tasked me with securing our telnet services with IPsec. We have a large mixed environment where most of our servers are running unsecured telnet. ssh was my first suggestion but because of the cost of purchasing an enterprise license for a fips... (2 Replies)
Discussion started by: dgaixsysadm
2 Replies
6. Shell Programming and Scripting
Hello Unix Gurus,
Help required from you.
My requirement is something like this
I want to create a concurrenct program in Oracle Applications using shell script to transfer files from Apps Server to destination FTP server.
I have created custom program, where I will extract all the... (4 Replies)
Discussion started by: amazon
4 Replies
7. IP Networking
All of sudden in this morning, some computers could not connect to our UNIX server while other still could.
Some computers could ping the server while some could not.
Same on the server side.
It could ping some clients but not some.
All Windows clients could ping each other.
And more, the... (1 Reply)
Discussion started by: jonapa
1 Replies
8. Programming
Hello,
I have a question: I want to create a n client to one server connection. This is the client-server algorithm.
Enybody help to make the changes? (0 Replies)
Discussion started by: MaHmur
0 Replies
9. UNIX for Dummies Questions & Answers
Hello World,
We have a software repository server in our environment which we use as an NFS server.
Now this has been going on well before I was hired. Now, I observed many users not unmounting the NFS resources after their use. I ran showmount and it showed 513 current sessions.
:wall: Is... (7 Replies)
Discussion started by: satish51392111
7 Replies
dillo(1) USER COMMANDS dillo(1)
NAME
dillo - web browser
SYNOPSIS
dillo [OPTION]... [--] [URL|FILE]...
DESCRIPTION
Dillo is a lightweight graphical web browser that aims to be secure. It handles HTTP internally, and FILE, FTP, and DATA URIs are handled
through a plugin system (dpi). In addition, INSECURE HTTPS support can be enabled. Both FTP and Dillo's download manager use the wget(1)
downloader.
Dillo displays HTML, text, PNG, JPEG, and GIF files. It handles cookies, HTTP authentication (basic and digest), proxying (basic), and
some CSS.
Framesets are displayed as links to frames, and there is currently no support for javascript or video.
OPTIONS
-f, --fullwindow
Start in full window mode: hide address bar, navigation buttons, menu, and status bar.
-g, --geometry GEO
Set initial window position where GEO is WxH[{+-}X{+-}Y].
-h, --help
Display this help text and exit.
-l, --local
Don't load images for these URL(s).
-v, --version
Display version info and exit.
-x, --xid XID
Open first Dillo window in an existing window whose window ID is XID.
EXIT STATUS
0 No error.
1 Internal error.
2 Error in command line arguments.
ENVIRONMENT
HOME (or HOMEDRIVE and HOMEPATH on Cygwin)
User's home directory.
http_proxy
URL of proxy to send HTTP traffic through.
FILES
dpid Dillo plugin daemon
dpidc Control program for dpid.
~/.dillo/bm.txt
User bookmarks
~/.dillo/certs/
Saved certificates for HTTPS.
~/.dillo/cookies.txt
Stored cookies
~/.dillo/cookiesrc
Cookie settings
~/.dillo/dillorc
Configuration file.
~/.dillo/dpid_comm_keys
Keys used in dpi daemon communication.
~/.dillo/dpidrc
Contains name of directory containing dpis, and associates dpi files with protocols.
~/.dillo/keysrc
Keybindings.
~/.dillo/style.css
User style sheet
SEE ALSO
wget(1)
Dillo website: http://www.dillo.org
October 13, 2011 dillo(1)