Joomla with Community Builder and PHP-hardened

Main Menu

Buy me a beer

I really appreciate your gesture.

Written by Bart Dorlandt

Tuesday, 16 January 2007 11:35

I was trying to register myself to my joomla with the Community Builder installed and got some weird messages... Ofcourse it started with: "You are not authorized to view this page"

This messages apeared in the error.log:

[Tue Jan 16 11:47:32 2007] [error] ALERT - configured request variable name length limit exceeded - dropped cbjd7c7b29e69fd14fe112094c697874cc685a9daa2aedbe05edda5da85f4e664b2 (attacker 'XXX.XXX.XXX.XXX', file '/htdocs/bart/test.bamweb.nl/index.php')

Now I looked in my /var/www/conf/php.ini. I changed the following line:

hphp.request.max_varname_length = 64 changed to 128

I tried to register again but this time I got a different message.

[Tue Jan 16 11:54:36 2007] [error] ALERT - configured POST variable name length limit exceeded - dropped cbjd7c7b29e69fd14fe112094c697874cc685a9daa2aedbe05edda5da85f4e664b2 (attacker 'XXX.XXX.XXX.XXX', file '/htdocs/bart/test.bamweb.nl/index.php')

I changed the following line in /var/www/conf/php.ini:

hphp.post.max_name_length = 64 changed to 128

Now I'm really able to register myself.

System details:
PHP built On: OpenBSD 4.0 i386
Database Version: 5.0.24a (mysql)
PHP Version: 5.1.4
Web Server: Apache/1.3.29 (Unix)
PHP/5.1.4 with Hardening-Patch mod_ssl/2.8.16 OpenSSL/0.9.7j
WebServer to PHP interface: apache Joomla!
Version: Joomla! 1.0.12 Stable [ Sunfire ] 25 December 2006 01:00 UTC

Last Updated on Monday, 16 July 2007 20:45

Related items:

Joomla with Community Builder and ImageMagick (2007-01-15)

Bart Dorlandt - BAMweb.nl

Main Menu

Buy me a beer

Latest

Sponsored Links