Apache and suexec issue that wont let me run my python script

[alex23]

Of course '/home/nikos/public_html/cgi-bin' = '/home/nikos/www/cgi-bin'
What this has to do with what i asked?

You display an error of "No such file or directory" and you wonder why
I'm trying to confirm the two locations are the same.

Can you finally admit you're trolling now?

 

[Íéêüëáïò Êïýñáò]

Ôç ÔåôÜñôç, 5 Éïõíßïõ 2013 7:59:31 ð.ì.UTC+3, ï ÷ñÞóôçò alex23 Ýãñáøå:

You display an error of "No such file or directory" and you wonder why
I'm trying to confirm the two locations are the same.

Can you finally admit you're trolling now?

I'm not trolling, you are the one that do not understand.

Here i swicthed the code from:

# Compute a set of current fullpaths
fullpaths = set()
path = "/home/nikos/www/data/apps/"

for root, dirs, files in os.walk(path):
for fullpath in files:
fullpaths.add( os.path.join(root, fullpath) )

to this since '/home/nikos/public_html/cgi-bin' = '/home/nikos/www/cgi-bin' as i said:

# Compute a set of current fullpaths
fullpaths = set()
path = "/home/nikos/public_html/data/apps/"

for root, dirs, files in os.walk(path):
for fullpath in files:
fullpaths.add( os.path.join(root, fullpath) )


--------------------------
(e-mail address removed) [~/www/cgi-bin]# [Wed Jun 05 08:09:14 2013] [error] [client 46.12.95.59] (2)No such file or directory: exec of '/home/nikos/public_html/cgi-bin/koukos.py' failed
[Wed Jun 05 08:09:14 2013] [error] [client 46.12.95.59] Premature end of script headers: koukos.py
[Wed Jun 05 08:09:14 2013] [error] [client 46.12.95.59] File does not exist: /home/nikos/public_html/500.shtml

Same error.

 

[alex23]

I'm not trolling, you are the one that do not understand.

Here i swicthed the code from:
path = "/home/nikos/www/data/apps/"

to this since '/home/nikos/public_html/cgi-bin' = '/home/nikos/www/cgi-bin' as i said:

# Compute a set of current fullpaths
path = "/home/nikos/public_html/data/apps/"

Same error.

"/home/nikos/public_html/data/apps/" <> "/home/nikos/public_html/cgi-
bin/"

Are you even reading the error messages?

 

[Íéêüëáïò Êïýñáò]

Ôç ÔåôÜñôç, 5 Éïõíßïõ 2013 8:23:12 ð.ì.UTC+3, ï ÷ñÞóôçò alex23 Ýãñáøå:

"/home/nikos/public_html/data/apps/" <> "/home/nikos/public_html/cgi-

bin/"



Are you even reading the error messages?

What do you mean? Yes i have read the error messsage and i can't understandwht file it can't find.

 

[Chris Angelico]

You display an error of "No such file or directory" and you wonder why
I'm trying to confirm the two locations are the same.

Can you finally admit you're trolling now?

In Nikos's defense (wow that feels wrong), linking public_html and www
is quite common, and his prompts have clearly shown that his username
is nikos. So the commonality is at least unsurprising. He ought to
have mentioned it, of course, but it's at least something well known.

ChrisA

 

[Chris Angelico]

Good Day Chris, thanks for accepting.

Please mail me and i will send you the root login credentials.

Well, I wasn't sure whether this would actually happen or not, but it did.

I made it fairly clear to him in multiple posts that I was NOT going
to sort out all his problems, yet he clearly did not read that, and
has seen fit to compromise his security to the extreme extent of
giving his *ROOT PASSWORD* to a total stranger over the internet.

With that power, I could have done anything. I could have wiped out
all his clients' data. I could have searched through his database
content for credit cards, customer information, the works. But I
didn't; I merely placed a small file in the public_html directory of
each of the twelve web sites he has hosted:

http://superhost.gr/Hello_from_Rosuav
http://leonidasgkelos.com/Hello_from_Rosuav
http://parking-byzantio.gr/Hello_from_Rosuav
.... and nine others

I have also contacted all the site owners who had a .contactemail file
in their home directories, informing them of the situation.

Oh, and I changed the root password, since the current one was sent in
clear text across the internet. Nikos, the new password has been
stored in /home/nikos/new_password - you should be able to access that
using your non-root login. I recommend you change it immediately.

Peanut gallery, did I make it sufficiently clear beforehand that
giving out your root password is a bad idea?

ChrisA

 

[Íéêüëáïò Êïýñáò]

Ôç ÔåôÜñôç, 5 Éïõíßïõ 2013 11:09:50 ð.ì.. UTC+3, ï ÷ñÞóôçò Chris Angelico Ýãñáøå:

Well, I wasn't sure whether this would actually happen or not, but it did..



I made it fairly clear to him in multiple posts that I was NOT going

to sort out all his problems, yet he clearly did not read that, and

has seen fit to compromise his security to the extreme extent of

giving his *ROOT PASSWORD* to a total stranger over the internet.



With that power, I could have done anything. I could have wiped out

all his clients' data. I could have searched through his database

content for credit cards, customer information, the works. But I

didn't; I merely placed a small file in the public_html directory of

each of the twelve web sites he has hosted:



http://superhost.gr/Hello_from_Rosuav

http://leonidasgkelos.com/Hello_from_Rosuav

http://parking-byzantio.gr/Hello_from_Rosuav

... and nine others



I have also contacted all the site owners who had a .contactemail file

in their home directories, informing them of the situation.



Oh, and I changed the root password, since the current one was sent in

clear text across the internet. Nikos, the new password has been

stored in /home/nikos/new_password - you should be able to access that

using your non-root login. I recommend you change it immediately.



Peanut gallery, did I make it sufficiently clear beforehand that

giving out your root password is a bad idea?



ChrisA

I gave you out of my good and trustworthy heart my root password so for youto look upon my systrem configuration and all you did was trying to **** me by sending mails to my clients?

How am i suppose to change the roor password from a normal user account?("nikos")?

Other 3 times i hve gavein people my root password and they all trid to help me out, only you screwed me like this.

If i lose some of my clients, will you been paying for the money loss?
Do you think this server i rent comes for free with cPanel, Softaculous andother licenses?

**** you.

 

[Íéêüëáïò Êïýñáò]

Ôç ÔåôÜñôç, 5 Éïõíßïõ 2013 11:41:55 ð.ì.. UTC+3, ï ÷ñÞóôçò Chris Angelico Ýãñáøå:

That would be "trusting", not "trustworthy", and I did make it pretty

clear what I was proposing.






You don't. You log in as the normal user and look in your normal

user's home directory. In there, you will find a file giving you the

root password. It's safer that way; everything's done over SSH.






No, I will not. I never made you any promise. If you lose some of your

clients, it is because you have made some very poor decisions,

including to tinker live with this server instead of having a staging

area. All I've done is give your clients a chance to know what you're

doing with their data, which I think is fair enough.






Of course not. (In my opinion, cpanel is ridiculously overpriced.)

Most of these sorts of things are either overkill, or utterly trivial;

if you need it, the price is immaterial, but most people simply don't.



Before you get too angry at me, ask yourself this question: Would you

stand for someone giving out access to your system to a third party?

Because that's exactly what you did to your clients. You gave me, a

perfect stranger, full access to *THEIR* data. Do you understand how

serious that is? In addition, you posted me the password in clear text

via email. That's why I changed it - it's entirely possible someone

saw the password in transmission.



This matter is far more serious than you seem to be giving it

consideration for. You complain that I violated your trust; you

violated the trust of people who are paying you money.



ChrisA

So, iam to blame this for trusting you?

YOU COULD HAVE ACTUALLY TRIED TO SEE WHATS WRONG WITH 'FILES.PY' INSTEAD OFCREATING TEXT FIELS AND COPIED THEM ALL OVER THE CLIENTS HOME DIRECTORY FOLDERS AND MAIL THEM TOO.

IF YOU DIDNT WANTED TO DO THAT THEN YOU COULD AHVE SAID TO ME, NIKOS I DONTFEEL LIKE LOGGING TO YOUR SYSTEM BECAUSE I DONT REALLY WANTED TO HELP YOU OUT.

BUT NO, YOU WANTED TO MAKE AN IMPRESSION BY SCREWING ME.
I ALSO HAVE GIVEN ROOT ACCESS TO ANOTHER MEMBER OF THIS LIST AND HE IN FACTTRIED TO HELP ME INSTEAD OF DOING WHAT YOU DID. AND FROM 2 OTHER PEOPLE ASSOME OTHER FORUMS TOO.

YOU NEVER BOTHERED TAKING A LOOK AT THE ENCODING ISSUE.
I WONT TALK TO YOU AGAIN. YOU MADE A FALSE PROMISE OF HELPING ME AND THEN SCREWED ME.
**** YOU AND NO I DONT MIND THE LANGUAGE.

 

[alex23]

So, iam to blame this for trusting you?

I'm sure you were smart enough to get Chris to sign a contract before
giving him the keys to your kingdom, no?

 

[alex23]

This matter is far more serious than you seem to be giving it
consideration for. You complain that I violated your trust; you
violated the trust of people who are paying you money.

I think the term I'm looking for here is: EPIC WIN

 

[Heiko Wundram]

Am 05.06.2013 10:53, schrieb Íéêüëáïò Êïýñáò:

I ALSO HAVE GIVEN ROOT ACCESS TO ANOTHER MEMBER OF THIS LIST AND HE IN FACT TRIED TO HELP ME INSTEAD OF DOING WHAT YOU DID. AND FROM 2 OTHER PEOPLE AS SOME OTHER FORUMS TOO.

You know what you're saying there? You've given (at least) four people
you don't know at all (you know, on the internet nobody knows you're a
dog and stuff) - and as such shouldn't trust them at all, either - free
and full admission to a system that critical for you. That's like
handing out keys to the front door of your home to any passer-by on the
street who you feel like talking to - and then later wondering why your
belongings are suddenly gone.

Seeing how riled up you get about this, what Chris did is for the
better. At least it seems that you won't be able to change your root
password back, either, and as such you won't have root access anymore to
your system for the time being, which makes your system and the
internets a safer place for now.

 

[Chris Angelico]

So, iam to blame this for trusting you?

Your clients trust you to not compromise their security. You
compromised their security by giving the root password to a stranger.

YOU COULD HAVE ACTUALLY TRIED TO SEE WHATS WRONG WITH 'FILES.PY' INSTEAD OF CREATING TEXT FIELS AND COPIED THEM ALL OVER THE CLIENTS HOME DIRECTORY FOLDERS AND MAIL THEM TOO.

IF YOU DIDNT WANTED TO DO THAT THEN YOU COULD AHVE SAID TO ME, NIKOS I DONT FEEL LIKE LOGGING TO YOUR SYSTEM BECAUSE I DONT REALLY WANTED TO HELP YOU OUT.

When did I ever give the impression that I wanted to help? When did I
ever actually ask you for that power? No, you kept trying to thrust it
on us as part of your demands for assistance.

I ALSO HAVE GIVEN ROOT ACCESS TO ANOTHER MEMBER OF THIS LIST AND HE IN FACT TRIED TO HELP ME INSTEAD OF DOING WHAT YOU DID. AND FROM 2 OTHER PEOPLE AS SOME OTHER FORUMS TOO.

So... your root account has fairly public access. Did you notify your
clients that half a dozen random people have full access to their
server? Can you prove to them that their private data is, indeed,
private?

I WONT TALK TO YOU AGAIN. YOU MADE A FALSE PROMISE OF HELPING ME AND THENSCREWED ME.

What promise? I never promised to help. Go read my posts... I would
have said "reread" except that you never read them in the first place.

Just be aware, I didn't actually hurt you in any way. I changed your
root password to protect it, but you still have access. The only harm
that could come from this is that your clients are now aware of the
risks they are taking by remaining with you. I'm stripping away the
veil and exposing the truth. Nothing more.

And now, we're very much off-topic for python-list, but I think it's a
good thing for other potential server-maintainers to be aware of.
Trust is a very precious thing.

ChrisA

 

[Íéêüëáïò Êïýñáò]

Ôç ÔåôÜñôç, 5 Éïõíßïõ 2013 11:59:28 ð.ì.. UTC+3, ï ÷ñÞóôçò alex23 Ýãñáøå:

I think the term I'm looking for here is: EPIC WIN

I didnt violate anything. Chris violated my treust.
There would have been no violation if he just look into en encoding issue and not meddled with my customers mail and data.

Alex23, you are the *WORST* character i ever encountered in this list and forums in gernal. Idiot and ignorant too not knowing that ~/www is a symlinkto ~/public_html and pretending to help.

**** you too and sod off.

 

[Íéêüëáïò Êïýñáò]

Ôç ÔåôÜñôç, 5 Éïõíßïõ 2013 12:05:36 ì.ì.. UTC+3, ï ÷ñÞóôçò Chris Angelico Ýãñáøå:

Your clients trust you to not compromise their security. You

compromised their security by giving the root password to a stranger.






When did I ever give the impression that I wanted to help? When did I

ever actually ask you for that power? No, you kept trying to thrust it

on us as part of your demands for assistance.






So... your root account has fairly public access. Did you notify your

clients that half a dozen random people have full access to their

server? Can you prove to them that their private data is, indeed,

private?






What promise? I never promised to help. Go read my posts... I would

have said "reread" except that you never read them in the first place.



Just be aware, I didn't actually hurt you in any way. I changed your

root password to protect it, but you still have access. The only harm

that could come from this is that your clients are now aware of the

risks they are taking by remaining with you. I'm stripping away the

veil and exposing the truth. Nothing more.



And now, we're very much off-topic for python-list, but I think it's a

good thing for other potential server-maintainers to be aware of.

Trust is a very precious thing.



ChrisA

TODAY I READ YOUR POSTS THAT YOU ACTUALLY OFFERED TO LOG INTO MY SERVER.
THAT WOULD IMPLY THAT YOU WANTED TO HELP OUT AND THATS WHY YOU OFFERED.
I AKSED YOU FOR YOUR MAIL THEN AND YOU SEND ME A PRIVATE MAIL TO SEND YOU THE DATA.
THEN I AGVE IT TO YOU.

SHOULD I HAVE ASKED YOU EXPLICITLY BY MAIL TO 'ACTUALLY TRY TO HELP ME INSTEAD OF SCREW MY BUSINESS'? I TRUSTED YOU BECASUE I WAS UNDER THE IMPRESSIONYOU COULD HELP ME WITH THIS ISSUES I;VE BEEN STRUGGLING.

NEXT THIS YOU'RE GONNA TELL ME IS TO BE HAPPY THAT YOU DIDN'T WIPE THE WHOLE SYSTEM OUT BY 'RM -RF /'

GO TO HELL.

 

[Chris Angelico]

Seeing how riled up you get about this, what Chris did is for the better. At
least it seems that you won't be able to change your root password back,
either, and as such you won't have root access anymore to your system for
the time being, which makes your system and the internets a safer place for
now.

Not quite accurate; he can change his root password back as soon as he
logs in as the non-root user and cats one little file. Actually, I
just tested, and the password I set is no longer valid, so I'm
guessing he's already done so... either that, or a third party who was
previously given access has now changed the password to something
else.

ChrisA

 

[Íéêüëáïò Êïýñáò]

Ôç ÔåôÜñôç, 5 Éïõíßïõ 2013 12:04:15 ì.ì.. UTC+3, ï ÷ñÞóôçò Heiko Wundram Ýãñáøå:

Am 05.06.2013 10:53, schrieb �������� ������:




You know what you're saying there? You've given (at least) four people

you don't know at all (you know, on the internet nobody knows you're a

dog and stuff) - and as such shouldn't trust them at all, either - free

and full admission to a system that critical for you. That's like

handing out keys to the front door of your home to any passer-by on the

street who you feel like talking to - and then later wondering why your

belongings are suddenly gone.



Seeing how riled up you get about this, what Chris did is for the

better. At least it seems that you won't be able to change your root

password back, either, and as such you won't have root access anymore to

your system for the time being, which makes your system and the

internets a safer place for now.

I'am a perosn that eaisly trust other people to have ethics, especially python programmers who knows how difficult its to debug a script and have it working.
Some people can be trusted, and actually try to help.
Some dont.
Chris is na example of the latter. At least he didnt wipe the whoile systemout.
And i do have access of my system 30 mins now.
And yes i will again root access to another person, which i beleive he can be trsuted and give me some friendly help.

Tha is all i have to say and i'm not naive or fool.
As i said some people can actually be trusted.

 

[Chris Angelico]

NEXT THIS YOU'RE GONNA TELL ME IS TO BE HAPPY THAT YOU DIDN'T WIPE THE WHOLE SYSTEM OUT BY 'RM -RF /'

Yes. Actually, yes. Do you understand now what you have done by giving
your password to multiple people? This is *completely* different from
asking for help. You are giving someone complete access to do ANYTHING
and without even being logfiled (try it - can you find out what I did?
You'll be able to find a few things, like what IP addresses I logged
in from, but not everything); this is something that you simply do not
EVER do.

And rm -rf / (by the way, it wouldn't work if I shouted at your
computer the way you're shouting at me) is actually not the worst
thing I could do. If one of your clients accepts credit cards from his
customers and stores them, I could compromise your client's customers.
They have a measure of trust in the web server; you are betraying that
trust by letting me in.

ChrisA

 

[Heiko Wundram]

Am 05.06.2013 11:19, schrieb Chris Angelico:

Not quite accurate; he can change his root password back as soon as he
logs in as the non-root user and cats one little file.

I understood that - I rather got the impression that he (as a person)
wasn't technically capable of changing it. Alas, the internets didn't
remain a better place for long.

 

[Chris Angelico]

I'am a perosn that eaisly trust other people to have ethics, especially python programmers who knows how difficult its to debug a script and have itworking.
Some people can be trusted, and actually try to help.
Some dont.
Chris is na example of the latter. At least he didnt wipe the whoile system out.

I've actually tried on MANY occasions to help you. I have put in a
number of hours of volunteer time researching and posting for you,
which I don't regret only because the list is of value to more people
than just the one who asked the question. You are unhelpable.

And i do have access of my system 30 mins now.
And yes i will again root access to another person, which i beleive he can be trsuted and give me some friendly help.

Tha is all i have to say and i'm not naive or fool.
As i said some people can actually be trusted.

So you'll casually give out your root password again, yet you think
you are not naive? The next person you meet might actually do you some
harm.

You most definitely *are* a fool.

ChrisA

 

[Íéêüëáïò Êïýñáò]

Ôç ÔåôÜñôç, 5 Éïõíßïõ 2013 12:27:20 ì.ì.. UTC+3, ï ÷ñÞóôçò Chris Angelico Ýãñáøå:

Yes. Actually, yes. Do you understand now what you have done by giving

your password to multiple people? This is *completely* different from

asking for help. You are giving someone complete access to do ANYTHING

and without even being logfiled (try it - can you find out what I did?

You'll be able to find a few things, like what IP addresses I logged

in from, but not everything); this is something that you simply do not

EVER do.



And rm -rf / (by the way, it wouldn't work if I shouted at your

computer the way you're shouting at me) is actually not the worst

thing I could do. If one of your clients accepts credit cards from his

customers and stores them, I could compromise your client's customers.

They have a measure of trust in the web server; you are betraying that

trust by letting me in.

iI got back root access and i

'rm -y /home/user/public_html/Hello_from_ROSUAV'
so to delete your deface. Thank God you just placed that text file there and did not deface frontpages.

Then i run 'history' to see what exactly you ahve typed but the history logonly showed me my own commands.