Apache and suexec issue that wont let me run my python script

[Íéêüëáïò Êïýñáò]

Here is the mails you sent to my customers for the other members to see.

-----------------------------------
Greetings.

I apologize for this unsolicited email, but I feel that you have a
right to know about the security of your server. Íéêüëáïò Êïýñáò
(Nikos) has been in repeated communication with the members of
python-list with regard to many issues he is having, and he has
happily granted root access to his server to someone he has never met
and has no reason to trust. This compromises your data and your web
site.

Fortunately for you, the person he gave his password is me, and I have
no intention of causing damage. However, if I wanted to, I could do
*anything* to his server. As a simple demonstration, I have placed a
file called Hello_from_Rosuav in the root directory of each of your
web sites, for instance:

http://leonidasgkelos.com/Hello_from_Rosuav
http://parking-byzantio.gr/Hello_from_Rosuav

Your email addresses, too, I obtained from the server. If you are
storing personal details of any of your customers, I could access
those, but on principle I haven't looked.

Please consider carefully who you trust with your hosting. There is no
need to panic right now, as there has been no damage done (beyond the
creation of the file I mentioned above, which you can easily delete).
But be aware that Nikos is not a competent systems administrator, and
I would not trust him with any of my data.

You can find a large number of posts by Nikos on python-list here:
http://news.gmane.org/gmane.comp.python.general
http://mail.python.org/pipermail/python-list/2013-June/thread.html

Feel free to contact me for further details. I apologize that I cannot
communicate in Greek; I hope that this will not be a problem.

I advise that you look to alternative web hosting.

 

[Chris Angelico]

Ôç ÔåôÜñôç, 5 Éïõíßïõ 2013 9:16:56 ì.ì. UTC+3, ï ÷ñÞóôçò Chris Angelico Ýãñáøå:


Well i dont consider you a perfect stranger, because we kind of know eachother since we speak here sometime.

You know how much i was striving for help resolving this, and i was happythis morning thinking that Chris will fianlly put me out of this encoding misery....

See, that's the thing. All you know about me is that I happen to
answer a lot of questions here. Now, if you ask around on this list,
you'll probably learn a lot about me, but the most important thing
right now is that I told you up-front that I was not intending to
help, yet you still gave me the root password. You get so stuck on
your own problems that you are unable to see anyone else's. In fact,
you are very much in the position of Alice Liddell at the time of
American McGee's game, "Alice: Madness Returns". (It's a decent game,
but don't buy anything from EA Games.) The problem isn't so much what
you're doing, as what you're not doing. Slow down, take a step back.
Give yourself some breathing space. If you had a test computer to play
around on before deploying things to your live server, you would not
be panicked by little problems; and you could take a bit of time to
(a) polish your posts before hitting Send, and (b) read the responses
more thoroughly. Between those two, you could avoid a lot of trouble
fairly easily.

ChrisA

 

[Chris Angelico]

Here is the mails you sent to my customers for the other members to see.

Yep, containing nothing I haven't said on-list.

Thanks for screwing me up entirely and made me look what you made me lookfor all i did was to trust you.

Making you look like what? A systems administrator who can't be
trusted? Because that is, quite frankly, entirely accurate.

Suppose you go to a posh place that offers valet parking. You make
sure that the person you're giving your car key to is employed by the
club, and you let him take control of your car. Unbeknownst to you, he
doesn't actually park your car, he calls out to the loafers, asking
them to park it. He knows these guys, they're always hanging around.
He gives the key to one of them, who gets in your car and looks
around.

That's what you've done. You violated the trust your clients placed in
you, and your only response is to claim that a person (with whom you
had no contractual arrangement or even verbal promise) violated your
trust. It's like saying "I can keep a secret, it's just the folks I
tell it to who can't".

ChrisA

 

[Zero Piraeus]

:

Here is the mails you sent to my customers for the other members to see.

Chris has done your customers an important service (one which I would
not have risked, given your propensity for badmouthing those with whom
you come in contact). You are dangerously incompetent as a hosting
provider, as you have demonstrated here repeatedly. Be thankful that
the person you stupidly granted root access to has a sense of ethics,
and learn your trade.

-[]z.

 

[Íéêüëáïò Êïýñáò]

Ôç ÔåôÜñôç, 5 Éïõíßïõ 2013 9:46:03 ì.ì.UTC+3, ï ÷ñÞóôçò Chris Angelico Ýãñáøå:

Yep, containing nothing I haven't said on-list.






Making you look like what? A systems administrator who can't be

trusted? Because that is, quite frankly, entirely accurate.



Suppose you go to a posh place that offers valet parking. You make

sure that the person you're giving your car key to is employed by the

club, and you let him take control of your car. Unbeknownst to you, he

doesn't actually park your car, he calls out to the loafers, asking

them to park it. He knows these guys, they're always hanging around.

He gives the key to one of them, who gets in your car and looks

around.



That's what you've done. You violated the trust your clients placed in

you, and your only response is to claim that a person (with whom you

had no contractual arrangement or even verbal promise) violated your

trust. It's like saying "I can keep a secret, it's just the folks I

tell it to who can't".



ChrisA

Its funny how doing what you did you manage to turn the whole thing againstme.
WHY isntead of doing wht you did, dint you choose to actually *help* ?

I'am beginning to dislkike you more and more as you speak.

 

[rusi]

Here is the mails you sent to my customers for the other members to see.

<snipped>

In the normal run of things, I would say Chris has done a horrible
thing.
In this case however, let us remember:
Many people -- hardly exclusively Chris -- tried to educate you
1. on technical matters
2. on methodological matters (eg how to debug)
3. on matters of minimum etiquette -- eg spellchecking
4. on basic security

For the most part, you simply have not listened.
Finally Chris warned you what he can do.
Instead of listening, you whined: "I trust you!!" (Heres a kiss!) and
gave him your password.
He gently tapped you on your rather hard and impervious 'Ferrous
Cranus' to let you understand the implications.

Even now, instead of understanding that you were wrong throughout, you
are still blaming Chris -- Good Grief!

And you expect us to sympathize with you?!?! I dont know whether to
laugh or cry...

Please note Nikos:
If you obdurately, obstinately, insistently, incessantly behave like
an asshole, you leave no-one the choice but to treat you like an
asshole.

So... Are you an asshole?? One can only hope that you prove me wrong...

 

[Íéêüëáïò Êïýñáò]

Ôç ÔåôÜñôç, 5 Éïõíßïõ 2013 9:52:27 ì.ì.UTC+3, ï ÷ñÞóôçò Zero Piraeus Ýãñáøå:

:

Here is the mails you sent to my customers for the other members to see..

-----------------------------------

[...]

I advise that you look to alternative web hosting.

-----------------------------------

Thanks for screwing me up entirely and made me look what you made me look for all i did was to trust you.

Chris has done your customers an important service (one which I would

not have risked, given your propensity for badmouthing those with whom

you come in contact). You are dangerously incompetent as a hosting

provider, as you have demonstrated here repeatedly. Be thankful that

the person you stupidly granted root access to has a sense of ethics,

and learn your trade.



-[]z.

Well, if he had ethics he would have told me that his intentiosn were to screw my business and also he could actually tried to help me out.

I'am not incompetentm i;m a beginner and i learn along the way, also i ahvea hostign company and 3rd level tech that support me when it come to system administration.

Now, you were right about my bad mouth because iam going to tell you to sodoff.

 

[Íéêüëáïò Êïýñáò]

Ôç ÔåôÜñôç, 5 Éïõíßïõ 2013 9:55:46 ì.ì.UTC+3, ï ÷ñÞóôçò rusi Ýãñáøå:

<snipped>



In the normal run of things, I would say Chris has done a horrible

thing.

In this case however, let us remember:

Many people -- hardly exclusively Chris -- tried to educate you

1. on technical matters

2. on methodological matters (eg how to debug)

3. on matters of minimum etiquette -- eg spellchecking

4. on basic security



For the most part, you simply have not listened.

Finally Chris warned you what he can do.

Instead of listening, you whined: "I trust you!!" (Heres a kiss!) and

gave him your password.

He gently tapped you on your rather hard and impervious 'Ferrous

Cranus' to let you understand the implications.



Even now, instead of understanding that you were wrong throughout, you

are still blaming Chris -- Good Grief!



And you expect us to sympathize with you?!?! I dont know whether to

laugh or cry...



Please note Nikos:

If you obdurately, obstinately, insistently, incessantly behave like

an asshole, you leave no-one the choice but to treat you like an

asshole.



So... Are you an asshole?? One can only hope that you prove me wrong...

No, its your attitude that is beyond asshood.

I decided a long time ago the certain people on the Python list were
assholes, perhaps you are the leader here.

 

[Chris Angelico]

If you obdurately, obstinately, insistently, incessantly behave like
an asshole, you leave no-one the choice but to treat you like an
asshole.

This is Python. We duck-type people.

ChrisA

 

[Chris Angelico]

Well, if he had ethics he would have told me that his intentiosn were to screw my business and also he could actually tried to help me out.

I did.

I'am not incompetentm i;m a beginner and i learn along the way, also i ahve a hostign company and 3rd level tech that support me when it come to system administration.

Beginners learning along the way do not run businesses. I wouldn't
hire someone to build me a porch if he admits that he's still learning
which end of the hammer to hit with. (That's understandable if it's a
PHP hammer with claws on both ends, but I still wouldn't hire him.)
And if I hired someone to build that porch and only afterward
discovered that he didn't know a screw from a nail, I would be pretty
miffed. Nikos, you are that carpenter.

There's nothing wrong with being a beginner. We all start out that
way. But a beginner plays with things that don't have major
consequence. If you didn't have paying customers, you would not need
to worry about what I might have done; at very worst, you just wipe
the system and reinstall. (You DO have basic firewalling to make sure
I can't damage any other box, right?) And even more so, if you didn't
have paying customers, you would not be in a tizz about things. You
could simply set the matter aside and come back later. This is safe.

Don't do what you wouldn't stand for someone else doing.

ChrisA

 

[Íéêüëáïò Êïýñáò]

Ôç ÔåôÜñôç, 5 Éïõíßïõ 2013 10:13:41 ì.ì.. UTC+3, ï ÷ñÞóôçò Chris Angelico Ýãñáøå:

I did.






Beginners learning along the way do not run businesses. I wouldn't

hire someone to build me a porch if he admits that he's still learning

which end of the hammer to hit with. (That's understandable if it's a

PHP hammer with claws on both ends, but I still wouldn't hire him.)

And if I hired someone to build that porch and only afterward

discovered that he didn't know a screw from a nail, I would be pretty

miffed. Nikos, you are that carpenter.



There's nothing wrong with being a beginner. We all start out that

way. But a beginner plays with things that don't have major

consequence. If you didn't have paying customers, you would not need

to worry about what I might have done; at very worst, you just wipe

the system and reinstall. (You DO have basic firewalling to make sure

I can't damage any other box, right?) And even more so, if you didn't

have paying customers, you would not be in a tizz about things. You

could simply set the matter aside and come back later. This is safe.



Don't do what you wouldn't stand for someone else doing.

I'll have you know that all 10 of my client webpages run unproblematically and i support them by mail and teamviewer for free.

I have even bough Softaculous licenses for them to have joomla and Drupal install in an automatic way so things go smooth and easy for them because tehy can all build Joomla from scratch.

If i couldnt host their webistes i woudlnt have done so, but i can.
And when i find t hard their is always the webhost company that supports meby just openign a ticket.

 

[Dennis Lee Bieber]

In the US there is a law called the DMCA which I think would make what
you did illegal, even though i have you a password, because i
clearly gave you access to help me fix a problem, not to do what you
did. Of course US law doesn't help in this case since you i live in Greece and you live in Australia...

I doubt it... DMCA mainly concerns itself with the breaking of
copyright restrictions applied to media -- for example, e-books that are
keyed to single user's account. The "CA" part is "copyright act"
(without googling, I think the "DM" is "digital millenium"); the key is
"copyright". No copyrights were violated in this teaching...

But what you did was the equivalent of handing out the key to
strangers (on the Barnes&Noble Nook, the "key" is the combination of an
email address and a credit card number -- if you are willing to hand
your email and CC# to a perfect stranger they can legitimately open the
e-book file you gave them).

In short, you "said": I give you total control over my server; do
anything you want with it though I'd like for you to clean up my mess.

 

[rurpy]

I doubt it... DMCA mainly concerns itself with the breaking of
copyright restrictions applied to media -- for example, e-books that are
keyed to single user's account. The "CA" part is "copyright act"
(without googling, I think the "DM" is "digital millenium"); the key is
"copyright". No copyrights were violated in this teaching...

From vague memory (and without enough interest in the
subject to research it), I recall hearing several news
stories over the years where people where convicted (or
at least charged with) violating the DMCA (or perhaps
equally draconian followup U.S. laws) even though they
clearly penetrated the system to point out security flaws.

But what you did was the equivalent of handing out the key to
strangers (on the Barnes&Noble Nook, the "key" is the combination of an
email address and a credit card number -- if you are willing to hand
your email and CC# to a perfect stranger they can legitimately open the
e-book file you gave them).

In short, you "said": I give you total control over my server; do
anything you want with it though I'd like for you to clean up my mess.

No he didn't -- as I read his posts he was clearly offering
access for the purpose of having someone help him fix his
problems.

That I give you my car keys (even if you're a stranger) does
not mean I am giving you permission to do whatever you want
with my car.

Nor does the fact that I think you shouldn't pick up hitchikers
permit me to teach you a lesson by getting picked up by you and
then robbing you.

But a bunch of legally ignorant programmers (including myself)
speculating about the subject here is about as informative as
a group of 6-graders thoughts on Einstein's theory of relativity.

 

[Tim Chase]

On 06/05/2013 05:19 PM, Dennis Lee Bieber wrote:
stories over the years where people where convicted (or
at least charged with) violating the DMCA (or perhaps
equally draconian followup U.S. laws) even though they
clearly penetrated the system to point out security flaws.

I suspect you read "CFAA" (Computer Fraud & Abuse Act) and thought
"DMCA" (Digital Millennium Copyright Act), as there have been a
number of prosecutions under the CFAA (including the whole Aaron
Swartz ordeal) for nebulous "exceeding authorization".

-tkc

 

[Steven D'Aprano]

On Wed, 05 Jun 2013 03:32:42 -0700, Îικόλαος ΚοÏÏας wrote:

[...]

You spare it from the list because you wanted to bitch in private. Now
sod off.

Îικόλαος, please stop trading insults with people who you feel have
wronged you.

If somebody gives you deliberately bad advice, that is one thing.
Otherwise, please try to ignore their insults rather than throwing fuel
on the fire by insulting back.

But please also try to learn from them! Most of the criticisms given have
been valid, even if put rudely.

For example, this thread, and related threads, are ENORMOUS. I cannot
keep track of all the issues. Please try not to make this thread
unnecessarily complicated with rapid fire responses that don't help.

* Please think before you reply. Does your reply *help* the
conversation, or make it worse?

* Please stop making multiple changes at once. It makes it hard to see
what causes the breakage.

* If you change something, and it breaks, undo the change, then
experiment outside of your live system to try to understand and fix the
issue.


As for everyone else, please try to be polite and helpful, or don't reply
at all.


Thank you.

 

[Íéêüëáïò Êïýñáò]

Ôç ÐÝìðôç, 6 Éïõíßïõ 2013 6:57:08 ð.ì. UTC+3, ï ÷ñÞóôçò Steven D'Aprano Ýãñáøå:

On Wed, 05 Jun 2013 03:32:42 -0700, Íéêüëáïò Êïýñáò wrote:



[...]

You spare it from the list because you wanted to bitch in private. Now

sod off.

Íéêüëáïò, please stop trading insults with people who youfeel have

wronged you.



If somebody gives you deliberately bad advice, that is one thing.

Otherwise, please try to ignore their insults rather than throwing fuel

on the fire by insulting back.



But please also try to learn from them! Most of the criticisms given have

been valid, even if put rudely.



For example, this thread, and related threads, are ENORMOUS. I cannot

keep track of all the issues. Please try not to make this thread

unnecessarily complicated with rapid fire responses that don't help.



* Please think before you reply. Does your reply *help* the

conversation, or make it worse?



* Please stop making multiple changes at once. It makes it hard to see

what causes the breakage.



* If you change something, and it breaks, undo the change, then

experiment outside of your live system to try to understand and fix the

issue.





As for everyone else, please try to be polite and helpful, or don't reply

at all.





Thank you.

Okey as, you ahve seen form yesterday night(Greek time) i have stopped answering to this thread.
I have said what needed ot be heard.

 

[rurpy]

I suspect you read "CFAA" (Computer Fraud & Abuse Act) and thought
"DMCA" (Digital Millennium Copyright Act), as there have been a
number of prosecutions under the CFAA (including the whole Aaron
Swartz ordeal) for nebulous "exceeding authorization"/

Yes, thanks for correcting that.