Archive for the ‘Security’ Tag

Failed to download this file. Error code 0x800C0008

Friday, January 6th, 2017

One of our services gave an odd error. External user would attempt to access it and they would get an error about a configuration file not downloading.

The part of the error message that interested me was:

Failed to download this file. Error code 0x800C0008

What was odd was the service worked inside the firewall.

I thought it was browser related and checked the Net.

I tried the suggested registry change:

  1. Start Registry Editor.
  2. For a per-user setting, locate the following registry key:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

    For a per-computer setting, locate the following registry key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
  3. On the Edit menu, click Add Value, and then add the following value:
    BypassSSLNoCacheCheck“=Dword:00000001
  4. Exit Registry Editor.

This did not need a reboot and the change worked.

To add more “oddness” the service started working before the affected users made the change.

Hmmmmmm?  Network people or Security people?

Advertisements

PHPINFO on the home page

Wednesday, December 17th, 2014

A recent audit found the homepage of an Apache server with phpinfo() information displaying. Phpinfo() is a valuable debugging tool as it contains all EGPCS (Environment, GET, POST, Cookie, Server) data. Really useful for debugging and information gathering if you want to attack a system.

If you are not used to handling Apache, the obvious question is what to do?

The server in question for whatever reason; didn’t have a regular home page.  Probably a test environment or a “quick fix” for a problem.

The obvious solution is to get this information out of the home page.  A quick examination of the index.php file showed:

<?php
phpinfo();
?>

It would be simple to disable phpinfo() or remove the entry but the resulting page would be blank and to some in the PHP world; this is the “White Page of Death” which could cause confusion and waste time.

Since there wasn’t a home page; a simple print command was used to display a message.  For this example “hello:”

<?php
print("Hello");
?>

This eliminates the problem but we can go further by disabling phpinfo(). This is accomplished by a change in the php.ini file.

; This directive allows you to disable certain functions for security reasons.
; It receives a comma-delimited list of function names. This directive is
; *NOT* affected by whether Safe Mode is turned On or Off.
; http://www.php.net/manual/en/ini.sect.safe-mode.php#ini.disable-functions
disable_functions = phpinfo

This requires restarting httpd.

phpinfo() can be restarted by simply placing a “;” in the disable_functions line and restarting httpd.

Audit answered; now back to our regularly scheduled entertainment.

Disabling phpinfo

Friday, December 12th, 2014

Penetration testing is something every IT group should perform as it can point out things which are often overlooked.

Such was the case of a small Apache server which uses PHP to provide an internal service. A recent PEN test showed the phpinfo function was enabled and it was the default page.

Phpinfo is a useful debugging tool as it will contain the EGPCS (Environment, GET, POST, Cookie, Server) data. This data is very useful for somebody who would want to attack the server. It is something that should be disabled.

If you never work with or rarely work with PHP, the obvious question is “How?”

Phpinfo is controlled through the php.ini file on the server. If the default parameters were used, it will exist in the /etc directory. If you are not sure, you can review the phpinfo information.  In my case, http://<server name or ip>  (I did mention this was a small server right?  Defaults).

There are other ways to disable the function but the best way is at the main php.ini file.

edit the php.ini file and look for disable_functions.

If you have a tightly controlled server, there will be other entries on that line.  Simply add :  ,phpinfo

In my case, the line looked like: disable_functions = phpinfo

After that, save your work and restart http by entering: service httpd restart

Phpinfo no longer displayed information.

Counterspy Enterprise discontinued.

Wednesday, April 3rd, 2013

A major problem of IT people is the tendency to keep everything with the justification of “But I might need this some day!” I was cleaning my cube and found our old copy of Counterspy Enterprise. Keep or toss?

I did a quick check on the Net and found the product had been discontinued with a suggestion to upgrade it to Vipre Enterprise. Sounds nice but for two problems 1) The upgrade chance was two years ago.  2) My current company likes SEP.

Into the recycle bin it goes.