...

View Full Version : Php file being accessed as a cron job, not by http request



jeremyb
10-15-2012, 07:34 PM
Hello everyone, hopefully someone with security knowledge can point me in the right direction. I currently have a couple php files in my public directory that are ran once a day at a specified time as a cron job. One file compairs data in a Mysql table and depending on the results sends out a very small email to about 20-25 email addresses or 4 email addresses. Basicly, the four emails addresses are used when there is a problem, two of the four email addresses used are point to email/text sms address. Well my problem came in at two oclock this morning, when the cron job was not scheduled to run until 9 o'clock am. Not only did the file execute at 2 oclock in the morning, it executed 4713 times, therefore sending me and one other person that many emails as well as text messages to our cell phones.

After looking at my access logs around that time it looks as if Yahoo Slurp has spidered the site. I immediately removed the cron job, delete the main file and also found the second file that was originally created as a test file and deleted it. Needless to say, that did not even slow down the request. We continued to receive messages until around 7:30 am. I now wonder if that file was copied relocated on another server and continued to be accessed.

The main file used was just a basic php file that connected to a mysql database and mailed results via php mail function. I also added
" if ($_SERVER["REMOTE_ADDR"] != $_SERVER["SERVER_ADDR"]) die("Invalid Request");" to the first line of the file, which should have only allowed this file to run from the server not by a http request.

Now it is possible that the problem could have been generated by the second file which I originally used to tweak the mysql results upon designing. This file did not have
" if ($_SERVER["REMOTE_ADDR"] != $_SERVER["SERVER_ADDR"]) die("Invalid Request");" located in it and could be executed by http request. I totally deleted this file from the server, but I still have concerns that if the file was copied and relocated on another server, each time it is accessed in the future we will receive emails, if not tons of emails. This idea has really been useful and I am not sure if there is another way to secure this process from web bots or http requests. I thought about maybe added fields to the mysql database and using a check method such as (sent_today=date timestamp and if sent=today's date don't send) this would possibly limit the messages two one per day, i guess but not sure.

If anyone has faced this problem before or have any suggestions or what can be changed or improved to continue this process but prevent it from sending a ton of emails and text message when hit from the outside I would appreciate your comments.

Jeremy

Fou-Lu
10-15-2012, 08:20 PM
Don't use $_SERVER anything on a php file that isn't served through http. There is little useful information within $_SERVER on the CLI.
The solution is easier than this. Move this file above the document root for the website.
The file could only be copied if there was a failure in apache to parse the PHP code or if the filesystem was compromised. I can copy the output of any file on want online, but I can't get ahold of the source of it when it is served through the webhost.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum