So I host a few joomla sites on my linode and know there are some potential vulnerabilities in doing so. I took some time and read many articles on how to secure apache and the rest of my install to protect against many of the common hacks.

My problem now is that I think I made it "too secure", I am unable to upload files from a browser. I tried to remove mod security and had the same issue, I checked some things in php.ini and from what I can tell thats not blocking it. What else could be blocking the files from making it to the server?

One of the scripts allows for an image to be uploaded and resize it. When I look at the error log the first item is that it can not find the image where it should have been placed. This is whats making me think that some setting somewhere is still messing with me.

Its Centos if that helps.

Thanks guys.

Does the web server have write permissions to the directory where your uploaded files are supposed to go? The directory should be owned by the same user as the web server, or else it should be writable by everyone (permission 777).

yes

Do you have SELinux enabled? This is a common problem with CentOS and SELinux when changing where the web server document root is. Google around.

_________________
Rgds
Stephen
(Linux user since kernel version 0.11)

I have checked that, It is not enabled.

which of the statements are true?

Do you mind posting your php.ini? here preferably

files and folders are owned by user apache:bbt and are 775

php.ini --> http://pastebin.linode.com/1524

any other ideas?

Which log ? It would be worth posting the relevant, sanitized lines, as well as whatever is posted back to your browser, if anything.

Is this a Joomla script, or one you've written and included in the site ? If Joomla, have you checked the config for the module, and for whichever graphics module/toolkit you're using for the resize ?

Does it fail for all (Joomla) users and file sizes ?

This is not a joomla script, I will try and get the log file posted shortly.

May be worth posting that also.

sorry it took so long.... any ideas?

[Wed Dec 10 18:10:23 2008] [error] [client 65.24.37.56] PHP Warning:  imagecreatefromjpeg() [<a href='function.imagecreatefromjpeg'>function.imagecreatefromjpeg</a>]: open_basedir restriction in effect. File(/tmp/phpGC7YF1) is not within the allowed path(s): (/var/www/html/) in /var/www/html/bitchesbetrippin.com/uploader2/submit.php on line 26, referer: http://www.bitchesbetrippin.com/uploader2/submit.php
[Wed Dec 10 18:10:23 2008] [error] [client 65.24.37.56] PHP Warning:  imagecreatefromjpeg(/tmp/phpGC7YF1) [<a href='function.imagecreatefromjpeg'>function.imagecreatefromjpeg</a>]: failed to open stream: Operation not permitted in /var/www/html/bitchesbetrippin.com/uploader2/submit.php on line 26, referer: http://www.bitchesbetrippin.com/uploader2/submit.php
[Wed Dec 10 18:10:23 2008] [error] [client 65.24.37.56] PHP Warning:  imagejpeg(): supplied argument is not a valid Image resource in /var/www/html/bitchesbetrippin.com/uploader2/submit.php on line 45, referer: http://www.bitchesbetrippin.com/uploader2/submit.php
[Wed Dec 10 18:10:23 2008] [error] [client 65.24.37.56] PHP Warning:  chmod() [<a href='function.chmod'>function.chmod</a>]: No such file or directory in /var/www/html/bitchesbetrippin.com/uploader2/submit.php on line 46, referer: http://www.bitchesbetrippin.com/uploader2/submit.php
[Wed Dec 10 18:10:23 2008] [error] [client 65.24.37.56] PHP Warning:  getimagesize(image_files/eric.jpg) [<a href='function.getimagesize'>function.getimagesize</a>]: failed to open stream: No such file or directory in /var/www/html/bitchesbetrippin.com/uploader2/submit.php on line 51, referer: http://www.bitchesbetrippin.com/uploader2/submit.php
[Wed Dec 10 18:10:23 2008] [error] [client 65.24.37.56] PHP Warning:  imagedestroy(): supplied argument is not a valid Image resource in /var/www/html/bitchesbetrippin.com/uploader2/submit.php on line 75, referer: http://www.bitchesbetrippin.com/uploader2/submit.php
[Wed Dec 10 18:10:23 2008] [error] [client 65.24.37.56] File does not exist: /var/www/html/bitchesbetrippin.com/uploader2/image_files/eric.jpg, referer: http://www.bitchesbetrippin.com/uploader2/submit.php?upload_message=Image%20Uploaded&upload_message_type=success&show_image=eric.jpg

This might be your problem:

[Wed Dec 10 18:10:23 2008] [error] [client 65.24.37.56] PHP Warning:  imagecreatefromjpeg() [<a href='function.imagecreatefromjpeg'>function.imagecreatefromjpeg</a>]: open_basedir restriction in effect. File(/tmp/phpGC7YF1) is not within the allowed path(s): (/var/www/html/) in /var/www/html/bitchesbetrippin.com/uploader2/submit.php on line 26, referer: http://www.bitchesbetrippin.com/uploader2/submit.php

...where you have set in php.ini:

what would the issue be with this?

Surely you jest ? Oi ?

(Non ? open_basedir is doing exactly as per the comments in php.ini. Either you'lll need to change your script so that it operates within the the aforementioned path, /var/www/html, or change the open_basedir path to fit your script.)