Can no longer upload to my site!!

Private Joined: Jun 20, 2003 Posts: 36

My web host was hacked over xmas and they have changed their servers to make them more "secure" since this I have no longer been able to upload to my site, either in the gallery or the downloads module.

I get the following error

Warning: copy(): open_basedir restriction in effect. File(/tmp/php8GNRLV) is not within the allowed path(s): (/home/www/) in /home/www/mysite/modules/Downloads/index.php on line 448

Warning: unlink(): open_basedir restriction in effect. File(/tmp/php8GNRLV) is not within the allowed path(s): (/home/www/) in /home/www/mysite/modules/Downloads/index.php on line 453

I get a similar error when trying to upload to my gallery.

I emailed my hosts and they said

Quote:

Also,
it sounds like you are using php_upload to upload your files, you need to make
sure that your scritps are streaming the files from the

tmp folder to your upload folder

the code for php uploads should be

eg

if (is_uploaded_file($_FILES['userfile']['tmp_name'])) {
...
if (!move_uploaded_file($_FILES['userfile']['tmp_name'], $dest)) {
...
}
}

where $dest is in my home dir. move_uploaded_file fails. As you can see
this is standard PHP code.

php script do not have access directly to the /tmp folder, as it is a big
security whole with php, which it would appear that your scripts

are doing, you therefore need to make the necessary changes in your code for the
php_upload to work

This is all new to me as the site was working fine a week ago and now it wont let me upload.
I have tried chmodding the tmp/ folder to have write permissions but that didnt work, can someone help me out

Cheers

Posted: Tue Jan 06, 2004 7:33 am

the same thing happened to me...you, by chance aren't using greenmountaccess.net are you!? figures that the only time i really need to use my gallery, for a portfolio that a customer needs to see, it doesn't work...i NEED a new module that allows upload via html now...i am so pissed! i paid good money for that module!

Private Joined: Jun 20, 2003 Posts: 36

No Im with web-mania

Can someone help me out with getting my uploads working again.

Another weird thing that has happened is that I cant enter any fields into my polls, if i enter any it still saves the poll with no fields!!

Nuke Cadet Joined: Jan 07, 2004 Posts: 4

Not sure 100 % about this, but Ive seen this error on my own site and what I did to fix it was to restore the saved (backed up) (last known working copy)database file in mysql on my web host.... problem solved.... I think this error may be just a table or 2 in the databse got corrupted somehow

Nuke Cadet Joined: Jan 07, 2004 Posts: 4

Also check folder and file permissions again in case they too have changed after some hackers were there or whatever.....I know this is obvious, but the easiest stuff to forget is usually the most obvious heh...

Nuke Cadet Joined: Jan 07, 2004 Posts: 4

umm check your folders permissions first before doing any database restore... hopefully you wont need to do that, and Im not sure that will even fix it...Im not an expert but doing recent installs the things are fresh in my mind...

Private Joined: Jun 20, 2003 Posts: 36

what should the folder permissions be?

e.g. what chmod parameter?

cheers

Private Joined: Jun 20, 2003 Posts: 36

can anyone else offer some help here, this problem is really getting on my nerves!

Sergeant Joined: Dec 19, 2003 Posts: 105

Directory permissions need to be 777 (read/write/execute for owner, group, public). On some server setups you can get away with as little as 666 (read/write for owner, group, public). The warning messages you received though do not indicate this to be the problem. They say the script is trying to use the copy() and unlink() functions on the server's /tmp directory which you aren't allowed to do. I agree with your host; scripts should not have direct access to that folder because it's an easy way to break into a server.

I haven't looked at or used either script; however, your host did tell you what needed to be fixed. The scripts have to be modified to use move_uploaded_file() instead of copy/unlink. Depending on how your server is set up, you might also be able to do this by merely creating and using a /tmp directory for uploads located within your own allowed directory structure.

Private Joined: Jun 20, 2003 Posts: 36

thanks for the help mate!

Im getting even more stuck now.
It seems I have 2 gallery folders on my website, one in my home dir and on in the modules/ folder.

I tried deleting each one at a time and one will not work without the other, so I created a new temp folder called "tempdir" and cmodded it as you said but it seems that the gallery is still trying to use the /tmp folder even though I have run through the config to tell it to use the new tempdir folder

It still states

Error: The file "/tmp/phpVsByDd" does not exist

Cheers for any more help

Private Joined: Jun 20, 2003 Posts: 36

also if i was to try and edit the scripts, which files would I need to edit ?

Sergeant Joined: Dec 19, 2003 Posts: 105

Which specific scripts and versions are you running? There seems to be a few of each type around.

Private Joined: Jun 20, 2003 Posts: 36

gallery 1.4.1
and advanced downloads module

But the gallery is the main one I am wanting to fix!