Current time: 04-23-2014, 03:07 PM Hello There, Guest! (LoginRegister)

Post Reply 
Logs directory unreadable?
08-11-2011, 12:37 PM
Post: #11
RE: Logs directory unreadable?
I just received a reply from support and the problem is solved indeed.
Find all posts by this user
Quote this message in a reply
08-11-2011, 04:44 PM
Post: #12
RE: Logs directory unreadable?
My response from DH was:
Quote:Hi, I'm very sorry that you were affected by this issue. It was necessary
to change our log structure and permissions in order to deal with a
possible security vulnerability. Typically we would announce a change of
this size, but announcing a possible vulnerability isn't a very good
idea. Due to the nature of the issue, we will not be able to switch it
back to the previous method by which logs were FTP accessible either. I
apologize.

That being said, I've re-configured things and your logs should now all
have the correct permissions in order to be accessible via scp/ssh/sftp.
Please let me know if you're still having troubles.
Find all posts by this user
Quote this message in a reply
08-12-2011, 05:26 PM
Post: #13
RE: Logs directory unreadable?
hm. this is troubling. i thoroughly enjoyed the ability to simply ftp into my site and read the raw .log files to get a real-time snapshot of what was happening with my stats.

really, dreamhost?
by you killing this "feature", i'm pricing out alternative web hosts right this moment.

i've been with you guys for years and i would hate for this to be the issue that causes me to find hosting elsewhere with a competitor.

and if the current configuration is your final solution then please update your "official" knowledge base accordingly. As it is served now, it is incorrect:
http://blog.dreamhosters.com/kbase/index.cgi?area=400

thanks.
Find all posts by this user
Quote this message in a reply
08-12-2011, 06:02 PM
Post: #14
RE: Logs directory unreadable?
(08-12-2011 05:26 PM)spf33 Wrote:  hm. this is troubling. i thoroughly enjoyed the ability to simply ftp into my site and read the raw .log files to get a real-time snapshot of what was happening with my stats.

really, dreamhost?
by you killing this "feature", i'm pricing out alternative web hosts right this moment.

You can still view the logs via ssh. You just can't do so using FTP at the present time.

Quote:and if the current configuration is your final solution then please update your "official" knowledge base accordingly. As it is served now, it is incorrect:
http://blog.dreamhosters.com/kbase/index.cgi?area=400

Per the black notice on the top of that page, it's an unofficial, five-year-old mirror of our (old) Knowledge Base.
Find all posts by this user
Quote this message in a reply
08-12-2011, 07:22 PM
Post: #15
RE: Logs directory unreadable?
(08-12-2011 05:26 PM)spf33 Wrote:  hm. this is troubling. i thoroughly enjoyed the ability to simply ftp into my site and read the raw .log files to get a real-time snapshot of what was happening with my stats.

You look at the raw log files for a snapshot? Isn't that inefficient? I've written a few scripts using basic cat and grep and the like to summarise the logs, but I only look at the logs when I'm trying to track down some abnormal behaviour on the part of the app or the users. If you want something real time, why not write a small php program that calls a bash script to summarise the logs and then display the result in a browser? You could do simple password protection with .htaccess. I'm sure that would be far better than looking through the logs in an FTP client.

You shouldn't be using FTP anyway as your account information won't be secure. At least with .htaccess you can set up a user/pass that only applies to the summary page.
Find all posts by this user
Quote this message in a reply
08-12-2011, 07:27 PM
Post: #16
RE: Logs directory unreadable?
(08-12-2011 06:02 PM)andrewf Wrote:  Per the black notice on the top of that page, it's an unofficial, five-year-old mirror of our (old) Knowledge Base.

true. apologies. in my haste to find the simple solution to a seemingly simple problem, i misread "unofficial" as "official".

still, leaves me surprised there is no "official" knowledge base that does address the issue.

my problem still stands, however; "Due to the nature of the issue, we will not be able to switch it back to the previous method by which logs were FTP accessible either". not cool, dreamhost.
Find all posts by this user
Quote this message in a reply
08-12-2011, 08:40 PM
Post: #17
RE: Logs directory unreadable?
(08-12-2011 07:27 PM)spf33 Wrote:  still, leaves me surprised there is no "official" knowledge base that does address the issue.

wiki.dreamhost.com not official enough for you? it's linked from the top of the panel...

(08-12-2011 07:27 PM)spf33 Wrote:  my problem still stands, however; "Due to the nature of the issue, we will not be able to switch it back to the previous method by which logs were FTP accessible either". not cool, dreamhost.

When it comes to FTP, which is inherently insecure, I'm more likely to see restricted use of it as a bonus. Anything which prevents my sites from being attacked, especially from someone else's account or lax security practices, is a plus in my book.
Find all posts by this user
Quote this message in a reply
08-12-2011, 08:41 PM
Post: #18
RE: Logs directory unreadable?
(08-12-2011 07:22 PM)bobocat Wrote:  You look at the raw log files for a snapshot?
yes.

(08-12-2011 07:22 PM)bobocat Wrote:  Isn't that inefficient?

to who? you? no, not inefficient to me. worked great for my needs, thanks.

(08-12-2011 07:22 PM)bobocat Wrote:  If you want something real time, why not write a small php program that calls a bash script to summarise the logs and then display the result in a browser?

because that route is beyond my needs. I just want simple ftp access to the .log text file. plain and simple as that.

(08-12-2011 07:22 PM)bobocat Wrote:  You shouldn't be using FTP anyway as your account information won't be secure.

thanks, i appreciate the advice.
but i really just want my .log file available through ftp again.
Find all posts by this user
Quote this message in a reply
08-13-2011, 02:51 AM
Post: #19
RE: Logs directory unreadable?
(08-12-2011 08:40 PM)bobocat Wrote:  When it comes to FTP, which is inherently insecure, I'm more likely to see restricted use of it as a bonus. Anything which prevents my sites from being attacked, especially from someone else's account or lax security practices, is a plus in my book.

Couldn't have explained it better myself...
Find all posts by this user
Quote this message in a reply
08-13-2011, 07:00 PM (This post was last modified: 08-13-2011 07:01 PM by bobocat.)
Post: #20
RE: Logs directory unreadable?
(08-12-2011 08:41 PM)spf33 Wrote:  thanks, i appreciate the advice.
but i really just want my .log file available through ftp again.

WARNING: this script probably has multiple vulnerability issues. You should make an effort to secure it with both .htaccess and limiting to a known IP address (and probably more).

Assuming you know your IP address in advance or are willing to secure this script by other means (recommended!), you could do something like this:

PHP Code:
<?php
// change to match your IP address:
$ip_address '0.0.0.0';

if(
$_SERVER['REMOTE_ADDR'] != $ip_address) {
    echo 
"<h1>Not authorised!</h1>";
    die();
}

$site = (preg_match('/[\(\)\|;\s]+/'$_GET['site']) === 0) ? $_GET['site'] : null ;
$which = (preg_match('/[\(\)\|;\.\s]+/'$_GET['which']) === 0) ? $_GET['which'] : null ;

if (
$site === null || $which === null) {
    echo 
"<h1>Hacker!</h1>";
    die();
}

$r shell_exec("cat /logs/$site/http/$which.log");

if (
$r == null) {
    
$r "Sorry, $which.log for http://$site is empty.";
}

echo 
"<pre>$r</pre>";

?>

Then the following would give you your log: http://example.com/?site=mysite.com&which=access
Find all posts by this user
Quote this message in a reply
Post Reply 


Forum Jump: