2

When we have to edit php files on the webserver, sometimes our website prints out part of what i think is a bytemark to "lock" the file from nano. On the website, it then adds weird strings like for example:

b0nano 4.8��roothostnamefilename.class.req.php

where hostname is the name of the ubuntu server and the rest is the filename of the php file. That obviously shouldnt happen and i'm afraid that it exposes information or makes files editable by guessing their location and url.

Is there a way to keep nano from doing that or avoiding printing out that string? One time it caused an index.php script to just print out its contents to everyone instead of being executed.

radonthetyrant
  • 183
  • 1
  • 6
  • 1
    Have you actually tried to edit a file with nano to compare it to its original version? AFAIK nano doesn't do what you describe. Also, if your website is that insecure that you're worried filenames will make it hackable and that `.php` files can be printed instead of executed, you have way worse problems than nano. – Ginnungagap Feb 18 '21 at 07:45
  • @Ginnungagap yes yes i'm aware of the hundreds other risks. Just humor me for science how I could prevent that thing from showing up – radonthetyrant Feb 19 '21 at 10:25
  • As I said, I've never seen nano do this, can you be 100% sure it's nano (ie. my first question)? – Ginnungagap Feb 19 '21 at 11:04
  • @Ginnungagap it only happens once we edit a file with nano, it doesnt happen any other time. Additionally the byte text has "nano" in its name which makes me very confident it is nano causing this. I havent used it with any other editor tho – radonthetyrant Feb 20 '21 at 16:04
  • Can you post your `/etc/nanorc`? And any relevant user specific one? – Ginnungagap Feb 21 '21 at 08:07
  • Also, what's the host OS and nano version? – Ginnungagap Feb 21 '21 at 08:09

0 Answers0