+ Responder ao Tópico



  1. #1
    VirTualLoPeZ
    Visitante

    Padrão Possível Falha de segurança

    Boas,

    Agradecia opiniões sobre uma situação que detectei num dos servidores web da minha empresa.
    Pelo que os logs indicam, acho que pode estar a ocorrer uma brecha de segurança no apache ou o iptables não está a funcionar correctamente.

    Detectei o seguinte no error.log do apache:

    --22:22:23-- http://icezinhu.by.ru/2m0rgan.txt
    => `2m0rgan.txt'
    Resolving icezinhu.by.ru... 217.16.29.51
    Connecting to icezinhu.by.ru|217.16.29.51|:80... connected.
    HTTP request sent, awaiting response... 200 OK
    Length: 29,940 (29K) [text/plain]

    0K .......... .......... ......... 100% 115.03 KB/s

    22:22:23 (115.03 KB/s) - `2m0rgan.txt' saved [29940/29940]

    --22:22:24-- http://icezinhu.by.ru/2m0rgan.txt
    => `2m0rgan.txt'
    Resolving icezinhu.by.ru... --22:22:27-- http://icezinhu.by.ru/2m0rgan.txt
    => `2m0rgan.txt'
    Resolving icezinhu.by.ru... 217.16.29.51
    Connecting to icezinhu.by.ru|217.16.29.51|:80... connected.
    HTTP request sent, awaiting response... 200 OK
    Length: 29,940 (29K) [text/plain]

    0K .......... .......... ......... 100% 56.94 KB/s

    22:22:28 (56.94 KB/s) - `2m0rgan.txt' saved [29940/29940]

    sh: print: command not found
    % Total % Received % Xferd Average Speed Time Time Time Current
    Dload Upload Total Spent Left Speed

    0 29940 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0217.16.29.51
    Connecting to icezinhu.by.ru|217.16.29.51|:80... connected.
    HTTP request sent, awaiting response... 200 OK
    Length: 29,940 (29K) [text/plain]
    2m0rgan.txt has sprung into existence.
    Retrying.


    100 29940 100 29940 0 0 32649 0 --:--:-- --:--:-- --:--:-- 44094
    --22:22:30-- http://icezinhu.by.ru/2m0rgan.txt
    (try: 2) => `2m0rgan.txt.1'
    Connecting to icezinhu.by.ru|217.16.29.51|:80... connected.
    HTTP request sent, awaiting response... 200 OK
    Length: 29,940 (29K) [text/plain]

    0K .......... .......... ......... 100% 68.30 KB/s

    utime(2m0rgan.txt.1): No such file or directory
    22:22:31 (68.30 KB/s) - `2m0rgan.txt.1' saved [29940/29940]

    sh: print: command not found
    --22:22:31-- http://icezinhu.by.ru/2m0rgan.txt
    => `2m0rgan.txt'
    Resolving icezinhu.by.ru... % Total % Received % Xferd Average Speed Time Time Time Current
    Dload Upload Total Spent Left Speed

    0 29940 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0217.16.29.51
    Connecting to icezinhu.by.ru|217.16.29.51|:80... connected.
    HTTP request sent, awaiting response... 200 OK
    Length: 29,940 (29K) [text/plain]
    2m0rgan.txt has sprung into existence.
    Retrying.


    100 29940 100 29940 0 0 42051 0 --:--:-- --:--:-- --:--:-- 60853
    sh: fetch: command not found
    --22:22:32-- http://icezinhu.by.ru/2m0rgan.txt
    (try: 2) => `2m0rgan.txt.1'
    Connecting to icezinhu.by.ru|217.16.29.51|:80... connected.
    HTTP request sent, awaiting response... 200 OK
    Length: 29,940 (29K) [text/plain]

    0K .......... .......... ......... 100% 84.85 KB/s

    22:22:33 (84.85 KB/s) - `2m0rgan.txt.1' saved [29940/29940]

    sh: print: command not found
    Can't open perl script "2m0rgan.txt": No such file or directory.
    Use -S to search $PATH for it.
    --22:22:33-- http://icezinhu.by.ru/2m0rgan.txt
    => `2m0rgan.txt'
    Resolving icezinhu.by.ru... 217.16.29.51
    Connecting to icezinhu.by.ru|217.16.29.51|:80... % Total % Received % Xferd Average Speed Time Time Time Current
    Dload Upload Total Spent Left Speed

    0 29940 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0connected.
    HTTP request sent, awaiting response... 200 OK
    Length: 29,940 (29K) [text/plain]

    0K .......... ..
    100 29940 100 29940 0 0 50791 0 --:--:-- --:--:-- --:--:-- 87034
    .......sh: fetch: command not found
    . ......... 100% 33.99 KB/s

    22:22:34 (33.99 KB/s) - `2m0rgan.txt' saved [29940/29940]

    % Total % Received % Xferd Average Speed Time Time Time Current
    Dload Upload Total Spent Left Speed

    14 29940 14 4344 0 0 10803 0 0:00:02 --:--:-- 0:00:02 10803--22:22:35-- http://icezinhu.by.ru/2m0rgan.txt
    => `2m0rgan.txt.1'
    Resolving icezinhu.by.ru... 217.16.29.51
    Connecting to icezinhu.by.ru|217.16.29.51|:80... connected.
    HTTP request sent, awaiting response... 200 OK
    Length: 29,940 (29K) [text/plain]

    0K ........
    100 29940 100 29940 0 0 32974 0 --:--:-- --:--:-- --:--:-- 50685
    .. .......... ..Can't open perl script "2m0rgan.txt": No such file or directory.
    Use -S to search $PATH for it.
    sh: fetch: command not found
    ....... 100% 87.47 KB/s

    utime(2m0rgan.txt.1): No such file or directory
    22:22:35 (87.47 KB/s) - `2m0rgan.txt.1' saved [29940/29940]

    Can't open perl script "2m0rgan.txt": No such file or directory.
    Use -S to search $PATH for it.
    % Total % Received % Xferd Average Speed Time Time Time Current
    Dload Upload Total Spent Left Speed

    0 29940 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
    100 29940 100 29940 0 0 39766 0 --:--:-- --:--:-- --:--:-- 58135
    --22:22:37-- http://icezinhu.by.ru/2m0rgan.txt
    => `2m0rgan.txt'
    Resolving icezinhu.by.ru... 217.16.29.51
    Connecting to icezinhu.by.ru|217.16.29.51|:80... connected.
    HTTP request sent, awaiting response... Can't open perl script "2m0rgan.txt": No such file or directory.
    Use -S to search $PATH for it.
    200 OK
    Length: 29,940 (29K) [text/plain]
    2m0rgan.txt has sprung into existence.
    Retrying.

    --22:22:38-- http://icezinhu.by.ru/2m0rgan.txt
    (try: 2) => `2m0rgan.txt.1'
    Connecting to icezinhu.by.ru|217.16.29.51|:80... connected.
    HTTP request sent, awaiting response... sh: fetch: command not found
    200 OK
    Length: 29,940 (29K) [text/plain]

    0K .......... .......... ......... 100% 48.37 KB/s

    22:22:39 (48.37 KB/s) - `2m0rgan.txt.1' saved [29940/29940]

    Can't open perl script "2m0rgan.txt": No such file or directory.
    Use -S to search $PATH for it.
    --22:22:40-- http://icezinhu.by.ru/2m0rgan.txt
    => `2m0rgan.txt'
    Resolving icezinhu.by.ru... 217.16.29.51
    Connecting to icezinhu.by.ru|217.16.29.51|:80... connected.
    HTTP request sent, awaiting response... 200 OK
    Length: 29,940 (29K) [text/plain]

    0K .......... .......... ......... 100% 68.64 KB/s

    22:22:41 (68.64 KB/s) - `2m0rgan.txt' saved [29940/29940]

    sh: print: command not found
    Can't open perl script "2m0rgan.txt": No such file or directory.
    Use -S to search $PATH for it.
    sh: fetch: command not found
    % Total % Received % Xferd Average Speed Time Time Time Current
    Dload Upload Total Spent Left Speed

    0 29940 0 0 0 0 0 0 --:--:-- 0:00:03 --:--:-- 0
    100 29940 100 29940 0 0 8186 0 0:00:03 0:00:03 --:--:-- 70613
    Can't open perl script "2m0rgan.txt": No such file or directory.
    Use -S to search $PATH for it.
    sh: fetch: command not found
    --22:22:45-- http://icezinhu.by.ru/2m0rgan.txt
    => `2m0rgan.txt'
    Resolving icezinhu.by.ru... 217.16.29.51
    Connecting to icezinhu.by.ru|217.16.29.51|:80... connected.
    HTTP request sent, awaiting response... 200 OK
    Length: 29,940 (29K) [text/plain]

    0K .......... .......... ......... 100% 86.04 KB/s

    22:22:46 (86.04 KB/s) - `2m0rgan.txt' saved [29940/29940]

    sh: print: command not found
    % Total % Received % Xferd Average Speed Time Time Time Current
    Dload Upload Total Spent Left Speed

    0 29940 0 0 0 0 0 0 --:--:-- 0:00:05 --:--:-- 0
    100 29940 100 29940 0 0 5364 0 0:00:05 0:00:05 --:--:-- 88318
    % Total % Received % Xferd Average Speed Time Time Time Current
    Dload Upload Total Spent Left Speed

    0 29940 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
    19 29940 19 5792 0 0 7335 0 0:00:04 --:--:-- 0:00:04 33871
    100 29940 100 29940 0 0 21518 0 0:00:01 0:00:01 --:--:-- 38732
    --22:22:48-- http://icezinhu.by.ru/2m0rgan.txt
    => `2m0rgan.txt'
    Resolving icezinhu.by.ru... 217.16.29.51
    Connecting to icezinhu.by.ru|217.16.29.51|:80... connected.
    HTTP request sent, awaiting response... 200 OK
    Length: 29,940 (29K) [text/plain]
    2m0rgan.txt has sprung into existence.
    Retrying.

    Missing right curly or square bracket at 2m0rgan.txt line 281, at end of line
    syntax error at 2m0rgan.txt line 281, at EOF
    Execution of 2m0rgan.txt aborted due to compilation errors.
    sh: fetch: command not found
    --22:22:49-- http://icezinhu.by.ru/2m0rgan.txt
    (try: 2) => `2m0rgan.txt.1'
    Connecting to icezinhu.by.ru|217.16.29.51|:80... connected.
    HTTP request sent, awaiting response... 200 OK
    Length: 29,940 (29K) [text/plain]

    0K .......... .......... .....sh: fetch: command not found
    .... 100% 68.53 KB/s

    utime(2m0rgan.txt.1): No such file or directory
    22:22:50 (68.53 KB/s) - `2m0rgan.txt.1' saved [29940/29940]

    sh: print: command not found
    Can't open perl script "2m0rgan.txt": No such file or directory.
    Use -S to search $PATH for it.
    --22:22:50-- http://icezinhu.by.ru/2m0rgan.txt
    => `2m0rgan.txt'
    Resolving icezinhu.by.ru... 217.16.29.51
    Connecting to icezinhu.by.ru|217.16.29.51|:80... connected.
    HTTP request sent, awaiting response... 200 OK
    Length: 29,940 (29K) [text/plain]

    0K .......... .......... ......... 100% 85.76 KB/s

    22:22:51 (85.76 KB/s) - `2m0rgan.txt' saved [29940/29940]

    % Total % Received % Xferd Average Speed Time Time Time Current
    Dload Upload Total Spent Left Speed

    0 29940 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
    57 29940 57 17376 0 0 36764 0 --:--:-- --:--:-- --:--:-- 70634
    100 29940 100 29940 0 0 53449 0 --:--:-- --:--:-- --:--:-- 89909
    Can't open perl script "2m0rgan.txt": No such file or directory.
    Use -S to search $PATH for it.
    --22:22:52-- http://icezinhu.by.ru/2m0rgan.txt
    => `2m0rgan.txt'
    Resolving icezinhu.by.ru... sh: fetch: command not found
    % Total % Received % Xferd Average Speed Time Time Time Current
    Dload Upload Total Spent Left Speed

    0 29940 0 0 0 0 0 0 --:--:-- 0:00:05 --:--:-- 0
    100 29940 100 29940 0 0 5315 0 0:00:05 0:00:05 --:--:-- 89107
    sh: fetch: command not found
    217.16.29.51
    Connecting to icezinhu.by.ru|217.16.29.51|:80... connected.
    HTTP request sent, awaiting response... 200 OK
    Length: 29,940 (29K) [text/plain]

    0K .......... .......... ......... 100% 85.26 KB/s

    22:23:05 (85.26 KB/s) - `2m0rgan.txt' saved [29940/29940]

    % Total % Received % Xferd Average Speed Time Time Time Current
    Dload Upload Total Spent Left Speed

    0 29940 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
    100 29940 100 29940 0 0 46763 0 --:--:-- --:--:-- --:--:-- 72144
    --22:23:08-- http://icezinhu.by.ru/2m0rgan.txt
    => `2m0rgan.txt.1'
    Resolving icezinhu.by.ru... 217.16.29.51
    Connecting to icezinhu.by.ru|217.16.29.51|:80... connected.
    HTTP request sent, awaiting response... 200 OK
    Length: 29,940 (29K) [text/plain]

    0K .......... ..sh: fetch: command not found
    ........ ......... 100% 68.22 KB/s

    utime(2m0rgan.txt.1): No such file or directory
    22:23:08 (68.22 KB/s) - `2m0rgan.txt.1' saved [29940/29940]

    % Total % Received % Xferd Average Speed Time Time Time Current
    Dload Upload Total Spent Left Speed

    0 29940 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
    14 29940 14 4344 0 0 13136 0 0:00:02 --:--:-- 0:00:02 49931
    100 29940 100 29940 0 0 50765 0 --:--:-- --:--:-- --:--:-- 86531
    sh: fetch: command not found
    --22:23:23-- http://icezinhu.by.ru/2m0rgan.txt
    => `2m0rgan.txt'
    Resolving icezinhu.by.ru... 217.16.29.51
    Connecting to icezinhu.by.ru|217.16.29.51|:80... connected.
    HTTP request sent, awaiting response... 200 OK
    Length: 29,940 (29K) [text/plain]

    0K .......... .......... ......... 100% 84.51 KB/s

    22:23:23 (84.51 KB/s) - `2m0rgan.txt' saved [29940/29940]

    sh: print: command not found
    % Total % Received % Xferd Average Speed Time Time Time Current
    Dload Upload Total Spent Left Speed

    0 29940 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
    100 29940 100 29940 0 0 52831 0 --:--:-- --:--:-- --:--:-- 88842
    sh: fetch: command not found
    --22:23:27-- http://icezinhu.by.ru/2m0rgan.txt
    => `2m0rgan.txt'
    Resolving icezinhu.by.ru... --22:23:31-- http://icezinhu.by.ru/2m0rgan.txt
    => `2m0rgan.txt'
    Resolving icezinhu.by.ru... 217.16.29.51
    Connecting to icezinhu.by.ru|217.16.29.51|:80... connected.
    HTTP request sent, awaiting response... 200 OK
    Length: 29,940 (29K) [text/plain]

    0K .....217.16.29.51
    Connecting to icezinhu.by.ru|217.16.29.51|:80... ..... ....connected.
    HTTP request sent, awaiting response... ..200 OK
    Length: 29,940 (29K) [text/plain]

    0K ...... .............. ........ 100% 49.71 KB/s

    22:23:32 (49.71 KB/s) - `2m0rgan.txt' saved [29940/29940]

    ..... ....sh: print: command not found
    ..... 100% 86.93 KB/s

    22:23:32 (86.93 KB/s) - `2m0rgan.txt' saved [29940/29940]

    % Total % Received % Xferd Average Speed Time Time Time Current
    Dload Upload Total Spent Left Speed

    0 29940 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
    100 29940 100 29940 0 0 52761 0 --:--:-- --:--:-- --:--:-- 89373
    sh: fetch: command not found
    % Total % Received % Xferd Average Speed Time Time Time Current
    Dload Upload Total Spent Left Speed

    0 29940 0 0 0 0 0 0 --:--:-- 0:00:08 --:--:-- 0--22:23:41-- http://icezinhu.by.ru/2m0rgan.txt
    => `2m0rgan.txt.1'
    Resolving icezinhu.by.ru... 217.16.29.51
    Connecting to icezinhu.by.ru|217.16.29.51|:80... connected.
    HTTP request sent, awaiting response...
    100 29940 100 29940 0 0 3492 0 0:00:08 0:00:08 --:--:-- 88318
    200 OK
    Length: 29,940 (29K) [text/plain]

    0K .......... .......... ......... 100% 56.97 KB/s

    utime(2m0rgan.txt.1): No such file or directory
    22:23:41 (56.97 KB/s) - `2m0rgan.txt.1' saved [29940/29940]

    % Total % Received % Xferd Average Speed Time Time Time Current
    Dload Upload Total Spent Left Speed

    0 29940 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
    100 29940 100 29940 0 0 45555 0 --:--:-- --:--:-- --:--:-- 70947
    sh: fetch: command not found
    sh: fetch: command not found
    Can't open perl script "2m0rgan.txt": No such file or directory.
    Use -S to search $PATH for it.
    --22:24:10-- http://icezinhu.by.ru/2m0rgan.txt
    => `2m0rgan.txt'
    Resolving icezinhu.by.ru... 217.16.29.51
    Connecting to icezinhu.by.ru|217.16.29.51|:80... connected.
    HTTP request sent, awaiting response... 200 OK
    Length: 29,940 (29K) [text/plain]

    0K .......... .......... ......... 100% 68.89 KB/s

    22:24:11 (68.89 KB/s) - `2m0rgan.txt' saved [29940/29940]

    sh: print: command not found
    % Total % Received % Xferd Average Speed Time Time Time Current
    Dload Upload Total Spent Left Speed

    0 29940 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
    100 29940 100 29940 0 0 40538 0 --:--:-- --:--:-- --:--:-- 59053
    sh: fetch: command not found
    --22:24:14-- http://icezinhu.by.ru/2m0rgan.txt
    => `2m0rgan.txt'
    Resolving icezinhu.by.ru... 217.16.29.51
    Connecting to icezinhu.by.ru|217.16.29.51|:80... connected.
    HTTP request sent, awaiting response... 200 OK
    Length: 29,940 (29K) [text/plain]

    0K .......... .......... ......... 100% 37.83 KB/s

    22:24:15 (37.83 KB/s) - `2m0rgan.txt' saved [29940/29940]

    % Total % Received % Xferd Average Speed Time Time Time Current
    Dload Upload Total Spent Left Speed

    0 29940 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
    33 29940 33 10136 0 0 25252 0 0:00:01 --:--:-- 0:00:01 59274
    100 29940 100 29940 0 0 45618 0 --:--:-- --:--:-- --:--:-- 70281
    sh: fetch: command not found
    --22:26:05-- http://icezinhu.by.ru/2m0rgan.txt
    => `2m0rgan.txt'
    Resolving icezinhu.by.ru... 217.16.29.51
    Connecting to icezinhu.by.ru|217.16.29.51|:80... connected.
    HTTP request sent, awaiting response... 200 OK
    Length: 29,940 (29K) [text/plain]

    0K .......... .......... ......... 100% 85.12 KB/s

    22:26:05 (85.12 KB/s) - `2m0rgan.txt' saved [29940/29940]

    sh: print: command not found
    % Total % Received % Xferd Average Speed Time Time Time Current
    Dload Upload Total Spent Left Speed

    0 29940 0 0 0 0 0 0 --:--:-- 0:00:05 --:--:-- 0
    100 29940 100 29940 0 0 5385 0 0:00:05 0:00:05 --:--:-- 89107
    sh: fetch: command not found
    --22:26:19-- http://icezinhu.by.ru/2m0rgan.txt
    => `2m0rgan.txt'
    Resolving icezinhu.by.ru... 217.16.29.51
    Connecting to icezinhu.by.ru|217.16.29.51|:80... connected.
    HTTP request sent, awaiting response... No data received.
    Retrying.

    --22:26:53-- http://icezinhu.by.ru/2m0rgan.txt
    (try: 2) => `2m0rgan.txt'
    Connecting to icezinhu.by.ru|217.16.29.51|:80... connected.
    HTTP request sent, awaiting response... 200 OK
    Length: 29,940 (29K) [text/plain]

    0K .......... .......... ......... 100% 84.94 KB/s

    22:26:54 (84.94 KB/s) - `2m0rgan.txt' saved [29940/29940]

    % Total % Received % Xferd Average Speed Time Time Time Current
    Dload Upload Total Spent Left Speed

    0 29940 0 0 0 0 0 0 --:--:-- 0:00:05 --:--:-- 0
    86 29940 86 26064 0 0 4670 0 0:00:06 0:00:05 0:00:01 74896
    100 29940 100 29940 0 0 5364 0 0:00:05 0:00:05 --:--:-- 85787
    sh: fetch: command not found
    connect: Connection refused at 2m0rgan.txt line 450.
    connect: Connection refused at 2m0rgan.txt line 450.
    connect: Connection refused at 2m0rgan.txt line 450.
    connect: Connection refused at 2m0rgan.txt line 450.
    connect: Connection refused at 2m0rgan.txt line 450.
    connect: Connection refused at 2m0rgan.txt line 450.
    connect: Connection refused at 2m0rgan.txt line 450.
    connect: Connection refused at 2m0rgan.txt line 450.

  2. #2

    Padrão Re: Possível Falha de segurança

    Ta mais pra um usuário tentando baxar um bot de irc feito em perl do que uma falha de seguranca....
    sei nao, mas se vc eh desse admins paranoicos existe um modo como blokear url através de uma substring dessa url.
    ou seja, vc pode bloquear o download desse arquivo blokeando url q contenham a string 2m0rgan por exemplo

    espero ter ajudado, ateh mais

  3. #3

    Padrão Re: Possível Falha de segurança

    Isso pareçe-me um Log do wget... e nao do apache..
    contudo é possivel que isso seja um worm a tentar instalar um bot ou uma backdoor...
    e bloquear a URL n serve de nd.. pq se ele já está a tentar instalar algo, é pq já entrou, agr o resto é análise...
    vê se n tens algum site/aplicação vulneravel..
    99% das vezes costuma ser devido á má programação dos sites dos nossos clientes..
    eu mesmo tenho todos os clientes com um php.ini mto restrito, pq sei que muitos deles cometem erros gravissimos na programaçao dos seus sites, e quem leva por tabela é o meu servidor..
    muitas paginas web sofrem de bugs de "include".. ve se nao é isso...
    e outra coisa.. faz um chmod 700 ao wget, ao fecth, ao lynx , ao curl.. e ao perl...
    e aconselho te a estares atento a qualquer movimento suspeito
    Um abraço.

  4. #4

    Padrão Re: Possível Falha de segurança

    cara...

    vc pode testar este servidor com o nessus, se houver alguma falha de segurança o mesmo irá te informar, e ainda te fornece como resolver

    valeu

  5. #5
    firehands
    Visitante

    Padrão Re: Possível Falha de segurança

    Lamento informar, nessus não vai adiantar.

    O bot do morgan é um script em perl que varre o google atrás de falhas de PHP-INJECTION. Quando encontra uma máquina com a vulnerabilidade ele utiliza os comandos, wget , lwp-download, curl, fetch (bsd), e lynx para ser baixado para a maquina. Uma vez dentro da maquina ele passa a ser mais uma maquina zumbi. Seu problema é facil de resolver. Desabilite o passtrhu, o shell_exec, system() do php.ini.
    Espero ter ajudado.
    Qualquer coisa me procure no msn. [email protected]

    Abraço

  6. #6

    Padrão Re: Possível Falha de segurança

    interessante saber disso...

    como não tenho muita experiência com servidor apache, essa iformação pra mim foi útil

  7. #7

    Padrão Re: Possível Falha de segurança

    Exacto... tal como eu suspeitava...
    acessem o site e vejam

    http://icezinhu.by.ru/2m0rgan.txt

    o codigo do worm...
    Realmente colega, o seu problema é mm na configuraç\ao do PHP...
    como eu tinha dito, os nossos servidores acabam em levar por tabelam devido á má programação dos nossos clientes..
    fique atento..