AI Zone Admin Forum Add your forum
PHP client interface problems
 
 
  [ # 31 ]

I feel I should mention - port 1024 is commonly taken up by very bad criminals on windows machines.  It’s the first address in the ‘free port range’, i.e. ports from 1-1023 are reserved for the system, things like dns, http, etc that run as the system user.  ports 1024- above are for everyone else to use.  So 1024 is common for viruses and trojans as the first probably free port.

If the symptoms are that port 1024 is taken but other ports work and you can’t explain it, i.e. you don’t know the legitimate process that is using that port - 1024 may being used by a virus or trojan or some other bad actor.

 

 
  [ # 32 ]

That’s a good point, Todd, but there are ways to find out what’s taking up that port on a windows OS. I just had to do exactly that sort of investigation on my development machine because something had hijacked port 80, causing my Apache server to fail to start. Long story short, the latest update for Windows 10 reconfigured the HTTP service to actively start listening to that port, causing my Apache server (which starts later in the boot process) to be unable to do so. It took a bit of research to find this out, some of which covered exactly what you’re referring to.

 

 
  [ # 33 ]

For windows the best tool to figure out what process is holding what port open ( or accessing a file, etc ) is from the microsoft sys internals toolset. 

https://technet.microsoft.com/en-us/sysinternals/bb896653.aspx


If you are on a real os like linux or macOS you can just run ‘lsof’ in the terminal.  ;P

 

 
  [ # 34 ]
Todd Kuebler - Apr 15, 2017:

If you are on a real os like linux or macOS you can just run ‘lsof’ in the terminal.  ;P

Um… Ow?

dysfunctional as it is, Windows qualifies as a “real” OS. *nix/mac may have their advantages, and I have a great deal of respect for them, but most of the games I play aren’t available on other operating systems. raspberry

 

 
  [ # 35 ]
Gilles Bogaert - Apr 2, 2017:

Hi Everyone,

Sorry to re-open this thread, but I was not sure where else to ask my question.

I have the following configuration: my website on one server with its own external IP and the CS server on another server with another IP.
In order to secure the transmission between the two, I would like to use SSL tcp. I read the manual regarding the CS server. I understood from the manual that the local encryption is not native, but does the CS server accepts SSL TCP? I tried but was not successful.

Is there another way to protect the content of the transmission?

Thanks a lot for your help!
Gilles

To answer your question Gilles:

The Chatscript server is a TCP socket only server - and doesn’t have support for ssl.  I would imagine you would have to do two things:

1)  Wrap the tcp in some proxy service that adds ssl and configure your network and/or firewall to ensure the chatscript tcp port can’t be reached directly by the client.  Here is one description of how to do that using NGIX:

https://www.nginx.com/resources/admin-guide/tcp-load-balancing/
  plus this: 
https://www.nginx.com/resources/admin-guide/nginx-tcp-ssl-termination/

There are many other ways to do this, like stunnel, or various wrappers, etc. I’m just posting an example that doesn’t require hacking and recompiling chatscript.

2)  write a client that supports ssl to connect to it.

 

 
  [ # 36 ]

Ah. Thanks, Todd. I didn’t see that post for some reason. that explains your post a bit more. smile I have nothing to contribute to Gilles question at this point, so I’ll go back into lurk mode.

 

 
  [ # 37 ]

The more I think about this one the more I’m convinced stunnel is probably what you are looking for:

https://www.suse.com/communities/blog/stunnel-securing-insecure-ssl-and-creating-ssl-tunnels/
or
https://www.digitalocean.com/community/tutorials/how-to-set-up-an-ssl-tunnel-using-stunnel-on-ubuntu

It’s available for windows too if you must, but comes on most unix distros already.  (mac users can get it with homebrew or compile from source per unix instructions ).

https://www.stunnel.org/features.html

 

 
  [ # 38 ]

Hi Todd,

Thanks a lot for answer and for your help. (Me too, as Dave, I did not see your answers directly. I only saw it yesterday.)

stunnel would be perfect. However, my front-end is on a mutualized webserver. I only have php, python available on it, and I cannot install stunnel or other tools.

I am thinking to create a php page on that webserver that curl into a webhook on my server where ChatScript is installed, creating a self-signed ssl certificate so that I use the inherent http encryption. I did a lot of research but cannot find something else that. (I am relatively novice) What do you think?

Thanks again for your help. Higly appreciated.

Cheers,
Gilles

 

 
  [ # 39 ]

Do you have access to python or php ssl client libraries?  If so you can just run stunnel in front of your chatscript server and then connect via ssl/tcp socket to it from your php/python.  ( http://www.devdungeon.com/content/how-use-ssl-sockets-php )

 

 
  [ # 40 ]

Hi Todd,
Sorry for the late reply. I finally had to use sockets as I did not have the right libraries available on the host. I did not want to have a separate php server running on my machine and I preferred to use my local webserver (as a server…); I ended up mimicking the Facebook webhook. Everything works now and it is pretty well secured.
Thanks a lot for your help.

 

 < 1 2 3
3 of 3
 
  login or register to react