I just installed the LookingGlass for testing and noticed that MTR and ping are not working, Host and Traceroute are working fine. I tried making changes to Ping function to below:

return $this->procExecute('ping --help', $host);

It didn't returned anything either. null reponse.

Also, file permissions are fine and there is no error log.

Any idea?

this version supports work with Nokia?

Create a class to eliminate abuse of network commands.

• SQLite for storage of IP's (Can be loaded into memory on popular looking glasses)
• Define max queries per hour/per IP
• Ability to disable protection

Hide directory listsing of "LookingGlass/" by placing a blank index.html there

For those who host their test files behind SSL or gzip, sparse files can be compressed giving the illusion of a "quicker than possible speed".
To alleviate this problem, offer an alternative way to create test files:

head -c 100MB /dev/urandom > 100MB.test

Instead of a sparse file (empty file) via DD, head will create a file populated file via urandom.
The result is a file which shouldn't be compressible.

Add a warning for file creation time:
It takes roughly 30 seconds to create a 100 MB file.

Version 1.3.0

In index.php

`

<!--[if lt IE 9]>
  <script src="http://html5shim.googlecode.com/svn/trunk/html5.js"></script>
<![endif]-->

`

File already unavailable.

I have LG installed on Ubuntu 14.04, Nginx and using PHP FPM.

All is working apart from the rate limiting does not seem to take effect. The SQL lite database does not appear to be filling with data. No errors are reported in the error log.

ii php5-common 5.5.9+dfsg-1ubuntu4.14 amd64 Common files for packages built from the php5 source
ii php5-fpm 5.5.9+dfsg-1ubuntu4.14 amd64 server-side, HTML-embedded scripting language (FPM-CGI binary)
ii php5-json 1.3.2-2build1 amd64 JSON module for php5
ii php5-mysql 5.5.9+dfsg-1ubuntu4.14 amd64 MySQL module for php5
ii php5-sqlite 5.5.9+dfsg-1ubuntu4.14 amd64 SQLite module for php5

First off, I love the project - I've seen many great implementations of this across the web.

For my feature request, I'd love to see a Docker container that can be spun up that has all necessary prerequisites installed and set to go with Nginx, etc. It is a great way for users to check out LookingGlass quickly and easily, and would be ideal for folks like me who are running Docker in homelabs. The image could be hosted at https://hub.docker.com/.

Add a dropdown for multiple locations.

configure.sh:

• User defines a group name. E.g. "North America"
• Sub-locations are then added with a location and url
• ** Loop for multiple groups

default port is 80, how to change port?

Hello there @telephone , This is Luis one of the previous and only accepted commits. I have been reached out by many for updates regarding looking glass and have helped a few setup to get it working on newer setups. Would you be able to assign me as an admin or code contributor in permissions so that i may be able to review and accept pull requests and bring the code up to date with modern technologies. I could fork off instead as well if your willing to link me as the most up to date fork in the readme and archive this project. Im more than willing to admin you to said fork.

Hello everyone,

Someone using this script get a real time ping response, while in my server when i run the ping and click RUN TEST i have to wait till all 5-6 columns are filled to display the results... My main question is, how to when i try to ping an ip to get real time ping response like

response1
response2
response3 etc
Without having to wait till the response is completed.

Sorry for my bad english..

ping and host are working. But traceroute and mtr are giving blank response.

Any help on how I can solve the issue?

The config script completed without any error/warning. Server is cPanel/Cloud Linux 6

Expand the Your IP Address with perhaps the following function

function getRealIpAddr()
{
if (!empty($_SERVER['HTTP_CLIENT_IP'])) //check ip from share internet
{
$ip=$_SERVER['HTTP_CLIENT_IP'];
}
elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) //to check ip is pass from proxy
{
$ip=$_SERVER['HTTP_X_FORWARDED_FOR'];
}
else
{
$ip=$_SERVER['REMOTE_ADDR'];
}
return $ip;
}


add bgp route and bgp summary similar to http://lg.he.net/

Upon hitting runtest it does not work and displays the same page in the embedded ajax call

Screenshot: https://dl.dropbox.com/u/5866286/looking_glass_issue.png

Hi, i just install LookingGlass v1.3.0. I want to apply rate limiting of network command, but im not success. All features is running successfully, and there is no error in apache log.
When i try to check ratelimit.db using sqlite, i can't see any record that has been inserted. So i think that is the reason of rate limit is not work. Please help to resolve it. Thank you in advance

https://github.com/telephone/LookingGlass#nginx

The following link is dead.
http://www.tautt.com/best-nginx-configuration-for-security/?from=@

https://i.imgur.com/mgOGIbu.png

How to uninstall lookingglass?
Thanks!!!

Traceroute and host features work without any problems, but ping and mtr features do not work. It returns 200 over the network, but I can't see any results on the screen.

[root@lg-tr httpd]# uname -a
Linux lg-tr.hostname.com 3.10.0-1160.80.1.el7.x86_64 #1 SMP Tue Nov 8 15:48:59 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux

[root@lg-tr httpd]# php -v
PHP 5.4.16 (cli) (built: Apr  1 2020 04:07:17)
Copyright (c) 1997-2013 The PHP Group
Zend Engine v2.4.0, Copyright (c) 1998-2013 Zend Technologies
    with Zend OPcache v7.0.5, Copyright (c) 1999-2015, by Zend Technologies

Hello everyone
I have ssh authorization, as in the LG enter login and password?

Hi there,

Just tried to install this on a fresh CentOS 7.6 server with Apache + PHP 7.1

The GUI loads fine, however, the 'Run Test' button does nothing and the Apache error log shows:

Example: 8.8.8.8 > PING > Run Test ;

[Mon Nov 04 10:32:32.835920 2019] [php7:notice] [pid 8707] [client x.x.x.x:64865] PHP Notice:  Array to string conversion in /var/www/html/ajax.php on line 44, referer: http://x.x.x.x/
[Mon Nov 04 10:32:32.836287 2019] [php7:notice] [pid 8707] [client x.x.x.x:64865] PHP Notice:  Undefined property: Telephone\\LookingGlass::$Array in /var/www/html/ajax.php on line 44, referer: http://x.x.x.x/
[Mon Nov 04 10:32:32.836519 2019] [php7:error] [pid 8707] [client x.x.x.x:64865] PHP Fatal error:  Uncaught Error: Function name must be a string in /var/www/html/ajax.php:44\nStack trace:\n#0 {main}\n  thrown in /var/www/html/ajax.php on line 44, referer: http://x.x.x.x/

Could anyone offer any advice on this please?

Thanks!

C.

Ability to set --address for MTR.
Allows the user to route packets through specific interfaces (route mapping).

If --address is defined, then create/show a new dropdown when MTR is chosen.

In main configuration file, list each network command with default parameters.

This will allow users to add/edit parameters for network calls.
E.g. rds100 from LET and "-A" option for traceroute.

Enable IPv6 to be passed through "Host" call.

This method of escaping host IPs is pretty scary:

    // sanitize + remove single quotes
    $host = str_replace('\'', '', filter_var($host, FILTER_SANITIZE_URL));
    // execute command
    $process = proc_open("{$cmd} '{$host}'", $spec, $pipes, null);

Per the PHP docs:

FILTER_SANITIZE_URL -> Remove all characters except letters, digits and $-_.+!*'(),{}|^~[]`<>#%";/?:@&=.

The majority of those characters have no business being in a domain name/IP address. I'd suggest checking the host against FILTER_VALIDATE_IP instead... if that doesn't validate, pass it to gethostbyname and use whatever that returns.

Using escapeshellarg instead of just '{$host}' would also be a good move.

I don't see an obvious exploit for this, but that code really stands out to me as suspicious.

After successful install, it seems that i cannot execute ping from the server,

i enter the ip, and then press run test, it says loading for a brief moment, and nothing comes in the result box

Has anyone had any luck with installing on gentoo? I was able to get the script installed but only traceroute executes. It fails to trace but atleast gives an output.

Also has version 2.0 been abandoned? Noticed it was never finished and demo doesnt work.

There needs to be a method for detecting the operating system, as some program tools have different flags or are missing flags that others may have.

For example LookingGlass does not work out of the box with FreeBSD, you have to change some of the command syntaxes.

Help configure Apache for LG, installed a script, I can not start the web

Unable to access the site The web page at https://localhost/ may be temporarily unavailable or constantly moved to a new address.
ERR_TUNNEL_CONNECTION_FAILED

Hello,

i have installed the script on a VPS with CentOS 8, but all Network tests are not working...after display "loading" on the button, theres comes not result.

Just installed and can't ping, traceroute or anything to do with that area.
Fatal error: Uncaught Error: Function name must be a string in /ajax.php:44 Stack trace: #0 {main} thrown in /ajax.php on line 44
Line 44 of ajax.php reads;
$output = $lg->$_GET['cmd']($_GET['host']);

Regards

Just pulled the latest version and reinstalled it, Keep getting "Configuration variable/s missing. Please run configure.sh" I've done the configure.sh setup.

Since this is designed for a server-type operating system, installing mtr-tiny on Debian would prevent pulling in ~38 dependancies. This looks like it would require another fixup if loop in the setup script.

I'm not sure if packages on RHEL based systems have a similar option, or if theirs is similar to mtr-tiny to begin with.

Hello

I've installed this software but it seems incompatible with PHP 7.2 on Ubuntu 18.04

Any ideas ?

this is the error:

PHP message: PHP Notice: Undefined property: Telephone\LookingGlass::$Array in /xxx/public_html/ajax.php on line 44
PHP message: PHP Fatal error: Uncaught Error: Function name must be a string in /xxx/public_html/ajax.php:44

Include multiple themes that can be applied through configure.sh.
Have a preview url available during setup.

Warning:  Unexpected character in input:  '\' (ASCII=92) state=1 in /home/xxxxxxxxx/public_html/speedtest/ajax.php on line 46



Parse error:  syntax error, unexpected T_STRING in /home/xxxxxxxxx/public_html/speedtest/ajax.php on line 46

Screenshot: https://dl.dropbox.com/u/5866286/looking_glass_issue2.png

root@lg:~# service nginx restart
Restarting nginx: nginx: [emerg] "fastcgi_busy_buffers_size" must be less than the size of all "fastcgi_buffers" minus one buffer in /etc/nginx/nginx.conf:73
nginx: configuration file /etc/nginx/nginx.conf test failed

I get this when I add the nginx changes as described https://github.com/telephone/LookingGlass#nginx

my php.conf file

root@lg:~# cat /etc/nginx/php.conf
# Route all requests for non-existent files to index.php
location / {
        try_files $uri $uri/ /index.php$is_args$args;
}

# Pass PHP scripts to php-fastcgi listening on port 9000
location ~ \.php$ {

        # Zero-day exploit defense.
        # http://forum.nginx.org/read.php?2,88845,page=3
        # Won't work properly (404 error) if the file is not stored on
        # this server,  which is entirely possible with php-fpm/php-fcgi.
        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi
        # on another machine.  And then cross your fingers that you won't get hacked.
        try_files $uri =404;

        include fastcgi_params;

        # Keep these parameters for compatibility with old PHP scripts using them.
        fastcgi_param PATH_INFO $fastcgi_path_info;
        fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

        # Some default config
        fastcgi_connect_timeout        20;
        fastcgi_send_timeout          180;
        fastcgi_read_timeout          180;
        fastcgi_busy_buffers_size    256k;
        fastcgi_temp_file_write_size 256k;
        fastcgi_intercept_errors    on;
        fastcgi_ignore_client_abort off;
        fastcgi_pass 127.0.0.1:9000;

    # Append the following for https://github.com/telephone/LookingGlass
    fastcgi_buffer_size   1k;
    fastcgi_buffers       128 1k;
    fastcgi_max_temp_file_size 0;
    gzip off;

}
# PHP search for file Exploit:
# The PHP regex location block fires instead of the try_files block. Therefore we need
# to add "try_files $uri =404;" to make sure that "/uploads/virusimage.jpg/hello.php"
# never executes the hidden php code inside virusimage.jpg because it can't find hello.php!
# The exploit also can be stopped by adding "cgi.fix_pathinfo = 0" in your php.ini file.

Hello,
Functions like ping for example accept two arguments, how would you pass those to the web-interface. There is no extra text field to put those.

public function ping($host, $count = 4)

Please assist,
Regards,
Jongi

Hey,
I installed LookingGlass and now when i click on runtest i see running text but now Result why
Please help
Best Regards
Michi

I would appreciate it if you added paping as an option to your looking glass, as not everything replies to icmp and being able to ping a TCP port is very handy. You can find it here, you just download a single executable it's really easy. https://code.google.com/p/paping/

helo
i hope looking glass will have feature to do speedtest.. not from client to LookingGlass server.. but from LookingGlass to another ip address outside.

Installed on CentOS 6 with PHP 5.3.25 using Apache 2.2.15.

'host' and 'traceroute' commands give results just fine. However 'mtr' and 'ping' commands, don't. The results box is displayed almost immediately after pressing the button but it is empty. I would expect an error message...

Both utilities are also normally installed:

[root@host lg]# l /usr/sbin/mtr ; l /bin/ping
-rwsr-xr-x. 1 root root 59384 Aug 17 2010 /usr/sbin/mtr
-rwsr-xr-x. 1 root root 40760 Jun 5 13:39 /bin/ping

Any ideas on how to debug this further?

Thanks in advance.

hello,

I've installed LookingGlass and installation went smooth, however when ever I input an IP and click run test it says loading for a half a second then goes back to run test and never provides any results.

I found an old issue suggesting to change to php 5.4 which i did. I've also tried php 7. I'm not sure what I'm missing any help would be greatly appreciated.

Hi mate!

Your app suffer from a Cross-site Scripting (XSS) issue.
File: index.php
Line: 62
Vuln:

You should clean the inputs prior to print them to screen.

Cheers!

I made a fresh install from 1.2.0 -> 1.3.0 and from Ubuntu 14.04 -> 16.04.
On the old server everything was fine.
Now, on the new Ubuntu, both LG versions doesn't works and I don't know why.
when I click on "Run Test" nothing happens.
Yes, I followed the config.sh -> "Installation is complete"
Running on apache 2.4.

http://lg.yonathan.com.br

Based on the code in LookingGlass.php, part of the validation process is to reject RFC1918 (private, ex 10.x.x.x. 192.168.x.x, etc.) IP space, but after the validIP function fails, an IP address can be allowed through the validURL function. I added some code in the validURL function to catch an IP address that sneaks through the validIP function. Only a private IP would get this far, so any IP address is rejected.

private function validUrl($url)
{
    // check for http
    if (stripos($url, 'http') === false) {
        $url = 'http://' . $url;
    }
    // validate url
    if (filter_var($url, FILTER_VALIDATE_URL)) {
        // parse url for host
        if ($host = parse_url($url, PHP_URL_HOST)) {
            //check if an IP address made it this far and fail validation (useful for filtering out private space)
            if (filter_var($host, FILTER_VALIDATE_IP)) {
                return false;
            }
            //otherwise return just the host (not full url)
            return $host;
        }
        return $url;
    }
    return false;
}