Results 1 to 7 of 7

Thread: root directory browsing

  1. #1
    Join Date
    Jun 2010
    Posts
    74

    Exclamation root directory browsing

    Hello friends!

    I recently have tested my server for basic security and found that i can browse my server up to root directory from internet browser, also see tmp directory content and even create files in it, using simple PHP script... this is really bad!!!!

    Imagine that someone hacks my clients web site, he can hack my server too...


    Can any one give me some suggestions on this how to prevent directory browsing and tell all users to stay in there /home directory?


    Best regards,
    B.

  2. #2
    Join Date
    Oct 2004
    Location
    A Coruña, Spain
    Posts
    6,783
    I suggest you to use mod_ruid2 or suPHP for improove security.

    If you are using directadmin control panel there are plent of guides on this forum.

    If you are not, you will need to find out the way to do it on your server.

    Or hire somebody to do the job (me, zeiter, jlasman, smtalk are suggested).

    Regards
    SeLLeRoNe - Andrea Iannucci
    Head of Managed Service - Senior DevOps Engineer
    If you need my support write me an E-Mail to Support@CrazyNetwork.it

  3. #3
    Join Date
    Jun 2010
    Posts
    74

    Thumbs up Replay

    Before i posted my question, i have bee searching trying different thing and got stuck...

    And yes i`m using DirectAdmin and wanted to know how i can do it, but now after u suggested mod_ruid2 or suPHP i will try to fix it, because this came after i upgraded to php 5.3.8 it seems to me, but maybe i`m wrong. In few hours my working day will end and then I`ll start with the fix.

    Maybe u can advice me what to search for on forum to fix this security issue?

  4. #4
    Join Date
    Oct 2004
    Location
    A Coruña, Spain
    Posts
    6,783
    Check this for mod_ruid2: http://www.directadmin.com/forum/sho...light=mod_ruid

    And this for user limitation (access group): http://www.directadmin.com/forum/sho...t=access+group

    Regards
    SeLLeRoNe - Andrea Iannucci
    Head of Managed Service - Senior DevOps Engineer
    If you need my support write me an E-Mail to Support@CrazyNetwork.it

  5. #5
    Join Date
    Jun 2010
    Posts
    74

    Talking

    Quote Originally Posted by SeLLeRoNe View Post
    Check this for mod_ruid2: http://www.directadmin.com/forum/sho...light=mod_ruid

    And this for user limitation (access group): http://www.directadmin.com/forum/sho...t=access+group

    Regards
    Thank you!

    I`ll get back if i get stuck or i succeed one or another way!

  6. #6
    Join Date
    Jun 2010
    Posts
    74

    Question Suceess

    Thank you for your tip!

    Yesterday i have instaled:

    mod_ruid2: http://www.directadmin.com/forum/sho...light=mod_ruid

    and it run almost smooth, after some several not understanding i got it. Only one thing is on question. Why users public_html are with chmod 777 ??? This seem weird.... because i don`t think than this must stay so.

    Any clue?

  7. #7
    Join Date
    Aug 2008
    Posts
    4,695
    You can change the defaults:

    http://www.directadmin.com/features.php?id=961

Similar Threads

  1. root directory
    By gam99 in forum How-To Guides
    Replies: 4
    Last Post: 08-28-2007, 01:57 AM
  2. web root directory?
    By kalaath in forum DirectAdmin General Discussion
    Replies: 4
    Last Post: 05-04-2005, 04:36 AM
  3. How to enable Directory Browsing?
    By modem in forum General Technical Discussion & Troubleshooting
    Replies: 1
    Last Post: 03-15-2005, 05:52 PM
  4. Directory Browsing
    By xcensus in forum System-Level Technical Discussion
    Replies: 7
    Last Post: 08-10-2004, 04:53 PM
  5. Root Directory
    By res00946 in forum User-Level Difficulties
    Replies: 2
    Last Post: 09-04-2003, 03:29 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •