root directory browsing

indexs

Verified User
Joined
Jun 11, 2010
Messages
74
Hello friends!

I recently have tested my server for basic security and found that i can browse my server up to root directory from internet browser, also see tmp directory content and even create files in it, using simple PHP script... this is really bad!!!!

Imagine that someone hacks my clients web site, he can hack my server too... :(


Can any one give me some suggestions on this how to prevent directory browsing and tell all users to stay in there /home directory?


Best regards,
B.
 

SeLLeRoNe

Super Moderator
Joined
Oct 9, 2004
Messages
6,789
Location
A Coruña, Spain
I suggest you to use mod_ruid2 or suPHP for improove security.

If you are using directadmin control panel there are plent of guides on this forum.

If you are not, you will need to find out the way to do it on your server.

Or hire somebody to do the job (me, zeiter, jlasman, smtalk are suggested).

Regards
 

indexs

Verified User
Joined
Jun 11, 2010
Messages
74
Replay

Before i posted my question, i have bee searching trying different thing and got stuck...

And yes i`m using DirectAdmin and wanted to know how i can do it, but now after u suggested mod_ruid2 or suPHP i will try to fix it, because this came after i upgraded to php 5.3.8 it seems to me, but maybe i`m wrong. In few hours my working day will end and then I`ll start with the fix.

Maybe u can advice me what to search for on forum to fix this security issue?
 

indexs

Verified User
Joined
Jun 11, 2010
Messages
74
Suceess

Thank you for your tip!

Yesterday i have instaled:

mod_ruid2: http://www.directadmin.com/forum/sho...light=mod_ruid

and it run almost smooth, after some several not understanding i got it. Only one thing is on question. Why users public_html are with chmod 777 ??? This seem weird.... because i don`t think than this must stay so.

Any clue?
 
Top