security openbasedir

[vdgvince]

Hi everybody,

i have had a security leak, and some malicious scripts entered in my code.
due to the openbasedir not secured, they were able to go over all my scripts.

Does anybody know how i can configure directadmin to avoid a script reading the directories from others domains?

thank you!

 

[smtalk]

It should be enabled by default, please check http://www.directadmin.com/features.php?id=817.

 

[vdgvince]

thanks for your answer!

i checked, and i have this :



is this correct according to you?

 

[smtalk]

Yes, it seems that open_basedir protection is on. However, there are other ways to read files outside the user dir. I'd recommend running:

cd /usr/local/directadmin/custombuild
./build update
./build secure_php
service httpd restart

 

[vdgvince]

thanks for the tip.
is this risky on a productive server?

 

[smtalk]

It's not risky if your sites don't use dangerous PHP functions

 

[vdgvince]

it worked i just had to activate safe_mode again but now it's fine!
thanks a lot