Menu
Community /Pin to ProfileBookmark
@NogDogJul 13.2006 — #I would think the best way would be by setting up an access control list (ACL) on the user's root directory. However, I don't think ACL is implemented on all flavors of UNIX, so it might not be applicable in your case. @NogDogJul 13.2006 — #On second thought, I'm not sure ACL would make a difference, since you would have to give access to whatever account the webserver uses to process your scripts. It would, however, make it harder for other users on the server to find out what your directory names are. Hmm...interesting question that I might have to do more research on. And of course, if someone hacks into the system as a root user, you're screwed no matter what you do.
In case it's an FTP attack, you might check to see if there's a way to limit FTP access via IP address or such. I know there's some file you can set in a user's directory to control FTP access, but I don't recall exaclty which one (something like .ftprc I think?).
Sorry for rambling...it's been a few years since I dealt with these things in any detail. @NogDogJul 13.2006 — #Nothing that I'm aware of, which has me curious and doing some Googling, because that seems like a security hole that should be addressed somewhere....
File uploads… Unix permissions.
On a Unix box, in order to upload files to a certain directory it must have at least 707 permissions. In that state what stops other parties that share the server writing to that directory. The server is not running any open_base_directory restrictions (according to phpinfo).
Sign in
to post a comment10 Comments(s) ↴
0
@NogDogJul 13.2006 — #0
@NogDogJul 13.2006 — #In case it's an FTP attack, you might check to see if there's a way to limit FTP access via IP address or such. I know there's some file you can set in a user's directory to control FTP access, but I don't recall exaclty which one (something like .ftprc I think?).
Sorry for rambling...it's been a few years since I dealt with these things in any detail.
0
@NogDogJul 13.2006 — #