Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Thread Tools Display Modes
Old 17th July 2008, 01:57
CubAfull CubAfull is offline
Junior Member
Join Date: Jun 2008
Location: Cuba
Posts: 24
Thanks: 11
Thanked 4 Times in 2 Posts
Question Security risk with suphp? -> ISPConfig?

Hello people
First, I want to give thanks to the developers and the entire community for this excellent control panel and for all their work.

(The problem).
I install satisfactorily ISPConfig 2.2.24 + RAID1 + SUPHP 0.6.3 in Debian Etch following the perfect setup and want to say that everything is working perfectly.
My problem is, If i run this script on my site phpfilemanager http://phpfm.sourceforge.net/, for example http://www.mysite.com/phpfilemanager.php Immediately the script change the CHMOD of the folder webx/web from 755 to 777. Immediately suphp starting to show errors because the folder is writable by other users and the page go to 500 error. This happens without any action inside the script, just typing the address in the browser and loading the script.

I dont have the error as described in the following post with suphp 0.6.3

I think that this is a serious security risk, someone knows how to solve this problem ?

Thank for your time and work.

CUBA. Sorry for my English

Last edited by CubAfull; 17th July 2008 at 05:46.
Reply With Quote
Sponsored Links
Old 17th July 2008, 09:04
Hans Hans is offline
Join Date: Dec 2005
Location: Montfoort, The Netherlands
Posts: 2,263
Thanks: 216
Thanked 649 Times in 295 Posts

This has nothing to do with ISPConfig or suPHP.

Within the Configuration section within the index.php file, which comes with PHP File Manager, you see a line like: @chmod($dir_atual,0777);

So that's the reason that PHP File Manager, changed everything to chmod 777, which is insecure!

To solve your problem, you should change the line @chmod($dir_atual,0777); into @chmod($dir_atual,0755);

MrHostman | Managed Hosting
Reply With Quote
The Following User Says Thank You to Hans For This Useful Post:
CubAfull (19th July 2008)


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Virtual users... Ubuntu 8.04 spaceuser HOWTO-Related Questions 12 19th June 2008 09:04
ISPconfig Dovecot problem dolmax General 2 15th March 2008 14:17
ISPconfig under gentoo - One small problem CeuL Installation/Configuration 1 29th January 2008 20:56
ISPConfig 2.3.2-dev released till General 9 4th June 2007 11:46
ISPConfig DNS/IP problem radof General 15 22nd August 2006 12:54

All times are GMT +2. The time now is 22:06.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.