#1  
Old 24th August 2008, 07:40
davood00 davood00 is offline
Junior Member
 
Join Date: Aug 2008
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
Default Limit PHP execution in folders

Hello to all,
I'm new in this forum and this is my first post.

I have a question.
I have a site which it's domain is example.com, and there are some users that have mail and ftp access on this site. With FTP, they can upload files near website's PHP files, so they can run PHP scripts. For some reasons, I cannot turn Safe_Mode on (and I hate it too!), and because all users and main website pages are in a same VHost, I think suPHP or suExec can not secure website pages from malicious users. So, I decided to limit execution of PHP scripts in the main website folder by doing something like this in httpd.conf:
Code:
<Directory /home/web/web1/web>
AddType application/x-httpd-php .php .php3 .php4 .php5
</Directory>
And I've removed the AddType line in the main section of VHost directive. Looks like I've succeeded to prevent users running PHP scripts, But I'm not sure whether this way is right or not, and I don't know if any security issues remain.
Can anyone help me and tell me the right way and other security issues which may be persist?
Excuse me for my long story!
Reply With Quote
Sponsored Links
  #2  
Old 24th August 2008, 17:15
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,814
Thanks: 821
Thanked 5,340 Times in 4,189 Posts
 
Default

Please enable chrooting in proftpd conf as described in the perfect setup guides, then none of your other FTP users except of the admin user is able to upload any files to the web directory,
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
ffmpeg Video support for ubuntu 7.10 [suphp-ispconfig] amaurib Installation/Configuration 13 16th February 2010 17:26
Freebsd 6.1 support misterm Installation/Configuration 10 9th April 2009 09:29
ispconfig php 5 errors itamarjp Installation/Configuration 8 25th April 2008 10:20
network issues now it says "401 The web site is blocked by administrator" Check General 3 26th February 2008 14:22
Apache2 Freezes celtic Server Operation 31 28th May 2007 17:18


All times are GMT +2. The time now is 04:32.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.