web permissions change

Discussion in 'General' started by aqua, Mar 17, 2008.

  1. aqua

    aqua New Member

    Hello Everyone:

    I am using the latest version of ispconfig. In order to provide an easy way for all my customers to access their email via roundcube mail, I installed this client in my website and symlinked it into each customers /webmail directory, so that they could access their mail just using www.theirdomain.com/webmail

    I woke up this morning and found that whenever i would try to accesses /webmail, apache would give me a 403 error. Upon investigation, I found that the root of my directory, /var/www/web6 was owned by root, and the permissions were set to 700.

    Has anyone else experienced anything else like this with ispconfig?

    I changed the permission back, and everything seems to be working ok.

    Can anyone shed some light on this change?
  2. Hans

    Hans Moderator ISPConfig Developer

  3. aqua

    aqua New Member

    It doesn't seem like it would be something that ispconfig would do (change the owner and permissions of my root web directory)

    So I think i was hacked. The only place that i can think would have been the entry point is my really old Joomla installation. My question is, if someone did get in through that point, would they have access to anything else outside my /var/www/web6?

    /var/www/web6 is owned by usual user (admin)
    and /var/www/web6/web was owned by www-data
  4. aqua

    aqua New Member

    actually turns out ispconfig did change the owner and permissions. My site hit the traffic limit and ispconfig acted as it was supposed to!


Share This Page