Apache symlink issue - vulnerable installations

You are here: Index > Softaculous Auto Installer > General Support > Topic : Apache symlink issue - vulnerable installations

Threaded Mode | Print

Apache symlink issue - vulnerable installations (4 Replies, Read 2452 times)

random	# February 3, 2013, 6:18 pm
Group: Member Post Group: Newbie Posts: 3 Status:	Hi, Unfortunately, a vulnerability in Apache web servers means that a hacker who has managed to gain access to an account on a shared server can then gain access to all the files in all the other accounts on that server. More info on this vulnerability can be found at http://forums.cpanel.net/f185/how-prevent-creating-symbolic-links-non-root-users-202242.html This vulnerability is being exploited by hackers to gain access to the configuration files of popular applications such as Wordpress and Joomla. One way to partially protect these applications is to change the permission given to their configuration files from 0644 to 0600. Would Softaculous be willing to add a function in the settings to make it so that a hosting company can decide that all the configuration files for all applications are always set with a permission of 0600 when the server is making use of SuPHP? This has already been implemented by one of your major competitor and would be an essential benefit from a security point of view. Failing to do so means that any installation set-up via Softaculous can be more easily compromised. Thanks Pascal
IP: --

Apache symlink issue - vulnerable installations

Brijesh	# February 4, 2013, 5:48 am \| Post: 1
Group: Softaculous Team Post Group: Super Member Posts: 5805 Status:	Hi, Sir we already have this option to CHMOD the Config files as set by the Admin. Admin can set the permission hey want to be for the Config files. Go to Softaculous Admin panel -> Settings set the value in the field "CHMOD Config Files" and click on "Edit Settings" button. ----------------------- Webuzo - Multi User Hosting Control Panel AMPPS - Best WordPress/PHP/MySQL development tool
IP: --

Apache symlink issue - vulnerable installations

random	# February 4, 2013, 6:09 am \| Post: 2
Group: Member Post Group: Newbie Posts: 3 Status:	Hi, That is excellent. Good to know Softaculous is pro-active when it comes to security. Thank you. Pascal
IP: --

Apache symlink issue - vulnerable installations

random	# February 4, 2013, 8:21 am \| Post: 3
Group: Member Post Group: Newbie Posts: 3 Status:	Just one more question, if this setting is set to 0600, will it change the permissions for the configuration files of previously installed software when the users upgrade to the latest versions via Softaculous?
IP: --

Apache symlink issue - vulnerable installations

Brijesh	# February 4, 2013, 8:26 am \| Post: 4
Group: Softaculous Team Post Group: Super Member Posts: 5805 Status:	Hi, No sir it will only change for the new installations. ----------------------- Webuzo - Multi User Hosting Control Panel AMPPS - Best WordPress/PHP/MySQL development tool
IP: --

« Previous Next »

Threaded Mode | Print

Jump To :

Users viewing this topic
	1 guests, 0 users.

All times are GMT. The time now is May 7, 2025, 8:39 pm.

Powered By AEF 1.0.8 © 2007-2008 Electron Inc.

Queries: 10 | Page Created In:0.032