The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Banning [moved]

Discussion in 'General Discussion' started by yukisho, Sep 21, 2005.

  1. yukisho

    yukisho Member

    Joined:
    Nov 14, 2004
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Banning

    I am being hosted by a friend and I have cpanel. I need to know how I can ban users from uploading gzip and gz files.
     
  2. yukisho

    yukisho Member

    Joined:
    Nov 14, 2004
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    No one? Hmmm. I see so you don't know how to work your own product. Wow, never thought I would see the day.
     
  3. dalem

    dalem Well-Known Member
    PartnerNOC

    Joined:
    Oct 24, 2003
    Messages:
    2,577
    Likes Received:
    40
    Trophy Points:
    48
    Location:
    SLC
    cPanel Access Level:
    DataCenter Provider
    the reason you have not had any responses is you are a little vauge with your question
    and the forums are for server administrators that run their own web servers with cpanel/whm ISTALLED. The question you asked would be best asked if you asked your web Host thats what you pay them for
     
  4. jogjabox

    jogjabox Member

    Joined:
    Aug 16, 2005
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    1
    What is 'your users" meant? You can prohibit thru your web application, but not to user who upload thru FTP
     
  5. yukisho

    yukisho Member

    Joined:
    Nov 14, 2004
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    I appologize for my rude comment. Brought my work life into my personal life. But I know I should ask my host. I did but he has no clue. Ok this is the whole story:

    A friend of mine had a very popular website. Someone uploaded a .gz file that had a trojan and he took over his account and removed everything. Well I am hosting him now but I don't want that to happen again. So I need to find a way to not allow any .gz .gzip files on my account. I am not sure if that is something cpanel can do, or if that is something a .htaccess code could do. Again I am sorry for my rude comments earlier.
     
  6. webignition

    webignition Well-Known Member

    Joined:
    Jan 22, 2005
    Messages:
    1,880
    Likes Received:
    0
    Trophy Points:
    36
    From what you say, it sounds like a gzipped file was somehow placed in the server's /tmp directory and then executed from there, probably by means of a known exploit in a web application such as phpBB.

    Your concern here is NOT gzipped files - these being legitmately uploaded in any form or fashion will not present you with any problems.

    The problem here is server security. In short, potentially vulnerable web applications should always be updated where possible to the latest known version and various pretty standard steps should be taken to prevent anything being executed from /tmp, or /var/tmp, that should not be.

    If you don't want a repeat of the previous issue, speak to your host about ensuring that the server on which the account is located is sufficiently hardened against such exploits.
     
  7. yukisho

    yukisho Member

    Joined:
    Nov 14, 2004
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    I kind of thought that would be your answer. Thanks, and btw they use vbulletin. Not sure about any exploits with it since they are upgrading from 3.0.7 to 3.0.9 today. So hopefully the exploit will be removed with 3.0.7. Thanks for all your help.
     

Share This Page