The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Customer has access to all domain logs ??

Discussion in 'General Discussion' started by tmellon, Jan 23, 2003.

  1. tmellon

    tmellon Well-Known Member

    Joined:
    Aug 15, 2001
    Messages:
    64
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Sarasota, FL
    I was just talking to one of my customers, and he told me that he logged into the ftp account to access his logs... and all the logs to every domain/account on the server was there.

    Using this ftp addy:
    ftp://username_logs:password@ftp.domain.com/ftp.domain.com-ftp_log

    And if you use a FTP program, you have access to all the logs on the server.

    This can't be too good.

    Good to have the customer be able to access his logs... but not good to access everyone else's (privacy, etc). :\
     
  2. hormigo

    hormigo Well-Known Member

    Joined:
    Sep 9, 2002
    Messages:
    108
    Likes Received:
    0
    Trophy Points:
    16
    same problem with my server
     
  3. dgbaker

    dgbaker Well-Known Member
    PartnerNOC

    Joined:
    Sep 20, 2002
    Messages:
    2,578
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Toronto, Ontario Canada
    cPanel Access Level:
    DataCenter Provider
    Yes you can see the logs but in no way should the user be able download them they should get a 550 error access denied.

    Check the permissions on the logs,
    the domain access logs should be chmod 0640
    and should have chown root:userid
     
  4. silvernetuk

    silvernetuk Well-Known Member

    Joined:
    Sep 2, 2002
    Messages:
    311
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    United Kingdom
    HI,

    Has this always been like this, if not does anyone know when they changed it as I end up CHMOD the domlogs folder.

    Regards,
    Garry
     
  5. JustinK

    JustinK Well-Known Member

    Joined:
    Sep 4, 2001
    Messages:
    251
    Likes Received:
    0
    Trophy Points:
    16
    It's been like that for awhile now:
    http://forums.cpanel.net/read.php?TID=4475
     
  6. Juanra

    Juanra Well-Known Member

    Joined:
    Sep 22, 2001
    Messages:
    777
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Spain
    From the changelog:

    Sun Dec 1 13:47:38 EST 2002
    5.x Build#80
    ---------------------------------------------------------------

    added security for apache logs
    ---------------------------------------------------------------

    (that's 5.3.0 build 80). As dgbaker said, they shouldn't be able to download the logs if your Cpanel build is newer than this.
     
Loading...

Share This Page