Hello there
I have discovered a security problem with EasyApache 4.
Easyapache 4 + mod_event + suphp
You can switch to another user's account without symlinking with the file manager type shell files, the files in the public_html folder are visible, the files can be downloaded. This is insecure.
Easyapache 3 + mod_prefork + suphp
In this configuration, you can not switch to other accounts without symlink, the files are not displayed. So secure.
What is the problem with Easyapache 4?
EDİT: This problem is happening in the new cPanel installation with the default profile installed.
EDİT2: Convert it to EasyApache 3 and then after convert it back to EasyApache 4, the problem is solved.
What's going on?
I have discovered a security problem with EasyApache 4.
Easyapache 4 + mod_event + suphp
You can switch to another user's account without symlinking with the file manager type shell files, the files in the public_html folder are visible, the files can be downloaded. This is insecure.
Easyapache 3 + mod_prefork + suphp
In this configuration, you can not switch to other accounts without symlink, the files are not displayed. So secure.
What is the problem with Easyapache 4?
EDİT: This problem is happening in the new cPanel installation with the default profile installed.
EDİT2: Convert it to EasyApache 3 and then after convert it back to EasyApache 4, the problem is solved.
What's going on?
Last edited: