The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Logs files Insecure!?!

Discussion in 'General Discussion' started by rweiss, Dec 21, 2003.

  1. rweiss

    rweiss Well-Known Member
    PartnerNOC

    Joined:
    Aug 31, 2002
    Messages:
    49
    Likes Received:
    0
    Trophy Points:
    6
    Log Files Insecure!?!

    I've verified this with my own cPanel servers as well as those of another company -- when logging in as anyuser_logs via FTP, you have access to log files of all other users.

    Can anyone else confirm?

    cPanel, any plans to fix this?

    Thanks,
    Russ
     
    #1 rweiss, Dec 21, 2003
    Last edited: Dec 21, 2003
  2. markie

    markie BANNED

    Joined:
    Oct 5, 2003
    Messages:
    143
    Likes Received:
    0
    Trophy Points:
    0
    Old story, old news, nothing new, still an issue. Cpanel will never get it together!
     
  3. elleryjh

    elleryjh Well-Known Member

    Joined:
    Apr 12, 2003
    Messages:
    479
    Likes Received:
    0
    Trophy Points:
    16
    ftp domain.com
    User (domain.com:(none)): user1_logs
    ftp> dir
    -rw-r----- 1 0 555 3254 Dec 22 09:01 otherdomain.com

    ftp> get otherdomain.com
    200 PORT command successful
    550 Can't open otherdomain.com: Permission denied

    Sure I can see other users domains, but I can't see their full logs.
     
  4. eXite

    eXite Well-Known Member

    Joined:
    May 16, 2003
    Messages:
    48
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    DataCenter Provider
    But it's not right that the users are able to view how many accounts there are located on the server.

    This is a serious issue and I demand a solution from cPanel. I do not pay up $625/year on a product that is kept with these sorts of security flaws.

    Any comment on this from the cPanel stafF?
     
  5. eXite

    eXite Well-Known Member

    Joined:
    May 16, 2003
    Messages:
    48
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    DataCenter Provider
    I have found that chmod 751 fixes the problem, and ppl can still download their own logs thru cPanel.
     
Loading...

Share This Page