The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

php open_basedir Protection not working???

Discussion in 'General Discussion' started by Weed, Feb 13, 2004.

  1. Weed

    Weed Active Member

    Joined:
    Mar 18, 2003
    Messages:
    28
    Likes Received:
    0
    Trophy Points:
    1
    Okay... this is weird... Someone on my server can actually execute a script calling on another file inside another account...

    the Protection is on... and no sites are excluded... how can it possibly still work?

    ~Weed
     
  2. Marty

    Marty Well-Known Member

    Joined:
    Oct 10, 2001
    Messages:
    630
    Likes Received:
    1
    Trophy Points:
    18
    How are they calling that file? include? or are they just getting the html output of that file?
     
  3. Weed

    Weed Active Member

    Joined:
    Mar 18, 2003
    Messages:
    28
    Likes Received:
    0
    Trophy Points:
    1
    require "";

    root path too... not HTTP
     
  4. Marty

    Marty Well-Known Member

    Joined:
    Oct 10, 2001
    Messages:
    630
    Likes Received:
    1
    Trophy Points:
    18
    Okay, that is bad then. I don't know the answer that question.
     
  5. haze

    haze Well-Known Member

    Joined:
    Dec 21, 2001
    Messages:
    1,550
    Likes Received:
    3
    Trophy Points:
    38
    Does the users virtualhost entry look correct? What is the ownership of the file that was called? Do you have phpSuExec on?
     
  6. Weed

    Weed Active Member

    Joined:
    Mar 18, 2003
    Messages:
    28
    Likes Received:
    0
    Trophy Points:
    1
    I'm just reformatting... just have to wait for managed.com to get off their asses :S

    ~Weed
     
  7. haze

    haze Well-Known Member

    Joined:
    Dec 21, 2001
    Messages:
    1,550
    Likes Received:
    3
    Trophy Points:
    38
    Why a reformat? :confused:
     
  8. Weed

    Weed Active Member

    Joined:
    Mar 18, 2003
    Messages:
    28
    Likes Received:
    0
    Trophy Points:
    1
    Because I don't know what I'm doing :P

    I don't know if PHPSuExec is on.. how do I find that out?

    ~Weed
     
  9. haze

    haze Well-Known Member

    Joined:
    Dec 21, 2001
    Messages:
    1,550
    Likes Received:
    3
    Trophy Points:
    38
    If you don't know what it is, chances are you don't have it installed. I certainly hope you aren't hosting any paying clients on this machine, and if you are, I hope they are aware of the fact that you have no idea what you are doing. :rolleyes:
     
Loading...

Share This Page