Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

php open_basedir Protection not working???

Discussion in 'General Discussion' started by Weed, Feb 13, 2004.

  1. Weed

    Weed Active Member

    Joined:
    Mar 18, 2003
    Messages:
    28
    Likes Received:
    0
    Trophy Points:
    151
    Okay... this is weird... Someone on my server can actually execute a script calling on another file inside another account...

    the Protection is on... and no sites are excluded... how can it possibly still work?

    ~Weed
     
  2. Marty

    Marty Well-Known Member

    Joined:
    Oct 10, 2001
    Messages:
    630
    Likes Received:
    1
    Trophy Points:
    318
    How are they calling that file? include? or are they just getting the html output of that file?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. Weed

    Weed Active Member

    Joined:
    Mar 18, 2003
    Messages:
    28
    Likes Received:
    0
    Trophy Points:
    151
    require "";

    root path too... not HTTP
     
  4. Marty

    Marty Well-Known Member

    Joined:
    Oct 10, 2001
    Messages:
    630
    Likes Received:
    1
    Trophy Points:
    318
    Okay, that is bad then. I don't know the answer that question.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. haze

    haze Well-Known Member

    Joined:
    Dec 21, 2001
    Messages:
    1,550
    Likes Received:
    3
    Trophy Points:
    318
    Does the users virtualhost entry look correct? What is the ownership of the file that was called? Do you have phpSuExec on?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. Weed

    Weed Active Member

    Joined:
    Mar 18, 2003
    Messages:
    28
    Likes Received:
    0
    Trophy Points:
    151
    I'm just reformatting... just have to wait for managed.com to get off their asses :S

    ~Weed
     
  7. haze

    haze Well-Known Member

    Joined:
    Dec 21, 2001
    Messages:
    1,550
    Likes Received:
    3
    Trophy Points:
    318
    Why a reformat? :confused:
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. Weed

    Weed Active Member

    Joined:
    Mar 18, 2003
    Messages:
    28
    Likes Received:
    0
    Trophy Points:
    151
    Because I don't know what I'm doing :P

    I don't know if PHPSuExec is on.. how do I find that out?

    ~Weed
     
  9. haze

    haze Well-Known Member

    Joined:
    Dec 21, 2001
    Messages:
    1,550
    Likes Received:
    3
    Trophy Points:
    318
    If you don't know what it is, chances are you don't have it installed. I certainly hope you aren't hosting any paying clients on this machine, and if you are, I hope they are aware of the fact that you have no idea what you are doing. :rolleyes:
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice