php open_basedir Protection not working???

[Weed]

Okay... this is weird... Someone on my server can actually execute a script calling on another file inside another account...

the Protection is on... and no sites are excluded... how can it possibly still work?

~Weed

 

[Marty]

How are they calling that file? include? or are they just getting the html output of that file?

 

[Weed]

require "";

root path too... not HTTP

 

[Marty]

Okay, that is bad then. I don't know the answer that question.

 

[haze]

Does the users virtualhost entry look correct? What is the ownership of the file that was called? Do you have phpSuExec on?

 

[Weed]

I'm just reformatting... just have to wait for managed.com to get off their asses :S

~Weed

 

[haze]

Why a reformat?

 

[Weed]

Because I don't know what I'm doing :P

I don't know if PHPSuExec is on.. how do I find that out?

~Weed

 

[haze]

Originally posted by Weed
Because I don't know what I'm doing :P

I don't know if PHPSuExec is on.. how do I find that out?

~Weed

If you don't know what it is, chances are you don't have it installed. I certainly hope you aren't hosting any paying clients on this machine, and if you are, I hope they are aware of the fact that you have no idea what you are doing.