Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Script uploaded to account concerns

Discussion in 'CloudLinux' started by Steini Petur, Dec 22, 2017.

  1. Steini Petur

    Steini Petur Active Member

    Joined:
    Apr 24, 2016
    Messages:
    26
    Likes Received:
    2
    Trophy Points:
    3
    Location:
    Iceland
    cPanel Access Level:
    Root Administrator
    Hey guys,

    So I have put everything I can think of to protect our server

    * CageFS enabled in CloudLinux
    * CFS
    * Apache mod directory protection
    * PHP Basedir
    * Follow Symlink if Owner matches
    * Disable_functions list "show_source, system, shell_exec, passthru, exec, popen, proc_open"

    And so many things, but when we run this - Removed - which someone planted in our server as a user, they can still VIEW things outside their /home, they can't upload or edit but they can sure as hell view it but not in the /home, the /home dir they can only see their own account but can go around and see things which is "root:root"

    I uploaded example of this, but of course blackened out any sensitive data, anyone that can assist me in getting this fixed. I refuse to believe cPanel has no fix for this since SELinux can't be just enforced.

    I find it highly inappropriate a client can plant a .php file there and start rummaging around our /root.
     

    Attached Files:

    #1 Steini Petur, Dec 22, 2017
    Last edited by a moderator: Dec 22, 2017
  2. Steini Petur

    Steini Petur Active Member

    Joined:
    Apr 24, 2016
    Messages:
    26
    Likes Received:
    2
    Trophy Points:
    3
    Location:
    Iceland
    cPanel Access Level:
    Root Administrator
    UPDATE:

    After thorough inspection, he can't do much he can't edit any files really he can view very few files but the idea of him being able to just in general see outside his /home/user/ directory is just unnerving
     
  3. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,585
    Likes Received:
    439
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    You should change any passwords you might have used with this script on an account just to be safe. Some? of them do phone home when run as you have here by opening it.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. Steini Petur

    Steini Petur Active Member

    Joined:
    Apr 24, 2016
    Messages:
    26
    Likes Received:
    2
    Trophy Points:
    3
    Location:
    Iceland
    cPanel Access Level:
    Root Administrator
    I haven't used anything, I just clicked the URL as the user, and browsed around. I just see I can go out of the cPanel environment to the /root and see some stuff, I can not view but fraction of the files. What worries me is that in the first place cPanel doesn't have this secured, and I have CloudLinux and CageFS.

    I just don't like that he can at all go outside /home/user.. even if he cant plant change write download any files, he can only see files and filenames and only open a fraction of them using this.

    No passwords to change as I haven't logged anything. I havent written a password once.
     
  5. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,442
    Likes Received:
    1,962
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    This is normal due to the nature of how the filesystem works on Linux. Note that while you may be able to view some directories outside of /home, all account-specific data should be restricted (e.g. no valuable data is available to end-users).

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice