Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

security problem - need help asap

Discussion in 'Security' started by Silvernet_UK, Nov 28, 2002.

  1. Silvernet_UK

    Silvernet_UK Member

    Joined:
    Aug 9, 2002
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    151
    Hi,

    I have been told about a 2 secuirty problems/holes on my dedi server I am running cpanel/whm 5.3-R56

    These are the problems

    I can see a list of all the domains we host, and I can view all the access logs for them and so can my clients when ftp'ing using USERNAME_logs. How do I stop this from displaying all the logs and just the logs for the user?

    I can also been told that a user can see that on there domain there's an open directory called /java-sys/ . How do I close/lock this dir from displaying it the user ftp account?

    Regards,
    Garry
     
  2. silvernetuk

    silvernetuk Well-Known Member

    Joined:
    Sep 2, 2002
    Messages:
    311
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    United Kingdom
    Hi,

    I have found out that the /java-sys/ folder is displayed when anyone type in http://www.domain-name.com/java-sys/ and it displays the dir listings, both Class and Java files anyone please help I need this sorted asap.

    Regards,
    Garry
     
  3. dgbaker

    dgbaker Well-Known Member
    PartnerNOC

    Joined:
    Sep 20, 2002
    Messages:
    2,574
    Likes Received:
    3
    Trophy Points:
    193
    Location:
    Toronto, Ontario Canada
    cPanel Access Level:
    DataCenter Provider
    [quote:c360537f7c][i:c360537f7c]Originally posted by silvernetuk[/i:c360537f7c]

    Hi,

    I have far found out that the /java-sys/ folder is displayed when anyone type in http://www.domain-name.com/java-sys/ and it displays the dir listings, both Class and Java files anyone please help I need this sorted asap.

    Regards,
    Garry[/quote:c360537f7c]

    Put a .htaccess file in the directory /usr/local/cpanel/java-sys with the following in it

    Options -Indexes
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. silvernetuk

    silvernetuk Well-Known Member

    Joined:
    Sep 2, 2002
    Messages:
    311
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    United Kingdom
    Hi,

    Thank you for that, what about the other problem with the logs ?

    Regards,
    Garry
     
  5. silvernetuk

    silvernetuk Well-Known Member

    Joined:
    Sep 2, 2002
    Messages:
    311
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    United Kingdom
    Hi,

    I do not mean to be thick but how do I put the .htaccess in that folder this is the first time I have every had a dedi server and I know very little SSH could you do me a guide please ?

    Regards,
    Garry
     
  6. silvernetuk

    silvernetuk Well-Known Member

    Joined:
    Sep 2, 2002
    Messages:
    311
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    United Kingdom
    how do I make .htaccess file

    Hi,

    I understand I have to log into root then type

    cd /usr/local/cpanel/java-sys

    but how do I put/make the .htaccess file ?
    and then I put Options -Indexes in the .htaccess file

    But how do I make the .htaccess file from fresh or how do I edit it if it already there ?

    Regards,
    Garry
     
  7. dgbaker

    dgbaker Well-Known Member
    PartnerNOC

    Joined:
    Sep 20, 2002
    Messages:
    2,574
    Likes Received:
    3
    Trophy Points:
    193
    Location:
    Toronto, Ontario Canada
    cPanel Access Level:
    DataCenter Provider
    You can use vi or pico.

    In that directory type pico

    Type in the info you want.

    Hi ctrl+x then type yes
    type in the filename .htaccess

    Done
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. Silvernet_UK

    Silvernet_UK Member

    Joined:
    Aug 9, 2002
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    151
    Hi David,

    Thank you for that, very much appreciated :)

    Regards,
    Garry
    Silvernet UK Ltd.
     
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice