The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

security problem - need help asap

Discussion in 'Security' started by Silvernet_UK, Nov 28, 2002.

  1. Silvernet_UK

    Silvernet_UK Member

    Joined:
    Aug 9, 2002
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    1
    Hi,

    I have been told about a 2 secuirty problems/holes on my dedi server I am running cpanel/whm 5.3-R56

    These are the problems

    I can see a list of all the domains we host, and I can view all the access logs for them and so can my clients when ftp'ing using USERNAME_logs. How do I stop this from displaying all the logs and just the logs for the user?

    I can also been told that a user can see that on there domain there's an open directory called /java-sys/ . How do I close/lock this dir from displaying it the user ftp account?

    Regards,
    Garry
     
  2. silvernetuk

    silvernetuk Well-Known Member

    Joined:
    Sep 2, 2002
    Messages:
    311
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    United Kingdom
    Hi,

    I have found out that the /java-sys/ folder is displayed when anyone type in http://www.domain-name.com/java-sys/ and it displays the dir listings, both Class and Java files anyone please help I need this sorted asap.

    Regards,
    Garry
     
  3. dgbaker

    dgbaker Well-Known Member
    PartnerNOC

    Joined:
    Sep 20, 2002
    Messages:
    2,578
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Toronto, Ontario Canada
    cPanel Access Level:
    DataCenter Provider
    [quote:c360537f7c][i:c360537f7c]Originally posted by silvernetuk[/i:c360537f7c]

    Hi,

    I have far found out that the /java-sys/ folder is displayed when anyone type in http://www.domain-name.com/java-sys/ and it displays the dir listings, both Class and Java files anyone please help I need this sorted asap.

    Regards,
    Garry[/quote:c360537f7c]

    Put a .htaccess file in the directory /usr/local/cpanel/java-sys with the following in it

    Options -Indexes
     
  4. silvernetuk

    silvernetuk Well-Known Member

    Joined:
    Sep 2, 2002
    Messages:
    311
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    United Kingdom
    Hi,

    Thank you for that, what about the other problem with the logs ?

    Regards,
    Garry
     
  5. silvernetuk

    silvernetuk Well-Known Member

    Joined:
    Sep 2, 2002
    Messages:
    311
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    United Kingdom
    Hi,

    I do not mean to be thick but how do I put the .htaccess in that folder this is the first time I have every had a dedi server and I know very little SSH could you do me a guide please ?

    Regards,
    Garry
     
  6. silvernetuk

    silvernetuk Well-Known Member

    Joined:
    Sep 2, 2002
    Messages:
    311
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    United Kingdom
    how do I make .htaccess file

    Hi,

    I understand I have to log into root then type

    cd /usr/local/cpanel/java-sys

    but how do I put/make the .htaccess file ?
    and then I put Options -Indexes in the .htaccess file

    But how do I make the .htaccess file from fresh or how do I edit it if it already there ?

    Regards,
    Garry
     
  7. dgbaker

    dgbaker Well-Known Member
    PartnerNOC

    Joined:
    Sep 20, 2002
    Messages:
    2,578
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Toronto, Ontario Canada
    cPanel Access Level:
    DataCenter Provider
    You can use vi or pico.

    In that directory type pico

    Type in the info you want.

    Hi ctrl+x then type yes
    type in the filename .htaccess

    Done
     
  8. Silvernet_UK

    Silvernet_UK Member

    Joined:
    Aug 9, 2002
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    1
    Hi David,

    Thank you for that, very much appreciated :)

    Regards,
    Garry
    Silvernet UK Ltd.
     
Loading...

Share This Page