The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Temp Bug Fix: Users downloading others logs

Discussion in 'General Discussion' started by MattF, Oct 3, 2002.

  1. MattF

    MattF Active Member

    Joined:
    May 5, 2002
    Messages:
    35
    Likes Received:
    0
    Trophy Points:
    6
    Hi folks,

    I wrote this script this morning. It fixes a potential exploit, when you FTP to username_logs@userdomain.com you can download any other users' logs, unless you've manually hacked a solution.

    The script is a PHP script and can be invoked by running 'php ftpbugtempfix' from the shell. This script must be run as root. Do not run from the web-browser.

    I've used it on my server, however it hasn't undergone any official testing and the code is sloppy but gets the job done. You might want to run it once per day or after you add a batch of new users. You may need to restart ProFTPd after its done.

    Please let me know if it fixes the problem for you, I've spent a good few hours debugging the problem and reading up on PHP (again) to throw this script together. So a thanks if it works would make me smile either here or by e-mail matt@spenix.com :)

    http://www.spenix.com/ftpbugtempfix.txt

    USE AT OWN RISK.

    :p (yes the code is sloppy)
     
  2. [Q3]

    [Q3] Member

    Joined:
    Apr 8, 2003
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    Hey Matt,

    Your link is dead. Can you repost the link plz!

    Regards,
     
Loading...

Share This Page