Thread: PHP+cpanel+file permissions problems
View Single Post
  #3 (permalink)  
Old 20-05-2006, 17:51
Yukko Yukko is offline
Junior Member
  
Join Date: May 2006
Posts: 2
Send a message via ICQ to Yukko
Default
Quote:
We change permission on directories with permission of 777
Now I get it! You tell to my client that you never change the permissions of the users' files:
Quote:
as we do not play around with clients files
You tell me that you do. where is the truth? Or I don't understand anything?

Quote:
are writable for world
What do you mean by "writable for world"? 777 means that it is writtable by User Group or Other. The permissions 777 can be used for unauthorized writing of the possibly unsecure content only in 2 cases:
1. when upload script doesn't control things, which it handles;
2. when owners of co-hosted on the same webserver website hostings know the username of the client and have access to File system functions and are not restricted to "jump out" from their home directories. So, they can try to construct direct path to the needed folder or file and try to write to it.
The first case is a completely problem of the client and his software and it should be written in TOS.
The second case is a problem of hoster and it can be solved 100%. When it is solved, then accourding to the point above it is a user's own funeral if somebody hacked his website hosting.

Quote:
We have recently implemented pre.php and mod_security on our servers which wont allow anyone to upload abusive scripts in the directories with 777 permission.
Nice! But I don't think that clients want to know which additional modules you've implemented, they want to have their hosting working. Me and my client also join this club.

BTW
This message I see already for the whole day today, when I try to get dynamic content:
Quote:
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator, webmaster@mydomain.co.uk and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
My client started to suspect, that I write bad software, I also already started to doubt, but basically, I understood that not only me writes bad software. The authors of phpmyadmin scripts also:
Quote:
Internal Server Error

Unable to open engine binary (php) at cpsrvd.pl line 1182
main::dodoc_cpaneld() called at cpsrvd.pl line 518
main::dodoc() called at cpsrvd.pl line 429
Reply With Quote