PHP+cpanel+file permissions problems

[Yukko]

Guys, I'm little unhappy with the serivce! other web hosting companies in my country (Ukraine) works but they are not stable than yours one. I will ask excuses here if someone proves that I'm wrong:
- first of all I noticed that some changes took place in file permissions in home directories. Our CMS written on php NEEDS to write to files, I change it back with cpanel, so, it started to work once again.
- then I noticed that some couple of times I cannot access dynamic pages. I have an error that something is misconfigured on Apache.
- after upgrade or something on your web hosting server which caused the errors described above that I again noticed that file permissions were completely wrong. I tried to change it with my scripts where I had negative results, I tried to change it with cpanel and have no success.

Even more! I'm not happy with PHP security features configured: open base directoty restrictions. Webhosters know how to give people absolute freedom inside their home directories, but don't give them access to the files owned by other people or system files owned by system users.

The website of my client is hosted on server6.specialservers.com

[eUKhost.com]

Your application is creating pages with ownership of nobody in the directories that have permission 777 and you cannot modify permission of pages with ownership of nobody. We change permission on directories with permission of 777 if some spamming scripts or outbound attack scripts get uploaded in those directories as the directories are writable for world and anyone can easily upload bad content in those directories.

We have recently implemented pre.php and mod_security on our servers which wont allow anyone to upload abusive scripts in the directories with 777 permission. You wont face the same problem again in future which you had in past as the recent installation of pre.php and mod_security will take care of banning upload of abusive scripts.

If you come across similar problem in future then please contact our support staff from our helpdesk located at http://support.eukhost.com/

[Yukko]

Quote:

We change permission on directories with permission of 777

Now I get it! You tell to my client that you never change the permissions of the users' files:

Quote:

as we do not play around with clients files

You tell me that you do. where is the truth? Or I don't understand anything?

Quote:

are writable for world

What do you mean by "writable for world"? 777 means that it is writtable by User Group or Other. The permissions 777 can be used for unauthorized writing of the possibly unsecure content only in 2 cases:
1. when upload script doesn't control things, which it handles;
2. when owners of co-hosted on the same webserver websites know the username of the client and have access to File system functions and are not restricted to "jump out" from their home directories. So, they can try to construct direct path to the needed folder or file and try to write to it.
The first case is a completely problem of the client and his software and it should be written in TOS.
The second case is a problem of hoster and it can be solved 100%. When it is solved, then accourding to the point above it is a user's own funeral if somebody hacked his website.

Quote:

We have recently implemented pre.php and mod_security on our servers which wont allow anyone to upload abusive scripts in the directories with 777 permission.

Nice! But I don't think that clients want to know which additional modules you've implemented, they want to have their hosting working. Me and my client also join this club.

BTW
This message I see already for the whole day today, when I try to get dynamic content:

Quote:

Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator, webmaster@mydomain.co.uk and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

My client started to suspect, that I write bad software, I also already started to doubt, but basically, I understood that not only me writes bad software. The authors of phpmyadmin scripts also:

Quote:

Internal Server Error

Unable to open engine binary (php) at cpsrvd.pl line 1182
main::dodoc_cpaneld() called at cpsrvd.pl line 518
main::dodoc() called at cpsrvd.pl line 429

[ledeanio]

Hiya

Just out of interest I have currently been using phpMyAdmin 2-7-0-pl2 on my local server and it is plagued with errors. PhpMyAdmin then quickly released a newer version.

The problem with using PHPMyAdmin is that, like any other open source software, it can have bugs within.

Thankfully, I've noticed that the eUKhost people dont use that version. But I have been careful with phpmyadmin ever since.

Just thought it would be useful to know.

Cheers,
LD