Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Installation Help
Author Message
gregexp
The Mouse Is Extension Of Arm


Joined: Feb 21, 2006
Posts: 1497
Location: In front of a screen....HELP! lol

PostPosted: Thu Jun 14, 2007 10:42 pm Reply with quote

I understood explicitly. The reason I say all that I have is because there is a problem somewhere else, one that has nothing to do with RavenNuke. This problem shows signs of permissions and ownership issues, this can be a threat.

Let me see if I can explain this a little better.

From FTP, when you make a file, it should be populated with owership of user and group ownership of user, so in ssh it should look like user:user.

This is the normal properties of creating a file from Only registered users can see links on this board! Get registered or login!

This should also be the same when creating a file from the control panel, but if it is as I suspect, one of those is actually being set to nobody when making it from ftp, and from the control panel it is being properly set. This is Just a theory as I dont have access to your server to confirm it. Now, if this is the case, then one of the owners of ALL files being uploaded may be set as nobody, this means php files as well, so there's a problem. Since RavenNuke works, if my theory is correct, user nobody is executable, This is where my problem lies. If user nobody is executable, then a hacker could not only compromise your site but also your server itself.

Try to verify my theory, if its wrong then its something else that I have not thought of right off the top of my head, but if its correct, seek a more secure host, you may find that even though its cheap, you may end up losing your WHOLE site, not just being compromised, In which you can recover from.

The main bases for that theory is that any apache configuration I have seen does not allow configuration files, such as .htaccess to be owned by nobody and therefore throws an error as the one you got.

Check it out, Talk to Raven about hosting. He's an excellent host.

_________________
For those who stand shall NEVER fall and those who fall shall RISE once more!! 
View user's profile Send private message Send e-mail Visit poster's website AIM Address Yahoo Messenger MSN Messenger ICQ Number
fade2gray
Regular
Regular


Joined: Mar 26, 2006
Posts: 87
Location: UK

PostPosted: Fri Jun 15, 2007 12:47 am Reply with quote

Hmmm... despite your efforts to explain, I'm not sure I fully under stand what you mean by ownership being set to nobody.

I use CuteFTP for file transfer and when I upload files and folders, the folders have the attributes rwx---rwx(707) and the files are rw----r--(604). The ownership of these files and folders confuse me as CuteFTP reports a 5 figure number as the owner for all files and folders (the same number for all) - even for those above the public folder except for the logfiles. And that's about all I can tell you except that the .htaccess and .user/pword files produced by my cpanel are created with 604 attributes.

Can you suggest a method to verify whatever you would like me to test?

And no disrespect, but my host provides me a fairly adequate service at the equivalent of around USD6.55 pm (GBP80.00 2yrs) for a package similar to 3/2 except for "unlimited" webspace and bandwidth, unlimited email addresses, immediate no-fee-set-up and 50% discount for (UK)registered charities.
 
View user's profile Send private message Visit poster's website
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Installation Help

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©