MyBB Community Forums

MyBB Community Forums > Community > General Discussion > Security in shared web servers! be careful: everybody can hack your portal and db.
Full Version: Security in shared web servers! be careful: everybody can hack your portal and db.
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

sanbad

2006-07-16, 12:08 PM

Asad_Niazi

2006-07-16, 01:19 PM
This doesn't works on hosts that have taken required security measures. If php's safe mode or php's openbase_dir is in effect, it's nothing to worry about.

sanbad

2006-07-16, 03:21 PM

Asad_Niazi Wrote:This doesn't works on hosts that have taken required security measures. If php's safe mode or php's openbase_dir is in effect, it's nothing to worry about.

Thanks
my server admin said that he set
Quote:safe-mode = off
for default.
and i see phpinfo and
Quote:open_basedir = no value
please answer me: for best security open_basedir = ???
also i hear we can define some php.ini setting only for own hosting paln by .htaccess file.


salam aghaye Asad Niazi
az esme shoma moshakhase ke bayad Irani bashid.
chon tozih be engelisi moshkel hast man be pingilish minevisam:

man webmaster,e chand site hastam. anha az server,haye mokhtalef estefade mikonand:
hostgator , pronethosting va chand hosting,e Irani
man hameye in host,ha ra emtehan kardam.
bazi az portal,ha dar halate
Quote:safe mode = on
va
Quote:register_global = off
kar nemikonnand.
midanam ke baraye amniate host in do gozine mohem ast.

dar morede open_basedir chizi nashnide boodam meghdare an dar php.ini bayad che bashad ta amniat tamin shavad.

hamchenin shanidam mitavan dar .htaccess file , code,hayee vared kard va tanzimate php host ra baraye khodeman taghyeer dahim. dar inbare mitavanid etelaati bedahid? javab be englisi bedahid moshkeli nist.

dar phpinfo hamchenin
Quote: allow_url_fopen = on
aya in tanzim daraye risk hast?

man in ra too forum,haye farsi matrah nakardam, chon too 9 hosting,e Irani azmayesh kardam hamegi in moshkel ra dashtand!!! va khatare hack shodan baraye kheyliha vojood darad!

Asad_Niazi

2006-07-16, 03:34 PM
sorry Alireza, I speak Urdu and english, but not farsi.

In your virtualhost directive in httpd.conf, you can set:

php_admin_value open_basedir /home/username/:/tmp/

sanbad

2006-07-16, 03:48 PM
Excuse me, Mr Niazi and thanks for help.

Ryan Ashbrook

2006-07-21, 12:08 AM
There's always risks from running on a Shared Server.

And several conflicts like people needing certain PHP Configurations and people needing certain MySQL versions and whatnot.
MyBB Community Forums > Community > General Discussion > Security in shared web servers! be careful: everybody can hack your portal and db.