"owner" ID In Ftp Client -- Security Risk

Mar 25, 2008

I just started using FileZilla Client, as a way of allowing business clients to upload to an ftp account at my website (the ftp account is a subdirectory of my public_html directory, and has its own username and password).

I noticed that, along with other information for each file listed at that subdirectory, FileZilla also posts info on "owner" and "group". It turns out that, for each of these fields, FileZilla displays the username of my entire site -- not the username specifically associated with the particular ftp account to which FileZilla had connected. Thankfully, it doesn't also display the password that goes along with it!

I'm wondering if anyone would know:

- does this constitute a significant security risk?
- is this because of actions on the part of my web host, or because of FileZilla's programming? (ie, would the same thing occur in all ftp clients?)
- if this is a significant security risk, would there be any workaround?

View 14 Replies


ADVERTISEMENT

Security Risk To Share Phpinfo File

Mar 10, 2007

There are always people who would like to know what the php settings are on the server. Is it a security risk to share the phpinfo.php file on a website, with anybody who visits that website, able to view it?

View 4 Replies View Related

Security Risk Having Mbstring And Mysqli Installed On Your Server

Mar 20, 2008

A friend of mine owns a hosting company and a client of his asked to have mbstring and mysqli installed. What he wants to know is , is there any security risks if he does install that on his server?

Also, he wants to know, if there is not, what how does he go about installing that on the server?

View 4 Replies View Related

Hosting & Client-side FTP Upload Security

Feb 27, 2009

My information:
I have my photography site (sfxphoto.com) currently being hosted as my main site (site contents are located inside of the publichtml folder). I also have my photo retouching site (elite-retouch.com) being hosted as a sub-domain under the main site (which has it's own folder inside of the publichtml folder). I'm being hosted through InfluxHost on a Linux server.

My Dilemma:
For the photo retouching site, I want to be able to give my clients their OWN FTP access to a designated potion of the server.

So, lets say my client upload directory is "publichtml/eliteretouch.com/client_ftp". I then want to be able to make a folder for (we'll call him) client_a inside of the "/client_ftp" folder. So the full directory to THAT clients specific folder will be: "publichtml/eliteretouch.com/client_ftp/client_a"

How can I:
1) ...set their specific FTP to open to their directory only?

2) ...ensure that they cannot navigate to other folders on my server?

3) ...make it so that the login information doesn't carry the MAIN site name, but the sub-domain site name instead?

View 7 Replies View Related

Is My Domain Name At Risk

May 28, 2007

my domain name expires in July (within 90 days).

It is currently with company A who charge quite a lot to keep it there. I want to move it to company B who are my hosts and with whom I get 1 free domain name.

One added complication is that the domain is in a friends name, but I have logon and can change name to my own any time I want.

Company B said "After it is on our registrar, you will be the only one that can renew it as long as it doesn't expire for longer than 90 days."

This has me worried that because I haven't renewed it withing 90 days that it can be stolen from me. Have I misunderstood or is this a risk?

If so would I be better advised to renew it in my friends name wth company A?

View 10 Replies View Related

How Big Risk Do I Take If I Don't Update The Kernel?

May 2, 2008

I'm a Windows guy and can little or nothing about Linux. How big risk do I take if I'm using a Linux VPS and never update/patch the kernel?

I'm using CentOS 5 and LxAdmin. I can update the control panel, but I can not update/patch the kernel since I have no knowledge how I do that.

I'm using a unmanaged plan, so no help there.

Some of my sites are running Wordpress, but I'm always using the lates WP installation. I not using any other plugins that WG2, Gallery2, and remove max width.

Nobody except me have access to the VPS, and I have no other FTP accounts or something like that on the VPS.

I have no other scripts or any kind of dynamic pages on my VPS.

What kind of risk do I have here?

I'm currently having plans to cancel my second VPS that's using Win2003, and only use Linux in the future. I can cut my monthly expensive with 50% that way, but do I take a big risk doing it that way?

View 9 Replies View Related

Crypt_blowfish, Any Risk In Installing

Sep 11, 2007

A customer has requested we install a pear package called crypt_blowfish for there website which sells items.

What exactly is it? Is there any risk in installing the extension?

Ive not heard of it myself before

View 4 Replies View Related

Hosting A High Risk Site

Mar 25, 2009

What sort of redundancy that is recommended for a high risk site?

My definition of high risk is it will attract more hackers than usual, more DDOS, chances of blocked by ISP and etc.

View 4 Replies View Related

Moving SSH Back To Port 22 But Will Root Be At Risk

Apr 26, 2008

At present I run SSH on a different port then normal to protect root. This has worked for two years, but with discovering that cPanel finally support SFTP without shell access needed, I want to finally turn off FTP and require SFTP. The problem is the port I am using. Since it's a random port I have been secured against root attacks (well nothing has shown up). I am with LiquidWeb which is fully managed. So I guess they take care of allot of prevention.

This is what I am thinking of doing. move SSH back to port 22 (I only host a few friends sites and want to be hosting 20 accounts by end of year to cover my costs). Then disabled root password and require SSH keys. Would this be strong as secure as running SSH on a high #port or am I fooling myself.

I could also add in for good measure restricting root SSH/SFTP (yes I prefer SFTP for file management as I am legally blind and using Transmit+BBEdit is allot easier for me for editing files). The problem with restricting to certain IP's, is that Shaw charges $30/month more for a static IP and I also am at my moms 25% of the time (and she is also with Shaw). I think the XXXX.vs.shawcable.net is static but I am not 100% sure.

I really do want to kill FTP so that only port 80 is the only non SSL port open.

View 14 Replies View Related

Writing Large Files - Risk Of Damaging Filesystem

Jan 19, 2008

Does writing large files (ie, 10GB backups in one archive) cause any risk of damaging a linux filesystem?

View 1 Replies View Related

Mysql Delayed Writes Performance Boost, Worth The Risk

Jul 19, 2007

During my poking around performance tips I found the DELAY_KEY_WRITE option (and innodb_flush_log_at_trx_commit = 0 for innodb)

which supposedly for mysql will disable the immediate disk flush for every transaction written and instead update only once every second at most?

One thing I've never had to restart on my vps is mysql, it's been great. So is this safe to turn on? Am I risking corruption? Will the performance gain be worth it with only a 16M cache?

View 4 Replies View Related

PC World Article: Reduce Fire Risk - Remove Oxygen [merged]

Mar 19, 2007

I did a quick search on this and could not see it as already being posted

It seems quite a clever but simple idea - remove a lot of the oxygen from the air to help reduce the risk of fire. What do those of you operating your own facilities make of this? Is anyone already doing this?
[url]

View 14 Replies View Related

Plesk Automation :: Postfix CA Bundle File Under PPA - How To Edit Without Risk Of It Being Overwritten

Aug 19, 2013

I see in the maillogs a number of errors lots of different Certificate Authorities - and some I really did NOT expect to see here:

[root@web48002 admin]# grep ' certificate verification failed for' /usr/local/psa/var/log/maillog | wc -l
998
[root@web48002 admin]# grep ' certificate verification failed for' /usr/local/psa/var/log/maillog | head
Aug 19 00:04:45 web48002 postfix/smtp[28115]: certificate verification failed for inbound.hsaforamerica.com.netsolmail.net[206.188.198.64]:25: untrusted issuer /C=US/O=Equifax/OU=Equifax Secure Certificate Authority

[Code] ....

How/where do we edit our CA file under Postfix - and why is the standard one installed by PPA not including some of these VERY MAJOR CAs?!?

I would like instructions on how to edit this in a manner that it will not get overwritten by some PPA update or yum update.

View 3 Replies View Related

Owner 99

Feb 13, 2008

I have a problem in my server I have some files uploaded by uplaod center set owner = 99 not account user

I have open_basdir effect and safe mode on

View 7 Replies View Related

First Time VPS Owner

Nov 27, 2007

I'm currently renting a VPS, fingers crossed everything is running just fine.
A Question i go for you is,

Im Looking at upgrading the mysql on the VPS, as im looking at installing xcache
xcache.lighttpd.net/wiki/Release-1.2.0
Would you say this is a good idea or not, as i've heard that xcache can reduce server loads ?

If you think it is a good idea could you point me in the direction of how to upgrade my mysql, can this be done via WHM?

View 5 Replies View Related

How Change Owner

Jul 17, 2007

How i Can Change Owner to User!

In VPS?

View 3 Replies View Related

32004 Owner Process

Apr 5, 2009

Whats following process (owner: 32004)

18689 32004 0
1.6
0.1 /usr/local/cpanel/3rdparty/bin/php-cgi -c /usr/local/cpanel/3rdparty/etc/phpmyadmin /usr/local/cpanel/base/3rdparty/phpMyAdmin/index.php

View 0 Replies View Related

PHP Permissions (file Owner)

Nov 24, 2008

I have setup an ftp user which can upload files to /home/ftp/upload and obviously it assigns the ftp user as the owner when it uploads. Now, I want PHP to be able to rename those files, but getting a permission denied, presumably because apache aint the owner or doesnt have permission to do that, so how do I grant it the right permission(s)?

View 2 Replies View Related

How To Check If Company DC Owner Or Not

May 5, 2008

Do you know Utropicmedia.net has own datacenter? They seem start offering colocation service

And there are lots of features included. Is it possible to provide without DC?

I'm wondering if they bought DC or they own it for long time or still rent? How to check that?

View 14 Replies View Related

Owner: What Is Your TOS Regarding Unlimited Features

Dec 16, 2008

After my bad experience regarding unlimited features on this link: [url]

I tried to search some of webhosting provider tos regarding their unlimited bandwidth and space. Here one of the tos: (sorry, I hide the name).Unmetered Bandwidth Policy
The purpose of the ********* unmetered bandwidth policy is to assure owners of standard operating web sites and small businesses that they will not be surprise billed for bandwidth usage. It is one less thing someone will need to worry about while hosting their web site at *********. The ********* unmetered bandwidth policy does not cover certain web sites.

These include the following:

* Web Portals/Communities/Forums - Any sites that have members and/or forums.
* Online Gaming - Includes online casinos and single/multiplayer online games.
* Image Galleries - Includes eBay or other online auction image dumps.
* Downloads - Any site that prompts for a download or has large applets.
* Audio/Video - Any streaming content, web-cams or audio/video downloads.
* Chat - Includes PHP and Java chat rooms. CGI-based chat is not allowed on our servers.

If you are planning on using our servers to host one of these sites, ********* will allow for 50 GBs of transfer per month. You will be billed $10.00/10 GBs/mo thereafter.

All other accounts for personal and small business are allowed unmetered bandwidth. If you adhere to our Terms and Conditions of Use Policy and run a standard web site, you will be covered under the unmetered bandwidth policy. (99.9% of all ********* hosted web sites currently qualify for their unmetered bandwidth usage.) Accounts that do not follow our Terms and Conditions of Use policy are classified as metered bandwidth accounts and will be billed accordingly.

Unmetered Web Space Policy
********* customers are privileged to be offered unmetered web space for their sites on certain plans. ********* will start you out with 1000 MBs of space. Once you approach 90% of its use, simply request additional space from Support. ********* will then add another 1000 MBs of space, free of charge. You can continue this process until you no longer require additional space. The intent of ********* is to provide a large amount of web space to serve web documents, not an off site storage area for electronic files or a backup of your PC. Ninety Percent (90%) of your web pages (html, etc.) must be linked with files (.GIF, .JPEG, etc.) stored within your space, hosted on a ********* server.

Web sites that are found to contain either/or no html documents, a large number of unlinked files, will not be offered any additional web space under our Unmetered Web Space Policy.

Read the tos carefully, it can be tricky right? So if your the owner of webhosting provider that give unlimited bandwidth and space.. what is your TOS?

View 9 Replies View Related

Directory Owner/permissions

May 24, 2007

I currently have a WHM/CPANEL VPS and will be running a content managment system that is licensed to manage any domain on the same server.

The CMS essentially builds static webpages for all domains that it manages. The CMS is written in perl and is installed in CGI directory of the " master domain".

I wish to use the CMS in this master domain to control the other domains on the server. Each of the other domains has its own public_html directory and own CPANEL.

Right now, I have to make the public_html directory of my other websites "world writeable" before I build its pages using the CMS. I want to get away from that.

I wish to set up permissions to 755 on each of the public_html directories and still be able to write to those other sites from my master domain's CMS.

View 0 Replies View Related

Rsync Owner/groups

Nov 17, 2007

I've tried just about everything to preserve owner/group using rsync. I've tried running rsync as a daemon, etc.. I user rsync to backup /etc /home etc.. when restoring data I have to change the owner/group for everything this is very time consuming!

View 4 Replies View Related

Chown Not Changing Owner:group

Apr 1, 2008

I have just restored an account to my directadmin box and it appears to have restored with the wrong owner / group.

Easy I thought, a quick 'chmod secure.secure -R *' should crack that but how wrong was I.

After running that I get the error: chown: invalid option -- o

Now - both the user and the group exist, so why won't the files change owner and group?

View 6 Replies View Related

Migrating Cpanel Account To Its Owner

Oct 31, 2008

I am getting problem while migrating cpanel a/c to its owener

I am using master reseller a/c and once I lost control over few cpanel a/c when the my Hosting firm migrate to another IP address.

Now I want to get back to these cpanel a/c in major a/c But it failed..is there another method to get back...

View 7 Replies View Related

Show Current CPU Usage (Owner)

May 16, 2008

OK, seems owner can be seen when api is set to CGI :-)

View 0 Replies View Related

Is Powweb And Dot5hosting Owned By The Same Owner? Or Are They Diffrent?

Apr 11, 2008

I'm looking both at powweb website and dot5hosting and the products page look exactly the same with different colors. Are they owned by different owners, or do do their pages just look the same?

Here are the links ....

View 11 Replies View Related

Upload Files With Wrong Owner And Permission

May 5, 2008

when doing upload file to my server through php srcipt or html. That all getting wrong with owner and file permission.

I thought that something wrong with server configuration like php.ini or apache.

View 6 Replies View Related

Plesk 12.x / Linux :: Reset Owner File Manager

Jan 13, 2015

CentOS 7 64bit + Plesk 12

How can i reset the owner state of the files in file manager. right now some files have the ROOT as owner. I know with DirectAdmin there is a Reset owner feature. But this is cant find in Plesk.

View 3 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved