/ Register

Join the community today
Register Now

Security File upload exploits?

Discussion in 'System Administration' started by joshuah, Apr 24, 2017.

Previous Thread Next Thread
Loading...
Page 2 of 2
  1. Apr 24, 2017 #21
    joshuah

    joshuah Member

    121
    14
    18
    Apr 3, 2017
    Ratings:
    +17
    Local Time:
    4:52 AM
    I would not be concerned about files being uploaded via FTP being compromised, but rather be concerned about compromised files being uploaded and executed via PHP upload, etc.
     
  2. Apr 24, 2017 #22
    eva2000

    eva2000 Administrator Staff Member

    58,905
    12,490
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +19,122
    Local Time:
    4:52 AM
    Nginx 1.31.x
    MariaDB 10.x/11.4+/12.3+
    That part would be on the web app author and end user keeping up to date the web app/script.
     
  3. Apr 24, 2017 #23
    joshuah

    joshuah Member

    121
    14
    18
    Apr 3, 2017
    Ratings:
    +17
    Local Time:
    4:52 AM
    Yes, true. But at the same time, as system admins you would ideally want to mitigate the risk by ensuring that all users are isolated from eachother.
     
  4. Apr 24, 2017 #24
    eva2000

    eva2000 Administrator Staff Member

    58,905
    12,490
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +19,122
    Local Time:
    4:52 AM
    Nginx 1.31.x
    MariaDB 10.x/11.4+/12.3+
    Yup, if you know how you can implement jailed/chroot users in Centmin Mod or any other LEMP/LAMP stack yourself too. I posted some examples form my adventures at https://community.centminmod.com/threads/jailed-chrooted-sftp-ssh-user-nginx-vhost-menu.8/ for future implementations of chroot/jailed users for Centmin Mod LEMP environments. Just a long way off for now given the amount of beta testing activity and feedback for current 123.09beta01 features etc. Nothing in Centmin Mod isn't added without proper testing and feedback or thought :)
     
    Last edited: Apr 24, 2017
  5. Apr 24, 2017 #25
    Colin

    Colin Premium Member Premium Member

    192
    59
    28
    Oct 7, 2015
    Sheffield UK
    Ratings:
    +154
    Local Time:
    7:52 PM
    1.19.#
    MariaDB 10.1.#
    Probably, not an option and I've lost clients to this policy: refuse to have wordpress on server, any server.

    Servers are so cheap now, why not treat one node per install. You could share the MySQL on one bigger node.

    Static site generators are quite powerful now and it totally depends on your needs/client ability of course. There are many importers from wordpress to, so it 's not like you're starting over, well you are.

    I'm working through one now where a guy spends 400+ on wordpress a year, posts 2 articles a month, and it's down for most of the year as he's not got time to fix it. So it's going static, editing posts using a browser-based interface "cms" to the git repo, on push, git is building and deploying the static pages to a keycdn push zone.
     
  6. Apr 24, 2017 #26
    nfn

    nfn New Member

    29
    0
    1
    Jun 28, 2015
    Ratings:
    +8
    Local Time:
    7:52 PM
    You should never allow script execution in these directories.
    That's asking for troubles.
     
  7. Apr 25, 2017 #27
    elargento

    elargento Member

    353
    18
    18
    Jan 4, 2016
    Ratings:
    +45
    Local Time:
    3:52 PM
    10
    You could try Vesta control panel:
    Vesta Control Panel — Features
     
  8. Apr 25, 2017 #28
    eva2000

    eva2000 Administrator Staff Member

    58,905
    12,490
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +19,122
    Local Time:
    4:52 AM
    Nginx 1.31.x
    MariaDB 10.x/11.4+/12.3+
  9. Apr 25, 2017 #29
    elargento

    elargento Member

    353
    18
    18
    Jan 4, 2016
    Ratings:
    +45
    Local Time:
    3:52 PM
    10
  10. May 1, 2017 #30
    joshuah

    joshuah Member

    121
    14
    18
    Apr 3, 2017
    Ratings:
    +17
    Local Time:
    4:52 AM
    Agreed!! :)
     
Previous Thread Next Thread
Loading...
Page 2 of 2

.