[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

advice request for shared hosting and security issue


I have a Debian Squeeze web server running PHP-FPM, fastcgi with apache2. I used dotdeb sources to install php-fpm and fastcgi. There are many vhosts defined on them, each has their own pool configuration and working without problems.

My current problem is about the PhpSpy program. It is a PHP file that runs dir, chdir, readdir commands and let the user traverse the file system and read files. I couldn't figured it out a solution for it.

I used chroot option at the pool configuration which didn't worked. It seems there is a but with Apache2 and Fastcgi usage. I enabled suexec also which didn't helped.

I can try to disable opendir, chdir commands globally then some php files under vhost directories will be broken.

What is the solution? Should i set chroot? If so how? Any working combination will be great for Debian Squeeze.

I will be appreciated if there is an easier solution also.

Below include the detail conf files and my question i asked to stackoverflow:

Will be great if someone help.


Oğuz Yarımtepe

Reply to: