You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
What your are doing to stop symlink attack on your server?
- Thread starter Bullten
- Start date
handsonhosting
New member
Can you post to an article regarding the symlink attack? How new is this sort of attack? Is it something that standard security takes care of?
If you can post details on how the attack happens, then more people can be educated on the vulnerability and resolutions.
If you can post details on how the attack happens, then more people can be educated on the vulnerability and resolutions.
Well this is most wide spread attack on linux web server where a shared web hosting owner can launch this attack to read the configuration file or any file of other web host owners at same server. When you are using suphp it doent allow users to see what is out side of their directory limit . To overcome that limit, this symlink attack is launched by an attacker to read important files without even actually navigating there.
Sure I will make a brief article about that. I thought people are already aware of this.
Sure I will make a brief article about that. I thought people are already aware of this.
coloradojaguar
New member
It would be nice to get some more information from an industry expert on this type of attack. Even if it is brief it could be helpful. There may be awareness of this type of attack but it is hard to keep up with everything that is unleashed these days.
handsonhosting
New member
I guess it depends on the methods used. What was once prevelant back in 2003 and even 2005 attacks were pretty much made impossible due to updates in 2008. The SuPHP was/is a great option for isolating an environment and only allowing users to execute their own files - but standard server security should also be taken so that people can note read/exploit the /etc section of a server for the passwd files and group files.
Cross Site Scripting through Apache/PHP has been pretty much taken care of these days - generating symlinks from a root level would imply a root compromise. Generation of symlink from an individual account level should never be able to access outside of their user account level - ever.
Cross Site Scripting through Apache/PHP has been pretty much taken care of these days - generating symlinks from a root level would imply a root compromise. Generation of symlink from an individual account level should never be able to access outside of their user account level - ever.
DunamisHosting
New member
I am curious to know how things like these got started, why must people go and hack things. What good really comes from it all?
Supporters
Dedicated Servers
Enterprise Dedicated Servers - Intel/AMD EPYC & RYZEN -
100% Uptime 24/7 Support
hostround.com
Enterprise Dedicated Servers - Intel/AMD EPYC & RYZEN -
100% Uptime 24/7 Support
hostround.com
Save 37% Off Plesk License
Official Plesk Partner, Instant License Delivery, No Contract Commitment. Grab Your Savings NOW!
cplicense.net
Official Plesk Partner, Instant License Delivery, No Contract Commitment. Grab Your Savings NOW!
cplicense.net
Up to 30% Off on KVM VPS
Significant discounts on KVM VPS SSD. Worldwide Locations. Full Root Access. Instant Deployment.
greenwebpage.com
Significant discounts on KVM VPS SSD. Worldwide Locations. Full Root Access. Instant Deployment.
greenwebpage.com
-
HostingDiscussion
A community for web hosting professionals and enthusiasts, since 2002.
-
QUICK NAVIGATION
Forums
Hosting News
Submit a news tip
-
USER MENU
Rules
Account details
Members