 | View Full Version : Pleskish Dylan 01-04-2001, 09:05 PM Can someone please list 3 domains and their FTP logins (not passwords) sharing the same IP on a server operating Plesk that supports web users. Why? I want to show you something and get your opinion. cbaker17 01-04-2001, 09:41 PM What? I think that about sums it up... Is it just me or is this board getting wierder by the day. webfors 01-04-2001, 11:37 PM Dylan, if you really want people to participate in your experiment, you should be a little more upfront as to what you would like to "show us". :D JTY 01-05-2001, 01:23 AM If I had a server, I wouldn't give out that kind of info unless I knew what you're going to do. Dylan 01-05-2001, 08:34 AM Charles, Do the following with one of your machines. If you have for example: domain1.com, ftp domain1 domain2.com, ftp domain2 domain3.com, ftp domain3 Then in your browser go to domain3.com/~domain1 and domain2.com/~domain3 and so on. Doesn't the outcome worry you? [Edited by Dylan on 01-05-2001 at 07:37 AM] cbaker17 01-05-2001, 12:23 PM Have you reported that to plesk yet?? Chicken 01-05-2001, 12:29 PM I'm not sure what 'it' is exactly but 'it' doesn't sound good. There a few hosts here who run plesk on their servers and I'd email them, but I'm not sure which now. Please email any hosts you come across on the board this URL. I get the feeling they will know what 'it' is. CRego3D 01-05-2001, 12:44 PM I am lost, lack of sleep probably imparing my brain from working, please enlighten me on what are you trying to say cbaker17 01-05-2001, 01:36 PM If you go to a domain hosted on a plesk box and add a ~ (ftp login name) you can see the directory structure including cgi-bin ssl, etc etc Jackson 01-05-2001, 01:37 PM This is a known bug in Apache. I spoke to Plesk, Inc. Tech support and they are working to correct it. brandonk 01-05-2001, 02:12 PM That's really horrible! I just tried it on mine and it worked. So now if someone is running a Plesk server all you have to do is know two domains to access their files for those domains! Brandon Dylan 01-05-2001, 02:27 PM Well at least we have Plesks attention now. I emailed Plesk on the 1st November to report it. They never sent me a reply so I thought I'd find out from this forum whether anybody else knew about it and complained to them. Anybody need shock treatment? CRego3D 01-05-2001, 02:39 PM cbaker17 .. thanks Holy **** .. I don't have a plesk box, but this is serious wow :( Jackson 01-05-2001, 03:59 PM How would I know what the login names for the FTP users are if they were not mine? Is there a way to get a list of logins without having access to the system? Jackson 01-05-2001, 04:01 PM I was considering Plesk but found that this problem exists on my current non plesk Apache servers. Does anyone know a fix for this in Apache? Does having Plesk make this problem any worse? Chicken 01-05-2001, 04:14 PM RaQs don't seem to have the bug. One good thing, heh :) Toons 01-05-2001, 04:53 PM I checked one of our systems, and sure enough the trick works, but no files are displayed due to the way we block certain filemasks anyway, but a couple of minutes delving around http://www.apache.org and I found the fix. Im not sure whether plesk users have direct access to the httpd.conf or not (never used it) In httpd.conf: You need to change: <IfModule mod_userdir.c> UserDir public_html (This line might be different) </IfModule> To: <IfModule mod_userdir.c> UserDir disabled </IfModule> There is further options in userdir if you want to enable it for certain users for whatever reason (we dont need to) For more info : http://httpd.apache.org/docs/mod/mod_userdir.html HTH Regards, Tony Lucas. |