I accessed my sit via SSH today, and was kinda surprise to see that I was able to access directory of other clients hosted on the same server.

There were about 100 other clients on the site...i entered each clients public_html folder and was able to view everything as if i was the client.

Although I did no harm to the other clients sites, what if someone else found out about it then go into my account and delete all my files or edit my html pages. (considering theres a hacking site hosted on the same server). I have emailed the admin about this requesting the problem to be fixed.

But my question is..is this how its supposed to be?? clients can just wonder around and view other clients directory and do whatever? I dont think it is..

THis is why ssh should not be allowed. For the most part, there should be no write permmisions, at the most, they can only view, but thats something you may not want them to even do. My recomendation, change hosts, go with plesk cp :)

This has nothing to do with the ability to use SSH.

This is just faulty management. It's perfectly possible to
shield dirs from other users.

Just because they can see the list of files does not mean they can modify it.

How ever, it might not be good for them to list other users files as well as it would not be good for them to read files (such as password files).

Even providers who dont offer SSH should still not allow UserA to read the Home dir of UserB since UserA can write a CGI Script, and list the contents of the files in UserB.

All in all, most administrators who have any unix security knowledge would be smart enough to fix the problem immediately (that is because they left it on by accident of course).

Just because they can see the list of files does not mean they can modify it.

Th files were editable.

I have 2 sites hosted on the same server..i went into my my 2nd site and used pico to edit the html file. and it worked.

Admin knows and he will fix it soon.

dot.K hit the nail on the head - SSH is perfectly safe when managed correctly.
If the host in question uses suitable permissions for the home directory, it's quite easy to restrict a user to their own directory.

Regards
Matt

I dont want to name the host, but they replied saying that if they set ssh permissions, Cpanel will reset to its default settings at the end of everyday, they said its a bug with CPANEL and have emailed cpanel to fix the bug. :confused:

Um.... I've never heard of that bug before and I've worked with cpanel for a long time...

Why does everone blame cpanel!?!?!

Geeze

We use cpanel and never have that problem. You can see the list of sites in /home, but can't enter the directories.

You should get permission denied errors when trying to do this in SSH if your host set this up right.
I've never heard of this bug either.

-Steven

Originally posted by Aplusmedia


Th files were editable.

I have 2 sites hosted on the same server..i went into my my 2nd site and used pico to edit the html file. and it worked.

Admin knows and he will fix it soon.

You can edit it, but you can't save the changes.

You can edit it, but you can't save the changes.

yes i could.

I pico edit a file and saved it.

Originally posted by Aplusmedia


yes i could.

I pico edit a file and saved it.

Odd, could have the file 777 permission?

The problem is that no one really ever makes ssh that safe, of course some do, but more dont.

Name that host :cool:

SSH is just a secure road into an unsecured parking lot.

We talked about this type of problem all last week I believe in this forum and in the Technical and Security forum. Where were you? :)

That host doesn't know what they're doing. If cpanel is the problem (which most are claiming it isn't), they shouldn't use it.