Results 1 to 2 of 2
  1. #1

    Disable php/cgi/perl or lock user at homedir


    One of my customers is offering hosting as subdomains for his customers.

    This customer has a normal cPanel account with me. Although he is affraid about security because their users can list his public_html or other users dirs with a script like:

    function gera($nova_pasta){
    $pasta = dir($nova_pasta);
    while (false !== ($this = $pasta->read())){
    $path = $nova_pasta.'/'.$this;
    if ($this != '.' AND $this != '..' AND is_dir($path)){
    echo '' .$nova_pasta.''.$this .'

    He would like to lock users so they cant list public_html and other users dir with a script like the above or disable php/cgi/perl for specific users.
    I have tried the php_flag engine off but I am using suexec + phpsuexec and that wont work with the error:

    Invalid command 'php_flag', perhaps mis-spelled or defined by a module not included in the server configuration

    Do I have any other solution for this ?
    Dedicated Servers, Managed OpenStack Cloud, Colocation and Managed Colocation in Brazil
    Privately owned 10,000 server capacity Data Center

  2. #2
    Join Date
    Mar 2003
    California USA
    have you looked at openbase_dir ?
    Steven Ciaburri | Industry's Best Server Management -
    Software Auditing - 400+ Vulnerabilities Found - Quote @
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts