API tools faq
paste
lyfsy

Stop subdomain PHP scripts from accessing main domain files

lyfsy
Jan 22nd, 2020
274
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.81 KB | None | 0 0
raw download clone embed print report
  1. Stop subdomain PHP scripts from accessing main domain files
  2. Hi, might be a dumb question, but I gave someone subdomain access through FTP. While they can only access their own folder and not any of mine, I realized they could simply have a PHP file that could do anything to my files including delete, make copies, etc. For instance:
  3. ++++++++++++++
  4. list of top cheapest host http://Listfreetop.pw
  5.  
  6. Top 200 best traffic exchange sites http://Listfreetop.pw
  7.  
  8. free link exchange sites list http://Listfreetop.pw
  9. list of top ptc sites
  10. list of top ptp sites
  11. Listfreetop.pw
  12. Listfreetop.pw
  13. +++++++++++++++
  14.  
  15.  
  16. copy("…/file", "file");
  17.  
  18. If they make a PHP file in their folder that does that, it will copy over whatever file they choose in my domain to their folder. Or they could do things like unlink(), etc I realized.
  19.  
  20. Is there a way to stop this script access the subdomain has to my entire site?
  21. You need to run the 2 sites under different users and the site content need to have the correct permissions set. In a normal cpanel server for example, this is not possible without creating 2 cpanel accounts. I ususally recommend that you not put too many domains/sites under one account since it can be a nightmare to sort out if you get hacked. Also I recommend you put important sites in their own accounts.
  22. Hi, thanks for the info. So, basically the safest way would be to pay for a 2nd hosting account for that domain?
  23. Correct. To isolate the sites they need to be using different users at the server / system level and usually that requires two separate hosting accounts. If you have multiple sites that you want in this setup, a reseller account would work and just ignore the reselling features.
  24. -Steven | u2-web@Cooini, LLC - Business Shared Hosting | Isolate sites with Webspaces | Site Builder | PHP-FPM | MariaDB
  25. The most secure way is to divide the sites and scripts to different users. But be sure that files of the main domain aren't used by subdomain or the scripts you are talking about.
  26. I second this, they need to be separate cPanel users not FTP users etc.
  27. The subdomain and the primary domain separation by user is the easiest way in your case
  28. - Leave the main domain with user A.
  29.  
  30. make money zazzle
  31. hosting 90
  32. www.pickalifestyle.com
  33. l'unite hosting
  34. i host you
  35. hosting 1st thanksgiving
  36. zedclick.com
  37.  
  38. - Create user B.
  39. - Transfer the subdomain to user B. Remember to change the owner of the subdomain files to owner B.
  40. Thus, you will not only provide the necessary access to certain files, but also increase the security of all sites. If all sites will be located at one user and one of the sites will be hacked you are likely to have problems on all sites, which makes it difficult to clean up viruses.
  41. https://foxcloud.net/ Data center solutions
  42. Virtual Hosting, VPS, Dedicated servers, Cloud storage, Public Cloud (IaaS)
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!