Jump to content

about Furthur Security Steps

dotcom22

By dotcom22
in Using WHMCS

 Share

Recommended Posts

dotcom22 Member

dotcom22

Posted
Posted

Hi all

 

I want install whmcs right now and before I have read wiki here:

 

http://wiki.whmcs.com/Furthur_Security_Steps

 

It is write if my server run suphp (and it's the case) I don' need to set my folder to 777...So that mean my folder are already writable with 755 permission also for anybody of just for the script ??

 

I need to move this 3 folder "attachments", "downloads" and "templates_c" in home or not ???

 

For what it is folder "template_c" ??? It is empty folder..

 

thanks in advance...

0
Link to comment
Share on other sites
DataHosts Senior Member

DataHosts

Posted
Posted

I need to move this 3 folder "attachments", "downloads" and "templates_c" in home or not ???

 

These folders are withing the WHMCS folder you create

 

 

For what it is folder "template_c" ??? It is empty folder..

This keeps the cache smarty templates. It is empty to start but gets full over time. You will need to delete the files manually ever once in awhile

0
Link to comment
Share on other sites
dotcom22 Member

dotcom22

Posted
  • Author
Posted

thanks for reply...

 

I just need also to understand more what is it suphp... My server run suphp...so for what I understand that mean the more higher permission level allowed are 755 and it will be the same of 777 ? That mean hackers can be able to see and modify files or not ?

 

thanks

0
Link to comment
Share on other sites
HostOrca Senior Member

HostOrca

Posted
Posted (edited)
In essence. Generally when you try and set certain files to 777 and access them - apache will ISE on you.

 

Folders should be 644 and files 755 from what I remember when using suPHP.

 

I think it's the other way around, folders 755, files 644

 

With suphp all scripts run as the account owner, rather than "nobody", so they can write to the folder/files because they "own" them, so only the script can write to the folder/file. Hackers can not.

Edited by HostOrca
0
Link to comment
Share on other sites
XN-Matt Senior Member

XN-Matt

Posted
Posted

Heh.. Indeed that is the wrong way around. I think that must have been a fastest-post-first. :P Whoops ;)

 

With suphp all scripts run as the account owner, rather than "nobody", so they can write to the folder/files because they "own" them, so only the script can write to the folder/file. Hackers can not.

 

Unless you have other scripts within the same user account space (such as a parked/addon/sub domain) that have a vulnerability which could then edit/affect other files with the same UID.

0
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated

  I accept