logo
Welcome Guest! To enable all features please Login or Register.

Notification

Icon
Error

Options
Go to last post Go to first unread
ChaoticSilence  
#1 Posted : Thursday, January 19, 2006 1:55:04 PM(UTC)
ChaoticSilence
Rank: Administration

Reputation:

Groups: Administration, Member
Joined: 12/29/2005(UTC)
Posts: 275
Man

We have many users on our servers who allow uploads in one form or another, from the users who browse their sites. It is to be remembered that by default all folders have execute permissions what that means is that if you are not doing any checking on the file types being uploaded to your webspace you are in for a site defacement. Anyone could then upload an asp/php etc file and play with files in your webspace.

Follow the following to steps if you want to increase security for upload folder(s)

1. Do some kind of file type checking, only allow what is required.

2. Open a ticket with us with the following information

Domain Name:
Uploads Folder:

And ask the tech to remove execute permissions from that folder through IIS.

Good Luck!
Lcosta  
#2 Posted : Thursday, January 19, 2006 9:32:16 PM(UTC)
Lcosta
Rank: Newbie

Reputation:

Groups: Member
Joined: 1/10/2006(UTC)
Posts: 3
Location: UK-Portugal

Nasir, just a tought of a new guy why you don´t do the other way round...



No permission on ALL and if custumor needs send ticket requesting to enable that, or give us the chance oif turn up or off
ChaoticSilence  
#3 Posted : Thursday, January 19, 2006 9:52:53 PM(UTC)
ChaoticSilence
Rank: Administration

Reputation:

Groups: Administration, Member
Joined: 12/29/2005(UTC)
Posts: 275
Man

Well if there are no execute permissions at all then you will not be able to run anything at all and for every new site you will have to open a ticket, frustration all around :)

The second idea is very good of allowing the customers to do it but again this thing is limited by the control panel that we are using, it does not allow the customers to do that.

So the best solution that came to my mind was to ask the customers if they want extra security just open a ticket and we are fast at tickets arent we :)
Users browsing this topic
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.