Howto Security Fix ispCP 1.0.5 - Printable Version +- ispCP - Board - Support (http://www.isp-control.net/forum) +-- Forum: ispCP Omega Development Area (/forum-1.html) +--- Forum: General discussion (/forum-11.html) +--- Thread: Howto Security Fix ispCP 1.0.5 (/thread-11277.html) |
Howto Security Fix ispCP 1.0.5 - Lucan - 07-30-2010 10:59 PM I wrote a small howto in the german corner for some users without a very good knowgledge to fix the security wholes in ispcp 1.0.5 So this is the translation of it, if you found any mistakes, please tell me, but i tested it on several machines and it worked well. First we fix the security whole mentioned here: http://isp-control.net/forum/thread-11226-post-84851.html#pid84851 Code: cd /var/www/ispcp/gui/client Code: nano sql_auth.php Code: $query = " Replace with: Code: $query = " Code: $rs = exec_query($sql, $query, $db_user_id); Code: $rs = exec_query($sql, $query, array($db_user_id, $_SESSION['user_id'])); Safe and exit. Now we fix the security whole, mentioned here: http://isp-control.net/forum/thread-11269-post-85150.html#pid85150 Code: cd /var/www/ispcp/engine Code: nano ispcp-dmn-mngr Code: "--database=\"$db_name\""; Code: "--database=\"$db_name\""; Code: "--database=\"$db_name\""; Code: "--database=\"$db_name\""; Code: "--database=\"$db_name\""; Code: "--database=\"$db_name\""; So lets go on Code: cd /var/www/ispcp/engine/backup Code: nano ispcp-backup-all Code: $rs = sys_command($db_backupcmd); Code: $rs = sys_command_rs($db_backupcmd); Last one. Open and change Code: nano ispcp-backup-ispcp Code: $rs = sys_command($db_backupcmd); Code: $rs = sys_command_rs($db_backupcmd); Now we delete all logfiles stored at /var/log/ispcp (i know there are better ways, but i think its the method, where people without much knowglede can't make any mistakes) Code: cd /var/log/ Code: rm -r ispcp Code: mkdir ispcp Code: cd ispcp Code: mkdir ispcp-arpl-msgr Code: chmod 750 ispcp-arpl-msgr Code: chown vmail:mail ispcp-arpl-msgr Now ispCP should be secure again |