ispCP - Board - Support
Howto Security Fix ispCP 1.0.5 - Printable Version

+- ispCP - Board - Support (http://www.isp-control.net/forum)
+-- Forum: ispCP Omega Development Area (/forum-1.html)
+--- Forum: General discussion (/forum-11.html)
+--- Thread: Howto Security Fix ispCP 1.0.5 (/thread-11277.html)

Howto Security Fix ispCP 1.0.5 - Lucan - 07-30-2010 10:59 PM

I wrote a small howto in the german corner for some users without a very good knowgledge to fix the security wholes in ispcp 1.0.5

So this is the translation of it, if you found any mistakes, please tell me, but i tested it on several machines and it worked well.

First we fix the security whole mentioned here:
http://isp-control.net/forum/thread-11226-post-84851.html#pid84851

Code:
cd /var/www/ispcp/gui/client
Open and change the file
Code:
nano sql_auth.php
Search:
Code:
$query = "
SELECT
`sqlu_name`, `sqlu_pass`
FROM
`sql_user`
WHERE
`sqlu_id` = ?
";

Replace with:
Code:
$query = "
SELECT
`sqlu_name`, `sqlu_pass`
FROM
`sql_user`, `sql_database`, `domain`
WHERE
`sql_user`.`sqld_id` = `sql_database`.`sqld_id`
AND
`sql_user`.`sqlu_id` = ?
AND
`sql_database`.`domain_id` = `domain`.`domain_id`
AND
`domain`.`domain_admin_id` = ?
;
";
Search:
Code:
$rs = exec_query($sql, $query, $db_user_id);
Replace with:
Code:
$rs = exec_query($sql, $query, array($db_user_id, $_SESSION['user_id']));

Safe and exit.



Now we fix the security whole, mentioned here:
http://isp-control.net/forum/thread-11269-post-85150.html#pid85150

Code:
cd /var/www/ispcp/engine
Open and change the file
Code:
nano ispcp-dmn-mngr
Search:
Code:
"--database=\"$db_name\"";
$rs = sys_command($cmd);
Replace with:
Code:
"--database=\"$db_name\"";
$rs = sys_command_rs($cmd);
Search:
Code:
"--database=\"$db_name\"";
$rs = sys_command($cmd);
Replace with:
Code:
"--database=\"$db_name\"";
$rs = sys_command_rs($cmd);
Search:
Code:
"--database=\"$db_name\"";
$rs = sys_command($cmd);
Replace with:
Code:
"--database=\"$db_name\"";
$rs = sys_command_rs($cmd);
Safe and exit.

So lets go on
Code:
cd /var/www/ispcp/engine/backup
Open and change the file
Code:
nano ispcp-backup-all
Search
Code:
$rs = sys_command($db_backupcmd);
Replace with
Code:
$rs = sys_command_rs($db_backupcmd);
safe and exit.

Last one.
Open and change
Code:
nano ispcp-backup-ispcp
Search
Code:
$rs = sys_command($db_backupcmd);
Replace with
Code:
$rs = sys_command_rs($db_backupcmd);
Safe and exit.

Now we delete all logfiles stored at /var/log/ispcp
(i know there are better ways, but i think its the method, where people without much knowglede can't make any mistakes)

Code:
cd /var/log/
Code:
rm -r ispcp
Code:
mkdir ispcp
Code:
cd ispcp
Code:
mkdir ispcp-arpl-msgr
Code:
chmod 750 ispcp-arpl-msgr
Code:
chown vmail:mail ispcp-arpl-msgr



Now ispCP should be secure again