You miss understand. A user with ftp access only to a
single virtual host can upload a PHP shell to there web space.
The PHP shell allows them to login with a made up password they
make. Once logged in to the PHP shell they are no longer
restricted by there FTP login permissions due to the fact that a
PHP shell runs under the www-data account. The fact that they
have now hijacked the www-data account using the uploaded PHP
shell allows them to see the other virtual hosts PHP scripts.
And even the root directory on the server if the www-data
account is not jailed. if it is jailed they are restricted to
seeing all virtual hosts on the server. jailed or not jailed you
can view your neighborer PHP Code and steel it.
How would one go about preventing this kind of attack while
using virtual hosts and PHP.
First, have the files for each virtual host owned by different
users. ÂThis will prevent someone who comes in via FTP from being
able to access files belonging to other virtual hosts. Â(By the way,
you really should not use FTP since it is insecure; switch to SFTP
instead).
Next, configure Apache to execute the PHP for each virtual host as
user unique to that virtual host (and different from the user who
owns the files for that virtual host). ÂThere are several ways to do
this, including suEXEC, FastCGI, and reverse proxies. ÂFor more
information, see http://wiki.apache.org/httpd/PrivilegeSeparation
--
Mark Montague
mark@xxxxxxxxxxx
|
