Chmode 444, but cpanel user still able to edit and delete file

Raj_2006

• February 08, 2016 06:59

Hi I have a CentOS VPS with latest WHM version, From last couple of months some hackers are creating malicious files in my cpanel public_html director, I recently notice that if i made any file permission to 444 and trying to edit or delete it as cpanel user, I still able to edit and delete these files, means chmod permission is not working in cpanel file manager. To check i did the same chmod 444 for my index.php file and tried to delete and edit via ssh that time chmod permission works file it is not allowing me to edit this file but then i logged into Cpanel file manager and tried to delete index.php that this time file was deleted. so chmode permissions are not working in cpanel filemanage, please help me to resolve this issue.

• 

  vanessa

  • February 08, 2016 15:53

  You realize the owner of the file can change its permissions, right? This has nothing to do with cPanel. Learn about Unix permissions and ownership rules. Sounds to me like you should be more worried about your site repeatedly getting hacked.

  0
• 

  Raj_2006

  • February 08, 2016 16:04

  My issue is, if i am using cpanel file manager as a cpanel user why am i able to delete or edit file though their permission is 444. On my other VPS if i do same settings and using cpanel file manager as a cpanel user i am not able to delete and edit files which have 444 Chmode. I want same thing for my other VPS, so files cannot delete or overwrite accidentally

  0
• 

  vanessa

  • February 08, 2016 17:14

  Because the user still owns the file, and relying on this is as a form of security is entirely stupid. You're going down a rabbit hole here when what you should be doing is addressing how unauthorized parties are meddling around with your files. Your priorities are completely off, and until you realize this, you're probably not going to get much help.

  0
• 

  cPanelMichael

  • February 09, 2016 16:42

  Hello :) The following document is a good place to start when attempting to create a secure server environment: Tips to Make Your Server More Secure - cPanel Knowledge Base - cPanel Documentation However, note you may need to consider the services of a system administrator or qualified security expert if you need help determining how your account is repeatedly hacked. Thank you.

  0

Please sign in to leave a comment.