Skip to main content

Script uploaded to account concerns

Comments

4 comments

  • Steini Petur
    UPDATE: After thorough inspection, he can't do much he can't edit any files really he can view very few files but the idea of him being able to just in general see outside his /home/user/ directory is just unnerving
    0
  • Infopro
    You should change any passwords you might have used with this script on an account just to be safe. Some? of them do phone home when run as you have here by opening it.
    0
  • Steini Petur
    I haven't used anything, I just clicked the URL as the user, and browsed around. I just see I can go out of the cPanel environment to the /root and see some stuff, I can not view but fraction of the files. What worries me is that in the first place cPanel doesn't have this secured, and I have CloudLinux and CageFS. I just don't like that he can at all go outside /home/user.. even if he cant plant change write download any files, he can only see files and filenames and only open a fraction of them using this. No passwords to change as I haven't logged anything. I havent written a password once.
    0
  • cPanelMichael
    After thorough inspection, he can't do much he can't edit any files really he can view very few files but the idea of him being able to just in general see outside his /home/user/ directory is just unnerving

    Hello, This is normal due to the nature of how the filesystem works on Linux. Note that while you may be able to view some directories outside of /home, all account-specific data should be restricted (e.g. no valuable data is available to end-users). Thank you.
    0

Please sign in to leave a comment.