Follow us on Twitter!
I'd prefer to die standing, than to live on my knees - Che Guevara
Monday, April 21, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 23
Guests Online: 21
Members Online: 2

Registered Members: 82858
Newest Member: alexxkim
Latest Articles
View Thread

HellBound Hackers | Computer General | Programming

Author

PHP Web Hosting Project.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 09-06-09 18:40
Hey! I'm making a web hosting site as a hobby project.
And my problem is that anyone could upload php files and then read my root files or whatever they want.
So could I do so their php files could just read from their own directory?

My structure is like this:
htdocs/ (with all pages)
htdocs/user1/
htdocs/user2/
etc.

Thx for any help.
Author

RE: PHP Web Hosting Project.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 09-06-09 19:15
I haven't used this, but look into .htaccess and .htpasswd files. They allow you to determine who gets to access your files and which files the can have access to.
http://www.google. . .8&oe=utf-8


Author

RE: PHP Web Hosting Project.

ranma
Member



Posts: 273
Location: Behind a sphere
Joined: 27.08.05
Rank:
Active User
Posted on 17-06-09 20:14
What pwzall said or you could use regex on their files to check for things that could compromise your site. I have a website such as the one you describe, but I sorta rely on the people not knowing how to hack it to protect it Pfft. It would be fairly easy though.
Who will be using your website?


Wisdom spared is wisdom squared.
Author

RE: PHP Web Hosting Project.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 18-06-09 01:06
Nothing seems to be working. The user can easily upload shell scripts or get any file on the computer.
So is there a way to just let the users php files read from their own subdirectory?

ranma wrote:
Who will be using your website?

Probably nobody x)
But security is the most important piece in this project.