Hello all,
It's my first post so I might have missed the forum for the thread, sorry for that.
After upgrading from zpanel to sentora 1.0.3 I've noticed the following:
1) /etc/apps/phpsysinfo is now publicly available without the need to login to panel first.
I don't know if it is the right way (please advise) but I've added this:
into: /etc/sentora/panel/etc/apps/phpsysinfo/index.php
* I've added the same code to the phpmyadmins index.php too so it wouldn't be accessible for brute force attacks to the world wide web.
2) all the sentora dirs under /etc/sentora are accessible to any linux user, they can grep passwords from them, delete the files or modify them to include custom code.
Will sentora break if I change permissions to this folders ?
Thanks,
Vedran
It's my first post so I might have missed the forum for the thread, sorry for that.
After upgrading from zpanel to sentora 1.0.3 I've noticed the following:
1) /etc/apps/phpsysinfo is now publicly available without the need to login to panel first.
I don't know if it is the right way (please advise) but I've added this:
Code:
session_start();
if (!isset($_SESSION['zpuid'])) {
echo "<h1>Unauthorised request!</h1><p>You must be logged in before you are able to view PHP configuration on this server.</p>";
exit;
}* I've added the same code to the phpmyadmins index.php too so it wouldn't be accessible for brute force attacks to the world wide web.
2) all the sentora dirs under /etc/sentora are accessible to any linux user, they can grep passwords from them, delete the files or modify them to include custom code.
Will sentora break if I change permissions to this folders ?
Thanks,
Vedran
