This forum uses cookies
This forum makes use of cookies to store your login information if you are registered, and your last visit if you are not. Cookies are small text documents stored on your computer; the cookies set by this forum can only be used on this website and pose no security risk. Cookies on this forum also track the specific topics you have read and when you last read them. Please confirm whether you accept or reject these cookies being set.

A cookie will be stored in your browser regardless of choice to prevent you being asked this question again. You will be able to change your cookie settings at any time using the link in the footer.

Sentora security questions
#3
RE: Sentora security questions
I've been involved in server recoveries numerous times, even with suhosin, 777 is a full-stop issue and it has, unfortunately, completely eliminated consideration of Sentora as even a testing option.

I hope you can excise this foolhardy design decision/lazy configuration in the migration of the security model, but until then, I STRONGLY advise against using Sentora for any public facing internet site at all.

I had such hope for Sentora, right up until I setup a reseller, a client, an ftp user, and logged in and saw world writable user file structure.  Once I looked into it, I stumbled upon posts like this that don't seem to understand the all encompassing horror of this configuration, suhosin or not.  This is, in someways, an effective Botnet virtualization software, the individual accounts can be backdoored within the "jail" even if it isolates other accounts from cross-compromise.

This should be priority number 1 on your list of emergency action items.
Reply
Thanks given by:


Messages In This Thread
Sentora security questions - by krisinho - 09-08-2015, 04:44 AM
RE: Sentora security questions - by Me.B - 09-08-2015, 09:38 PM
RE: Sentora security questions - by dezmd - 11-18-2015, 02:51 AM
RE: Sentora security questions - by dantewow - 11-20-2015, 07:24 AM
RE: Sentora security questions - by TGates - 11-20-2015, 10:12 AM
RE: Sentora security questions - by Me.B - 11-20-2015, 05:42 PM
RE: Sentora security questions - by apinto - 11-20-2015, 10:15 PM

Possibly Related Threads…
Thread Author Replies Views Last Post
Is Sentora dead? rajeevrrs 2 3 ,049 12-17-2022, 09:20 AM
Last Post: TGates
Sentora debug and error files johnnyp 0 1 ,184 10-27-2022, 06:16 PM
Last Post: johnnyp
Transfer Account to another Sentora BenI 1 2 ,615 07-21-2022, 07:19 PM
Last Post: Nigel

Forum Jump:


Users browsing this thread: 1 Guest(s)