This forum uses cookies
This forum makes use of cookies to store your login information if you are registered, and your last visit if you are not. Cookies are small text documents stored on your computer; the cookies set by this forum can only be used on this website and pose no security risk. Cookies on this forum also track the specific topics you have read and when you last read them. Please confirm whether you accept or reject these cookies being set.

A cookie will be stored in your browser regardless of choice to prevent you being asked this question again. You will be able to change your cookie settings at any time using the link in the footer.

Sentora Poorly managed hosting accounts
#13
RE: Sentora Poorly managed hosting accounts
(07-15-2015, 03:30 AM)Me.B Wrote: @[ahsan] ( got the PM this morning so now checking and replying).

1. Perl/CGI are not supported and are totally unsecure for use under sentora.
Anything that would require Perl/CGI here won't work as we never install such packages or deploy the config to support them. We even disable all the related modules in apache.

2. SSH access is never provided for any user. We don't support it and don't think we will plan even if we jail each user.

See here:

http://forums.sentora.org/showthread.php?tid=1333

On first 1.0 release we left CGI ( enabled by default ) on centos 6 while on centos 7 and ubuntu 12/14 it's disabled by default. So you can't run any CGI script.

So what root kit you used here? I will be happy to test over this again.

Seem your exploit worked on centos 6.5? Did you test centos 7 install? Which installer did you use exactly? Feel free to PM me the infos if you can too.

What I see is directory traversal using CGI. We mainly disabled CGI so you can't in anyway set a symbolic link for other directories as CGI is not correctly sandboxed in previous releases. This is why we issued a patch that was merged into the installer that will remove all CGI modules from centos 6.5.
M B

Check your PM please
Reply
Thanks given by:


Messages In This Thread
RE: Sentora Poorly managed hosting accounts - by ahsan - 07-15-2015, 03:44 AM

Possibly Related Threads…
Thread Author Replies Views Last Post
Update redirect to Sentora login to an error page if a sub domain does not exist TGates 3 3 ,806 11-14-2024, 11:49 AM
Last Post: TGates
Need Sentora HELP ? Alemiz 4 12 ,924 10-26-2018, 04:09 PM
Last Post: republicus
Sentora Feedback and Ideas Xversion 10 32 ,832 10-28-2017, 06:49 AM
Last Post: TGates

Forum Jump:


Users browsing this thread: 1 Guest(s)