Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - rtoutant

Pages: [1]
1
Updates / Re: Last Update - gave root access to all users via ssh
« on: November 06, 2018, 09:41:14 PM »

The fix is too change /etc/passwd

good--> username:x:1009:1009::/home/domainname:/sbin/nologin
fullaccess-> username:x:1010:1010::/home/domainname:/bin/bash

after checking the users which received the full access - it appears to be the users that have '%' remote access to mysql
this could be a coincident -

I will have to wait until the next update to be sure


2
Updates / Re: Last Update - gave root access to all users via ssh
« on: November 06, 2018, 09:04:26 PM »
sftp access is more secure

SFTP SSH Secure File Transfer Protocol. SFTP (SSH File Transfer Protocol) is a secure file transfer protocol. ... There is basically no reason to use the legacy protocols any more. SFTP also protects against password sniffing and man-in-the-middle attacks.

as i mentioned before everything worked perfectly until the last update.
users had access to there home folder - and that is it.

now they have root access to everything - with read/write to all folders

3
Updates / Re: Last Update - gave root access to all users via ssh
« on: November 06, 2018, 10:49:07 AM »
I am glad it did not occur for you.
----
It is very clear - since i only have 20 clients on my server - and no modifications made on basic install except for adding domains and mysql databases.

so i uploaded a file for one of my clients - next day update occurs - i go back to apply changes to the file for the client and there is all of the root. and read/write


4
Updates / Last Update - gave root access to all users via ssh
« on: November 06, 2018, 09:54:24 AM »
After the last update all users that access sftp via ssh now have access to root - with read/write capabilities

I did run the fix permissions however - that did not work ( did not change anything )

before the last update they were only able to see there home folder

5
Resource:     Process Time
Exceeded:     370807 > 1800 (seconds)
Executable:   /usr/sbin/php-fpm
Command Line: php-fpm: pool www


note: fresh install and one simple test site added - with php code for custom CMS.
scanned the single site for malicious code - none found.

Pages: [1]