1

Over the past, i've seen a cpanel account (with addon domains) getting infected from an outdated wordpress installation and spreading itself to other domains since all addon domains were included under public_html folder.

ie. /home/user/public_html/domain1.com /home/user/public_html/domain2.com

I know that this can be prevented by purchasing a reseller cpanel account and have seperated cpanel accounts for every domain, ie:

domain1: /home/user1/public_html/ domain2: /home/user2/public_html/

I was wondering if a php infection can be spread when the directory tree is as follows:

/home/user/domain1.com/public_html/ /home/user/domain2.com/public_html/

both domains got the same user but they are not sharing the same public_html folder, however they are sharing the same user.

Can an infection from /home/user/domain1.com/public_html/ take advantage of the user permissions and files ownage to be spreaded/copied to /home/user/domain2.com/public_html/

??

jeejee
  • 45
  • 1
  • 4
  • 11

1 Answers1

0

Yes, there only thing special about the public_html directory is that is the root directory the web server is using to serve files from. But as far as the file system on the server is concerned, it is all the same.

The problem is not with public_html, but rather file and directory permissions. A file run inside of the "public_html" directory can still access files in it's parents directory

If the server that is hosting cpanel gives you the ability to remotely add files to a directory inside of /home/user1, then your PHP files will also have access to it.

With PHP you can disable built in functions to chmod, and the ability to run shell commands which will prevent a PHP script from changing the permissions of files/directories, which may be worth looking at. But in general it's better to isolate each site from each other to limit potential security vulnerabilities

cwurtz
  • 3,177
  • 1
  • 15
  • 15
  • Thanks for replying. Im actually worried about such a scenario on my LAMP vps, that has no panel. At this time, i host every domain in this way: /home/sameuser/domain.com/public_html/, /home/sameuser/domain2.com/public_html/ etc - In the current scenario, can file /home/sameuser/domain.com/public_html/infected.php duplicate itself in /home/sameuser/domain2.com/public_html/infected.php since they are under the same user? – jeejee May 13 '15 at 21:06
  • If the files in `/home/sameuser/*` all have the same owner, then yes, if a php script can modify files in `/home/same/user/domain.com/*` it can modify files in `/home/sameuser/domain2.com/*` as well – cwurtz May 13 '15 at 21:17
  • Thanks for your prompt answer. So the only way to go with the most secure option would be to add new users and assign domain files to them. In this scenario /home/user1/domain1.com/infected.php chowned by user1 wont be able to duplicate itself to /home/user2/domain2.com/infected.php if I understood right. Is this correct? – jeejee May 13 '15 at 21:23
  • correct, assuming that user1 and user2 do not belong to the apache group that should be the group owner of all the files (most likely `www-data`). – cwurtz May 13 '15 at 21:30