1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Security on plesk 7.5.6 (default permission user Everyone from C:\)

Discussion in 'Plesk for Windows - 8.x and Older' started by kbknkt, Sep 29, 2006.

  1. kbknkt

    kbknkt Guest

    0
     
    Hi, all
    I have tried your plesk 7.5.6 (install in windows server
    2003), butI have something problem about your software
    Is there a place where I can find a guide on how to harden the
    server's security?
    If I use webadmin.php utility, I can have access to all the files
    (view everything in my hard disk) in the server (a desirable hacker
    tool) yet,. as an Admin of the server,. I'm not really happy with
    this.
    I found that your plesk software use permission for user Everyone from
    C:\. I don't like that (for security I must be remove permission for
    user Everyone from C:\, Leave only Administrator on C:\ )

    I have removed user Everyone from C:\, and then Install your plesk
    7.5.6 but it error to operation and roll back the install process).

    I use permission for user Everyone from C:\ (Administrators - full
    control over this folder, subfolders and files.SYSTEM - full control
    over this folder, subfolders and files.Everyone - read and execute
    permission for this folder only).
    I also check permission for the plesk folder and Vitual host folder
    following your document (plesk-7.5.6-win-reconfigurator-guide) and run
    tool plesk reconfigurator
    But, If I use webadmin.php utility, I can have access to all the files
    (view everything in my hard disk) in the server (a desirable hacker
    tool) yet,. as an Admin of the server,. I'm not really happy with
    this.

    I want "Remove user Everyone from C:\"
    I want "Leave only Administrator on C:\"

    etc..?
    for security

    Thanks
     
  2. sergius

    sergius Golden Pleskian

    28
    57%
    Joined:
    Nov 6, 2005
    Messages:
    1,898
    Likes Received:
    0
    please install latest plesk version 7.6.1
     
  3. kbknkt

    kbknkt Guest

    0
     
    hi,
    I have installed plesk 7.6.1 for windows but the same plesk 7.5.6
    hic hic
     
  4. sergius

    sergius Golden Pleskian

    28
    57%
    Joined:
    Nov 6, 2005
    Messages:
    1,898
    Likes Received:
    0
    could you please describe what is "webadmin.php utility" and how it configured and explane what "all the files" you can see via "webadmin.php utility"?
     
  5. kbknkt

    kbknkt Guest

    0
     
    It is hacker tool, if you want to known about it,I will send it to you.
    But my probelem is Plesk require permission to Everyone on C:\ and It is not security. It must be remove permission to Everyone on C:\

    Thank you
     
  6. sergius

    sergius Golden Pleskian

    28
    57%
    Joined:
    Nov 6, 2005
    Messages:
    1,898
    Likes Received:
    0
    sir, you cannot see "all the files" by any "hacker tool" because it is impossible.
    you don't need remove permissions Everyone from disk root because this permissions "this folder only".
     
  7. kbknkt

    kbknkt Guest

    0
     
    Thank you for your reply
    I will check permission from root folder "permission for this folder only". But I have used reconfigurator tool of Pesk to set permissions on root folder (c:\), every permissions is default by Plesk Software. Then I use hacker tool (hosting on one domain acount that I created). I can see (list) every files from root folder (c:\). It is true, believe me.
    Thank
     
  8. sergius

    sergius Golden Pleskian

    28
    57%
    Joined:
    Nov 6, 2005
    Messages:
    1,898
    Likes Received:
    0
    it's true but you can see only list of files.
    it will be security hole only if you will save all own important data to disk root.
     
  9. kbknkt

    kbknkt Guest

    0
     
    Oh,
    All files from root folder (c:\) can be list. Flowing me, all files (c:\) cannot be list from domain account, only files belong to them can be list.
    thank
     
Loading...