Web_user Security Problem

[akiva]

would creating a vhost/vhost_ssl conf file possibly solve the issue?

 

[JointTech]

that is the change I made. I rebooted the server and then I passed the test. I have not retested again because it puts a major load on the server.

I'm not sure about the vhost_ssl. sorry.

 

[akiva]

Is there some way for me to test if UserDir is disabled (without running a full pCI scan)?

 

[JointTech]

im not sure if this is a real test... and Im really tired right now but if you go to somedomain.com/~someuser

if webusers are disabled it gives a 404 not found error instead of a 403 forbidden. (this assumes that directory listing is disabled and there is no index.htm in the webusers root) I guess you could just setup a webuser in plesk under a domain and then put an index page in the root and then see if it displays.

Sorry not much help. im a windows guy lost in a sea of plesk/linux

 

[akiva]

Originally posted by JointTech
Sorry not much help. im a windows guy lost in a sea of plesk/linux [/B]

Thanks for the tip -- I didn't think of checking that way -- like you I'm a long-time windows guy...