Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
Linux434837yThat user thingy is Good thou. www-data should never own files on a webserver :)
The other thou... -
Linux434837y@limitunknown @Charon92
So every website basically can write to each other? No they should be different users. -
Linux434837y@Charon92
Because the guides are really stupid and people still wondering why all their sites gets pwned.
You can also define user on PHP-FPM too. -
Linux434837y@Charon92
+ It is easier for you to see what website that is hogging resources in htop for example :) -
@Linux Thanks for the heads up. That's good advice I had not thought of. BTW, the server I was talking about here. It wasn't that each website had a different user. It was that almost every single file had a different user and they were constantly chowning things instead of setting up permissions and ownership even remotely correctly..
Related Rants
-
gururaju56*Now that's what I call a Hacker* MOTHER OF ALL AUTOMATIONS This seems a long post. but you will definitely ...
-
linuxxx70This guy at my last internship. A windows fanboy to the fucking max! He was saying how he'd never use anythi...
-
yashmehrotra28*Me and my GF who works for CIA* Me: Send nudes GF: Whose do you want ?
Working at a local seo sweat-shop as "whatever the lead dev does't feel like doing" guy.
Inherit their linux "server".
- Over 500 security updates
- Everything in /var/www is chmod to 777
- Everything in /var/www is owned by a random user that isn't apache
- Every single database is owned by root sql user
- Password for sudo user and mysql root user same as wifi password given to everyone at company.
- Custom spaghetti code dashboard with over 400 files in one directory, db/ api logins spread throughout these files, passwords in plain text.
- Dashboard doesn't have passwords, just usernames to login
- Dashboard database has all customer information including credit card stored in plain text
- Company wifi is shared by other businesses in the area
I suggest that I should try to fix some of these things.
Lead Developer / Tech Director : We're an SEO company, not a security company . . .
devrant
security
hacked
linux
database
mysql