eepp Posted August 31, 2008 Share Posted August 31, 2008 Hi eventual helpers. I have a particular problem and didn't find anything helpful on the net (or maybe I don't know how to search properly for that matter). So, I recently bought a Web hosting plan on fatcow.com, and I have the opportunity to park as many domains as I want. That's what I did, with, for the moment, two domains (let's call them foo.ca and bar.ca). How FatCow works is that it creates a directory in the root of your account which has the following syntax: "[domain name with extension]-redirect". So now, I have in my root directory the two folders "foo.ca-redirect" and "bar.ca-redirect". When I go to foo.ca, I fall into the files and scripts in "foo.ca-redirect". PHP CGI access is activated everywhere, and here's my problem: I created a custom FTP account for someone owning bar.ca so when the guy connects, his root "/" is right into the "bar.ca-redirect" directory (but he does not see that). But if he wans, this guy can upload a file destroy.php in his root which contains something like: <? unlink("../foo.ca-redirect/index.php"); ?> ... and this is where I find that dangerous (in other terms, he can do absolutely anything he likes in any other parked domains with a script). So, is there any way (with Apache .htaccess, PHP.ini (I have access to editing this file) or simply UNIX permissions) to make the scripts contained in a specific directory only capable of playing with files and folders in that directory (and sub-directories)? Thanks for your help! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.