Hello all,

Post here what all steps you all are taking to stop symlink attack on your web server. As its a big issue because most of the sites on shared environment are hacked because of this issue...

Well I am using a cron job which changes config file of all sites on my server with permission to 600 . It runs periodically to change permission of new hosted website config file. This protect us from symlink.

Can you post to an article regarding the symlink attack? How new is this sort of attack? Is it something that standard security takes care of?

If you can post details on how the attack happens, then more people can be educated on the vulnerability and resolutions.

Well this is most wide spread attack on linux web server where a shared web hosting owner can launch this attack to read the configuration file or any file of other web host owners at same server. When you are using suphp it doent allow users to see what is out side of their directory limit . To overcome that limit, this symlink attack is launched by an attacker to read important files without even actually navigating there.

Sure I will make a brief article about that. I thought people are already aware of this.

It would be nice to get some more information from an industry expert on this type of attack. Even if it is brief it could be helpful. There may be awareness of this type of attack but it is hard to keep up with everything that is unleashed these days.

I guess it depends on the methods used. What was once prevelant back in 2003 and even 2005 attacks were pretty much made impossible due to updates in 2008. The SuPHP was/is a great option for isolating an environment and only allowing users to execute their own files - but standard server security should also be taken so that people can note read/exploit the /etc section of a server for the passwd files and group files.

Cross Site Scripting through Apache/PHP has been pretty much taken care of these days - generating symlinks from a root level would imply a root compromise. Generation of symlink from an individual account level should never be able to access outside of their user account level - ever.

I am curious to know how things like these got started, why must people go and hack things. What good really comes from it all?