Get Paid to Participate - up to $1 per post!     Twitter     Facebook     Google+
Hosting Discussion

Hosting Discussion > Web Hosting Forums > Hardware and Server Configuration > What Is Symlink Attack & How Its Done?
forgot password?


  Post #1 (permalink)   01-19-2012, 01:54 PM
HD Addict
Join Date: Oct 2011
Posts: 177

Status: Bullten is offline
A Symlink Aka symbolic link is a virtual link pointing to a file in a directory. In shared Linux environment hard disk space in divided in several parts for different account. When proper security measures are not taken it may happen a shared hosting account can take over to another shared hosting account on same server by launching symlink attack. Certain measures have been taken by companies to block these types of attack and they have build their own private patches to harden server security. But what are you doing to stop symlink? Search online you will get solutions like blocking follow symlink or changing some settings in httpd.conf. Enough post and solutions are still not available only or by search in depth you will find for every solution there is a break thru. There are many ways and means to bypass those settings and initiate symlink attacks to break server security but I am not going to explain how to do it. Lets see how this attack can be initiated.

How Itís Done?

Well just by passing a proper symlink query will do the job.


ln -s target_file_path new_file_name
Suppose you have a site a wordpress site on a cpanel server and its user is xyz and another user just have to run below command to get that file:
ln -s /home/xyz/public_html/wp-config.php wo.txt
This will get full source code of that file and known as full file disclosure vulnerability. Run the symlink attack on your server to make sure you are safe.

  Post #2 (permalink)   01-19-2012, 03:35 PM
HD Addict
Join Date: Dec 2011
Posts: 142

Status: storminternet is offline
That's great info indeed. But I think one can enable SymLinksIfOwnerMatch in apache to protect server against symlink attack.
UK-Professional Web Hosting
Web Hosting Solutions | Cloud Hosting | Dedicated Servers
Lifetime Hosting
ISPA Award Winner:2013-Best SME Hosting | 2014-Best Dedicated Hosting

  Post #3 (permalink)   01-19-2012, 03:54 PM
HD Addict
Join Date: Oct 2011
Posts: 177

Status: Bullten is offline
Still there is a method to pass it...

  Post #4 (permalink)   01-24-2012, 04:34 PM
HD Master
Join Date: Dec 2011
Location: Florida
Posts: 274
Send a message via Skype™ to SolidShellSecur

Status: SolidShellSecur is offline
We ended up using a custom patch and applied it before compiling. There are so many symlink attacks.
__________________ Providing Quality Support, Secure Hosting and Amazing Services.
STAY ALERT! Sign up for our security mailing list and always know when threats come out.

  Post #5 (permalink)   01-30-2012, 08:06 AM
HD Newbie
Join Date: Oct 2011
Posts: 33

Status: sady92 is offline
Originally Posted by Bullten View Post
Still there is a method to pass it...
There are a loot of method but you need to right chmod your folders, set up the applications, and see what are the exploits to shut the bug hole.

  Post #6 (permalink)   04-05-2012, 09:49 AM
HD Amateur
Join Date: Feb 2012
Posts: 88

Status: webhostpython is offline
Good tip, but they should take alot of other things int consideration as well.

Thread Tools

New Post New Post   Old Post Old Post
Posting Rules:
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Sponsored By: