Otdfbt

How to continually let my readers know what time it is in my story, in an organic way?

How would you translate "grit" (personality trait) to Chinese?

When did game consoles begin including FPUs?

Does it matter what way the tires go if no directional arrow?

Can a tourist shoot a gun in the USA?

Why would someone open a Netflix account using my Gmail address?

How to describe a building set which is like LEGO without using the "LEGO" word?

Understanding Deutch's Algorithm

Is there any good reason to write "it is easy to see"?

What dog breeds survive the apocalypse for generations?

What is the status of the Lannisters after Season 8 Episode 5, "The Bells"?

Why is Drogon so much better in battle than Rhaegal and Viserion?

APFS - how do I enable transparent compression

How to redirect stdout to a file, and stdout+stderr to another one?

What was Varys trying to do at the beginning of S08E05?

Would life always name the light from their sun "white"

Was the dragon prowess intentionally downplayed in S08E04?

Should I communicate in my applications that I'm unemployed out of choice rather than because nobody will have me?

My bread in my bread maker rises and then falls down just after cooking starts

Could a space colony 1g from the sun work?

Do people who work at research institutes consider themselves "academics"?

Network latencies between opposite ends of the Earth

To whom did Varys write those letters in Game of Thrones S8E5?

Do high-wing aircraft represent more difficult engineering challenges than low-wing aircraft?

How web-hosting providers manage to make uploading files secure?

Sharepoint for Teams, Permissions, Kick to proper tab?Securing VPN access from users machines (home office)Stopping PHP ability to read/write other PHP filesHow do I deal with a compromised server?Our security auditor is an idiot. How do I give him the information he wants?Requiring mulitple group membership in order to access folderSetting up limited AD account for external support personExecutables locationDrupal multi-site, virtual hosts and CloudFlareLinux: productive sysadmins without root (securing intellectual property)?

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;

1

1

I made a small website where people can upload their files into my server.

Every member have their own folder and they can't open or show other people directories.

Their links looks like this:

example.com/sub/james/

example.com/sub/mark/

example.com/sub/jason/

Members have an option to uploud php, java, html or any kind of file they want.

I made it like that because I want to give the ability for them to host a tiny website on my server, so for example if someone reach this link:

example.com/sub/mark/index.php
It will open their home page. and anyone on internet can access that page, also no one can go back behind the main "sub" folder

I'm concerned about the security, "giving access to my server and let members upload any kind of file" what could go wrong? and how I can make it more secure?

security apache-2.4

share|improve this question

asked May 4 at 11:34

SomeoneSomeone

83

add a comment | 

1

1

I made a small website where people can upload their files into my server.

Every member have their own folder and they can't open or show other people directories.

Their links looks like this:

example.com/sub/james/

example.com/sub/mark/

example.com/sub/jason/

Members have an option to uploud php, java, html or any kind of file they want.

I made it like that because I want to give the ability for them to host a tiny website on my server, so for example if someone reach this link:

example.com/sub/mark/index.php
It will open their home page. and anyone on internet can access that page, also no one can go back behind the main "sub" folder

I'm concerned about the security, "giving access to my server and let members upload any kind of file" what could go wrong? and how I can make it more secure?

security apache-2.4

share|improve this question

asked May 4 at 11:34

SomeoneSomeone

83

add a comment | 

I made a small website where people can upload their files into my server.

Every member have their own folder and they can't open or show other people directories.

Their links looks like this:

example.com/sub/james/

example.com/sub/mark/

example.com/sub/jason/

Members have an option to uploud php, java, html or any kind of file they want.

I made it like that because I want to give the ability for them to host a tiny website on my server, so for example if someone reach this link:

example.com/sub/mark/index.php
It will open their home page. and anyone on internet can access that page, also no one can go back behind the main "sub" folder

I'm concerned about the security, "giving access to my server and let members upload any kind of file" what could go wrong? and how I can make it more secure?

security apache-2.4

share|improve this question

asked May 4 at 11:34

SomeoneSomeone

83

share|improve this question

asked May 4 at 11:34

SomeoneSomeone

83

share|improve this question

asked May 4 at 11:34

SomeoneSomeone

83

asked May 4 at 11:34

SomeoneSomeone

83

asked May 4 at 11:34

SomeoneSomeone

83

1 Answer
1

active

oldest

votes

2

I suggests to use a different user by user on Web server (see Apache-ITK). This will allow each user to not browse all the names and go in the other users.

You must think also about CPU and RAM : you will maybe forced to use a limit by user.
Concerning disks, quotas are welcome.

Don't forget the max execution time to not allow them to run every time process

If you use PHP, remove all the execution of system programs in disable_functions.

After that, you will enable logs by users.

Do not forget the backups !
And maybe a database server if you need...

It can be interersting to limit the network connection from this host to Internet, if the user forget to update its prefered CMS

Good luck and welcome in shared hosting.

share|improve this answer

answered May 4 at 11:56

DomDom

5,70811422

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Okay, I will lock into that, thanks, just a tiny question, is there any open source code that these webhosting providers use to manage webhosting? I made mine from scratch php+java, but I don't think it's gonna be secure enough, my problem is; I don't have full access to the server, I'm limited to alot of things, like for example I want to give users emails from my domain but I don't know how I can manage that! is there an open source code to give email services like google! I'm sorry alot of questions..
  
  – Someone
  May 4 at 12:15
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  It exists some opensource soft to manage the users and the hosting, mails and ftp (see cPanel by example). But you must have access to the server as root to install !
  
  – Dom
  May 4 at 12:30
  

  
  
  
  

add a comment | 

Your Answer

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f965862%2fhow-web-hosting-providers-manage-to-make-uploading-files-secure%23new-answer', 'question_page');

);

Post as a guest

Name

Email

Required, but never shown

2

I suggests to use a different user by user on Web server (see Apache-ITK). This will allow each user to not browse all the names and go in the other users.

You must think also about CPU and RAM : you will maybe forced to use a limit by user.
Concerning disks, quotas are welcome.

Don't forget the max execution time to not allow them to run every time process

If you use PHP, remove all the execution of system programs in disable_functions.

After that, you will enable logs by users.

Do not forget the backups !
And maybe a database server if you need...

It can be interersting to limit the network connection from this host to Internet, if the user forget to update its prefered CMS

Good luck and welcome in shared hosting.

share|improve this answer

answered May 4 at 11:56

DomDom

5,70811422

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Okay, I will lock into that, thanks, just a tiny question, is there any open source code that these webhosting providers use to manage webhosting? I made mine from scratch php+java, but I don't think it's gonna be secure enough, my problem is; I don't have full access to the server, I'm limited to alot of things, like for example I want to give users emails from my domain but I don't know how I can manage that! is there an open source code to give email services like google! I'm sorry alot of questions..
  
  – Someone
  May 4 at 12:15
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  It exists some opensource soft to manage the users and the hosting, mails and ftp (see cPanel by example). But you must have access to the server as root to install !
  
  – Dom
  May 4 at 12:30
  

  
  
  
  

add a comment | 

2

I suggests to use a different user by user on Web server (see Apache-ITK). This will allow each user to not browse all the names and go in the other users.

You must think also about CPU and RAM : you will maybe forced to use a limit by user.
Concerning disks, quotas are welcome.

Don't forget the max execution time to not allow them to run every time process

If you use PHP, remove all the execution of system programs in disable_functions.

After that, you will enable logs by users.

Do not forget the backups !
And maybe a database server if you need...

It can be interersting to limit the network connection from this host to Internet, if the user forget to update its prefered CMS

Good luck and welcome in shared hosting.

share|improve this answer

answered May 4 at 11:56

DomDom

5,70811422

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Okay, I will lock into that, thanks, just a tiny question, is there any open source code that these webhosting providers use to manage webhosting? I made mine from scratch php+java, but I don't think it's gonna be secure enough, my problem is; I don't have full access to the server, I'm limited to alot of things, like for example I want to give users emails from my domain but I don't know how I can manage that! is there an open source code to give email services like google! I'm sorry alot of questions..
  
  – Someone
  May 4 at 12:15
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  It exists some opensource soft to manage the users and the hosting, mails and ftp (see cPanel by example). But you must have access to the server as root to install !
  
  – Dom
  May 4 at 12:30
  

  
  
  
  

add a comment | 

I suggests to use a different user by user on Web server (see Apache-ITK). This will allow each user to not browse all the names and go in the other users.

You must think also about CPU and RAM : you will maybe forced to use a limit by user.
Concerning disks, quotas are welcome.

Don't forget the max execution time to not allow them to run every time process

If you use PHP, remove all the execution of system programs in disable_functions.

After that, you will enable logs by users.

Do not forget the backups !
And maybe a database server if you need...

It can be interersting to limit the network connection from this host to Internet, if the user forget to update its prefered CMS

Good luck and welcome in shared hosting.

share|improve this answer

answered May 4 at 11:56

DomDom

5,70811422

share|improve this answer

answered May 4 at 11:56

DomDom

5,70811422

answered May 4 at 11:56

DomDom

5,70811422

answered May 4 at 11:56

DomDom

5,70811422