You are Here: FAQ ->Web Space & Access->FTP Account->Article #16


FTP/SSH accounts allow full access by scripts


Chrooting subusers is by NO means a security feature
or something which enables the customer secure reselling of webspace,
it's merely something more convenient for the average user.

Any chrooted subuser may upload e.g. a PHP or Perl script which in turn may access the full customer's web space (htdocs and below) completely read/write and see
the directories beneath /kunden.

This means that you can have multiple FTP accounts, however the protections in
place are for FTP/SSH access and are not restricted through HTTP access, as such
a customer with FTP access can upload a file such as file_explorer.php which is
a PHP file management system, and access all files below that directory.

To stop this from happening, you would have to stop all HTTP requests to that
folder, therefore making it an FTP/SSH only access. This can be done by an
.htaccess file that says deny from all.

So would be as follows :
\FTP_SITES
\FTP_SITES\.htaccess (Deny from All)
\FTP_SITES\Access_1\

So customer given user name to Access_1 will then be able to FTP and similar,
however the HTTP rewrite rule stops more access.

SW3B101


Print Article
How useful was this article?
(From 5 = Very Useful to 1 = Not useful at all):
1 2 3 4 5


 © 2008 1&1 Internet Inc - About 1&1 Internet