Is my Web Host honest? Photo Upload Problem…

  • Sometime in June, my web host (routhost) enabled phpsuexec. I was actually very happy about this as the added security made good sense, but now the month of July rolls around and problems are cropping up.

    Mainly, I cannot upload photos anymore. Whenever I try, I get the infamous “Could not create directory 07 …”

    I checked my permissions and all my folders are 755. So after going back and forth with my host, I finally got the following reply.

    <– Begin Quote
    The error that you were getting was bacause the script was unable to create folder within ‘public_html/blog/wp-content/uploads/2006. Now we have given 777 permission to folder ‘2006’ and upload works fine. As you know it is vulnerable but there are not much options to prevent this. The only thing that you can do is to change the folder permission back to 755 after uploading the images.
    <– End Quote

    I was under the impression that with phpsuexec, this was not necessary.

    Am I being lied to or is this really the truth?

    Thanks in advance for any help. I have found so much useful info in these forums and finally found reason to register!

Viewing 8 replies - 1 through 8 (of 8 total)

  • If you take the purpose of phpsuexec to heart, then you would think that having the permission of 755 on the folders would be enough for your scripts to create new directory (as you) and store files in there.

    The fact that you have to use 777 to get this to work would indicate that perhaps phpsuexec isn’t configured properly..

    Having to go back and forth of changing the directory permissions can get tired very quickly.

    Regards

    Thread Starter mjwood

    (@mjwood)

    So what exactly should I ask my host? I’ve tried to make this exact argument to them, and after discussing with three different tech support people, we’re back to the exact same answer as they originally said — leave the directory 777.

    “The fact that you have to use 777 to get this to work would indicate that perhaps phpsuexec isn’t configured properly.”

    That’s my understanding as well. You should be asking your host why. Why does “phpsuexec” work in this insecure mode where directories are created as 777 only for you to have to make them more secure by changing to 755 manualy?

    phpsuexec is just one piece of a security puzzle. I wouldn’t worry too much about it all by itself. Is your account in a chrooted environment?

    I would also try 775 for permissions. see if that works.

    Also, what control panel do you have? That might tell us more about your environment. CPanel for example is less secure than Ensim. But don’t get that hung up about that either.

    When people hack sites, it’s not just because somebody left a folder with write permissions on their server. There are many factors.

    Who is the actual owner of the folder in question?

    Hi,

    with a correctly configured suexec and an overall tight ship all folders *need* to be 755 and won’t even work when chmodded to 777.

    I’ve set up everything from Mambo to WP or MediaWiki under suexec and 755/644 folder/file permissions. Even SimpleMachines which is known to be finicky if folders are not 777.

    I’ve recently set up 4 WP installs (versions 2.0, 2.0.1, 2.0.2) and upgraded them under 755, without trouble. Users create folders and upload also without trouble. Thus it’s most certainly not WP which is causing the problem.

    Thread Starter mjwood

    (@mjwood)

    I believe the actual owner of the folder in question is my regular user account. This, I believe, is where the problem lies.

    @lhk: I am in complete agreement. I realize that this is not a WP problem, but I wanted to confirm that here and ask for advise as to what to ask my host provider.

    I have gone back and forth with them on this. I’m really starting to get the impression that phpsuexec is not installed OR incorrectly configured.

    Thanks for all your help. I just have to figure out how to maek my host see what I’m saying…

    Edit: I ran phpinfo and it looks like php is running as an apache module. Am I correct in assuming that they are indeed NOT running phpsuexec?

    Are you good with php? Write a short script that creates a folder. Then go in and look at who the owner is of that folder. That should tell you which user php is running as despite what configs indicate. https://ca3.php.net/manual/en/function.mkdir.php

    Find out if you’re in a chroot’d environment. Ask them, but also, log into your shell and see if you can see other people’s user spaces.

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘Is my Web Host honest? Photo Upload Problem…’ is closed to new replies.