I notice that our sites are accessible via the server IP address followed by web1,2,3 etc. This enables hackers to browse all webs folders, including cgi-bin, ftp, log, phptmp, ssl, user, and web. Worse the perl scripts open as plain/text in the browser, enabling hackers to work out precisely how to abuse my code. We haven't yet gone live on this server, and the only modification I have made from the perfect setup was to set-up suexec, which in turn made me chmod the scripts and folder to 755. I clearly have gone adrift somewhere, probably related to these mods, and would appreciate any advice! Thanks! Chris.
Which ISPConfig version do you use? Is the IP address that you can use to browse the websites assigned to a website in ISPConfig?
Thanks for the prompt reply! Version: 2.2.2 No. Only the internal LAN address of the server is assigned to the sites, not the WAN address.
Did you forward port 80 and 443 from your router to your internal IP address that you assigned to the website? If you enter your internal IP address that you assigned to the website in the browser, you get the behaviour that you can browse the websites?
No we don't use NAT forwarding, the server WAN interface has its own static IP, using the standard ISPConfig Bastille firewall. Interestingly not, I assumed it would, but in fact typing "http://lan ip address/" returns: And entering "http://lan ip address/web1/" returns: This is very much the behaviour I would have liked to see when using the WAN IP. (Just in case you have not gathered this from my early posts, entering the domain name for each site works perfectly.)
Then you just used the wrong IP. Add your WAN IP in ISPConfig, change the IP in the websites to your WAN IP and hit save.
Feeling somewhat red-faced over here; but yes you're absolutely right I had indeed been that daft. All updated as you suggested and the server is now not accessible by IP. I cannot thank you enough. Chris.
Shared IP Address Why am I getting "This IP address is shared. For access to the web site which you look for, enter its address instead of its IP." when going to http://domainname but not when going to http://www.domainname? I have an A record pointing to my ip for ftp,www, and @?
Please add domainname to the Co-Domains tab of that web site. Technically domainname and www.domainname are two different things.
Thanks falco. If I could just figure out why ftp through a browser does not work I think with the help of this forum I have most other issues fixed or a least know where to find the information on how to fix them. You guys to a great job!
