Hello to all, I'm new in this forum and this is my first post. I have a question. I have a site which it's domain is example.com, and there are some users that have mail and ftp access on this site. With FTP, they can upload files near website's PHP files, so they can run PHP scripts. For some reasons, I cannot turn Safe_Mode on (and I hate it too!), and because all users and main website pages are in a same VHost, I think suPHP or suExec can not secure website pages from malicious users. So, I decided to limit execution of PHP scripts in the main website folder by doing something like this in httpd.conf: Code: <Directory /home/web/web1/web> [INDENT]AddType application/x-httpd-php .php .php3 .php4 .php5[/INDENT] </Directory> And I've removed the AddType line in the main section of VHost directive. Looks like I've succeeded to prevent users running PHP scripts, But I'm not sure whether this way is right or not, and I don't know if any security issues remain. Can anyone help me and tell me the right way and other security issues which may be persist? Excuse me for my long story!
Please enable chrooting in proftpd conf as described in the perfect setup guides, then none of your other FTP users except of the admin user is able to upload any files to the web directory,
