forum.schmolie.com -> IMAP is displaying all my website contents!

forum.schmolie.com

Help

Members

Calendar

Welcome Guest ( Log In | Register )

Resend Validation Email

forum.schmolie.com -> Technical Support -> Colocation and Dedicated Server Hosting

IMAP is displaying all my website contents!

Track this topic | Email this topic | Print this topic

fabrizio	Posted: Jul 1 2007, 06:20 AM
Group: Members Posts: 156 Member No.: 19 Joined: 16-July 02	Hello, I have just configured my new iPhone e-mail client to read my mail by using IMAP and it works fine. The only problem is that when I display my mailboxes I can see all the contents of my website (files, directories, etc)! I don't understand how that can happen, I think it's a big security flaw too! Any idea to avoid this on server side? Thank you in advance. Best, Fabrizio -------------------- ----------------------------------------- Fabrizio Ferrari - 'Violinist, contemporary and computer music composer' E-MAIL: fabrizio@virtualsheetmusic.com http://www.musicianspage.com http://www.virtualsheetmusic.com

andy	Posted: Jul 1 2007, 12:10 PM
Group: Advantagecom Staff Posts: 4,340 Member No.: 9 Joined: 12-July 02	I really don't know anything about the iPhone or what information you have to give it for it to download email, but my suspicion is that you're displaying publically available content, so it isn't as big of an issue as you might think. My first reaction is that you're just viewing directories using an FTP browser built into the phone. I've never heard of IMAP showing anything other than email. If indeed you're viewing directories via FTP, then you have logged in as a user and will be able to view any files or directories owned by that user or in that user's group. Also, FTP users that are not change-rooted (chrooted: locked into just browsing their own FTP directories), can browse and view any files allowed by the Unix permissions. This isn't a security flaw. Just simply make sure your Unix file and directory permissions are set to what they should be and each user will only be able to do what is allowed by those permissions. If you aren't comfortable with someone seeing file lists in directories they don't own, then chroot that user's FTP account. Is there a way that you can take a picture of what you're seeing on your iPhone and post that file or email it to support for us to see? You'd have take the picture using a separate device, of course, unless the iPhone supports taking screenshots of what is on its screen. We're interested in helping you get to the bottom of this, but it isn't a problem we've ever seen before, nor do we have an iPhone to be able to duplicate the problem. -------------------- Sincerely, Andrew Kinney CTO, Advantagecom Networks Please do not private message me. My regular management duties preclude responding to every customer that sends me a support issue. Instead, post on the forum or contact tech support.

fabrizio	Posted: Sep 1 2007, 06:31 AM
Group: Members Posts: 156 Member No.: 19 Joined: 16-July 02	Thank you Andy for your reply and sorry fro my delay. Well, actually that's a IMAP issue not FTP, I have the same problem with Mail program on Mac OS X. If you wish I can send you a screen shot of what the program is showing: all the content of my directory (!!!). I know, sounds very strange but that's it! Thank you again. Fabrizio -------------------- ----------------------------------------- Fabrizio Ferrari - 'Violinist, contemporary and computer music composer' E-MAIL: fabrizio@virtualsheetmusic.com http://www.musicianspage.com http://www.virtualsheetmusic.com

andy	Posted: Sep 1 2007, 10:53 PM
Group: Advantagecom Staff Posts: 4,340 Member No.: 9 Joined: 12-July 02	Please email support@advantagecom.net with the screenshot of the OS X mail program showing the problem. They'll help you track down the problem. I'll be working on some other deadlines and will be unable to assist at this time. -------------------- Sincerely, Andrew Kinney CTO, Advantagecom Networks Please do not private message me. My regular management duties preclude responding to every customer that sends me a support issue. Instead, post on the forum or contact tech support.

fabrizio	Posted: Sep 5 2007, 07:08 AM
Group: Members Posts: 156 Member No.: 19 Joined: 16-July 02	Thank you Andy, I will do that. Best, Fabrizio -------------------- ----------------------------------------- Fabrizio Ferrari - 'Violinist, contemporary and computer music composer' E-MAIL: fabrizio@virtualsheetmusic.com http://www.musicianspage.com http://www.virtualsheetmusic.com

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

« Next Oldest | Colocation and Dedicated Server Hosting | Next Newest »