No, not there. Is this supposed to be a global directive, or per virtual host? Actually there are no virtual host containers in /etc/proftpd.conf. Should there be?
BlueOnyx version is 5208R. -----Original Message----- From: Blueonyx <blueonyx-boun...@mail.blueonyx.it> On Behalf Of Tobias Gablunsky Sent: Friday, August 2, 2019 9:41 AM To: BlueOnyx General Mailing List <blueonyx@mail.blueonyx.it> Subject: [BlueOnyx:23078] Re: CushyCMS and ProFTPD Hi Ken, have you checked if the entra "DefaultChdir /web" is still included in your /etc/proftpd.conf (resp. /etc/proftpds.conf)? This is the entry needed for changing directory to /web by default. Maybe this has changed through the update of proftpd? Regards, Tobias > -----Original Message----- > From: Blueonyx [mailto:blueonyx-boun...@mail.blueonyx.it] On Behalf Of > Ken Hohhof > Sent: Friday, August 02, 2019 2:48 PM > To: 'BlueOnyx General Mailing List' <blueonyx@mail.blueonyx.it> > Subject: [BlueOnyx:23076] Re: CushyCMS and ProFTPD > > It sounds like there was a genuine vulnerability that was fixed, so > I'm reluctant to roll back the update in order to accommodate one customer. > > Yesterday I signed up for a free Cushy account so I could reproduce > and troubleshoot the problem. To my surprise ... no problem! > > Here's my best guess, I think the customer's web designer who set up > the CMS probably used / as the path, while I used /web. And perhaps > this was causing Cushy to explore directories not owned by the > siteadmin, like maybe php.d. > > That still leaves the mystery of what changed in ProFTPd, because this > was working since 2016. But I'm hoping the customer does not have the > path set to /web, and that changing it will resolve the problem for > her. (Note that I suspect the web designer has a branded pro account > from Cushy and the customer is just enrolled as an editor of her site > and therefore can't see or change the configuration.) > > Web designers can be difficult to deal with. They are artists! And > hosting is just a commodity, low skill work by vendor scum who can be > replaced with the snap of a finger. > > -----Original Message----- > From: Blueonyx <blueonyx-boun...@mail.blueonyx.it> On Behalf Of > Michael Stauber > Sent: Thursday, August 1, 2019 1:09 PM > To: blueonyx@mail.blueonyx.it > Subject: [BlueOnyx:23063] Re: CushyCMS and ProFTPD > > Hi Ken, > > > Since the problem started with the ProFTPd bugfix, I'm starting to > > wonder if CushyCMS uses the site cpfr and site cpto commands. That > > seems unlikely, but I can't know for sure without signing up for a > > CushyCMS account myself to try it. The only other explanation I can > > think of is that the bugfix had some unanticipated consequences or > collateral damage. > > Yeah, it sure is related to the update. The ProFTPd we're using now is > a "release candidate" and I also observed that it does a few things > slightly different than the last stable version that we were using. > The code maturity seems to have dropped a notch or two. > > I don't have any other or better solution at the moment, sorry. But > perhaps you might temporarily go back to the last ProFTPd version that > worked for you? > > If so, please do this: > > rpm -e --nodeps proftpd > rm /etc/proftpd.conf > rm /etc/proftpds.conf > > That removes ProFTPd. Then you can grab the last good one. As I don't > know which version of BlueOnyx you're using I'll be pointing you to > the RPMs of the individual BlueOnyx versions: > > 5209R: > > http://updates.blueonyx.it/pub/BlueOnyx/5200R/el7/blueonyx/x86_64/RPMS > /pro > ft > pd-1.3.5e-1BX7.x86_64.rpm > > 5208R: > > http://updates.blueonyx.it/pub/BlueOnyx/5200R/el6/blueonyx/x86_64/RPMS > /pro > ft > pd-1.3.5-1BX5.x86_64.rpm > > 5207R: > > http://updates.blueonyx.it/pub/BlueOnyx/5200R/el6/blueonyx/i386/RPMS/p > roft > pd > -1.3.5-1BX5.i386.rpm > > Install the RPM of ProFTPd applicable to your BlueOnyx version this way: > > rpm -hUv <URL> > > Then restart CCEd and xinetd: > > /usr/sausalito/sbin/cced.init restart > service xinetd restart > > To prevent YUM from updating ProFTPd again please edit /etc/yum.conf > and find the lines that look like this: > > ## start-yum-gui > exclude= > ## stop-yum-gui > > Change it to this: > > ## start-yum-gui > exclude=proftpd > ## stop-yum-gui > > You actually can edit that via the GUI, too. It's under "Software Updates" > / > "YUM Updater" and in the "Settings" tab there is the form field > "Exclude these RPMS". Instead of editing /etc/yum.conf you can > directly write "proftpd" (without quotes) into that formfield to have > it excluded from YUM Updates. > > -- > With best regards > > Michael Stauber > _______________________________________________ > Blueonyx mailing list > Blueonyx@mail.blueonyx.it > http://mail.blueonyx.it/mailman/listinfo/blueonyx > > > _______________________________________________ > Blueonyx mailing list > Blueonyx@mail.blueonyx.it > http://mail.blueonyx.it/mailman/listinfo/blueonyx _______________________________________________ Blueonyx mailing list Blueonyx@mail.blueonyx.it http://mail.blueonyx.it/mailman/listinfo/blueonyx _______________________________________________ Blueonyx mailing list Blueonyx@mail.blueonyx.it http://mail.blueonyx.it/mailman/listinfo/blueonyx