Securing my Webspace

I currently have a website at a shared hosting company, and I am able to enter other users webspace. I would therefore like to secure my webspace so that other FTP users are not able to enter my webspace and view php files.

I contacted my host regarding this, and they told me to chmod php files to 644 and the katalog? to 711. Is this correct? I do not want to make a mistake doing this so that I loose access to my files.

Thankful for any help

 

What does this mean?

That does not sound good at all, and you shouldn't have to secure yourself from that. It should already be like that.

 

That is what I thought, but my web host is pretty famous where I come from so I'm just going to accept it. How can I solve this?

 

I prefer 640 than 644. Do you really want everyone to have read access to your files? 711 will give you full permissions and give the everyone else execute permissions. Either way, you wont lose access to your files.

FTP users shouldn't be able to walk the filesystem if your host has taken the necessary precautions like chroot the environment for every FTP session.

 

Ok, so if I chmod the whole folder that my vBulletin installation is in to 640 will that block any unwanted guests through the ftp server? Can you recommend any good Windows ftp client that has good chmod functions? I currently use smartftp, but I feel something is missing...

Thanks.

 

Yes, you should be fine. But before you go and chmod your entire vBulletin directory, create a new directory try out the permissions first. Better safe than sorry.

Personally, i use FileZilla. Works fine for me.

 

Ok smart How would I try out the permissions? Wouldn't I need another account to try that out?

 

To really make sure no other users cant access those directories, you would need to test from another account. But if you cant browse to other users folders on the server, you "should" be ok. Nothing is ever 100% when it comes to security though.

 

Ok I have requested a test user account so I can test permissions. I can browse into a few user folders on the server, but others are blocked. I'll see how it goes with the test account then, and get back.

Thanks for you're help Kommunicate. You are really helping me out today

 

Great. Glad i could help.

 

Good luck on your testing. However don't just accept such lax security because they are famous in your area. I would consider a new host if that is possible.

 

I'd recommend change your web host.

 

Def. that should be a basic security measure that they have in place.

 

I solved my problem. Thanks for everyone's help