Posts by aicon

    Just realized that installing the nginx plugin and allowing access to the websites (on it) from the internet is a very high security risk!
    If a hacker somewhere with their hacking practices uploads any malicios script, then can browse, list, modify, etc all r or rw files directories in OMV.
    Can do this e.g. running a php file with scandir().
    Recently applied a temporary solution with acl banning the www-data customer and group from all shares and disabled scandir and file_uploads in php.ini, but this isn't the best solution.
    Still all directories wiht r or rw rigths can be accessed/modifid thru a simple php script.


    Played with different security practices as enabling PHP-FPM's chroot variable, open_basedir, etc. but without success.


    If someone knows the solution please let me know.
    Thank you.