Web Server Secrets
I wrote these articles while investigating Web pay site hacking and cracking. These articles are far more relevant today, because so many more people are online using Unix-based or Linux-based Apache Web servers. For example, if you have your own WordPress installation, you need to understand file permissions!
- Part 1: About This Series of Articles. We introduce the hacking adventures which inspired these essays. The results of my investigation are published as How to Hack a Paysite and I Can Hack You.
- Part 2: File Ownership. Unix and Linux have their roots in the late 20th Century. We explain the group-sharing concept as applied to file permissions.
- Part 3: File Permissions. Unix/Linux directory permissions are confusingly different from Unix/Linux file permissions. We explain the distinction and how it affects you.
- Part 4: Apache Server Account. The Apache Web Server for Unix and Linux may not run with the file access permissions you expect. We continue explaining User, Group, and Other permissions.
- Part 5: The Problem of Script-Generated Files. We can see problems when Apache Web Server scripts save files. You may not be able to access or delete them. We explain how this happens so that you can understand what to do.
- Part 6: The Main Event. Server moves and file restoration from backup can kill your running production Apache Web Server scripts. We explain how to get back up and running.
- Part 7: The FastCGI Caveat. This final installment explains why we use FastCGI and friends to run as the target user, as a matter of Apache Web Server security. Your approach needs to change based on whether you are running on a shared server on a dedicated server.