I think lfd's script alert would be a great tool if configured just a bit differently, to identify/disable the directory of the actual script, rather than 'public_html'. Either that or when lfd changes the permissions, change it so that the website is still viewable online, just not able to process script emails.
As it is now, when enabled and someone is abusing a script, 'public_html' is disabled meaning the client's website is not able to be seen online.
I've changed the CSF/LFD settings to still send an email yet not change the directory permissions. If lfd could be set to disable the *actual* directory the script resides in (in my case, /home/user/public_html/js/), rather than '/home/user/public_html', that would make a world of difference. Either that or change the permissions on that directory ('/js/') rather than 'public_html.
LF_SCRIPT_ALERT
Re: LF_SCRIPT_ALERT
As per the documentation, LF_SCRIPT_PERM:
So it already does do that.... the directory identified by LF_SCRIPT_ALERT will
# be chmod 0 and chattr +i to prevent it being accessed.
Re: LF_SCRIPT_ALERT
That's what I *don't* want it to do. It's disabling the "public_html" directory, not the "js" directory where the script resides.chirpy wrote:As per the documentation, LF_SCRIPT_PERM:So it already does do that.... the directory identified by LF_SCRIPT_ALERT will
# be chmod 0 and chattr +i to prevent it being accessed.
This means the clients' website is not available to be viewed by anyone via http. I don't want clients getting pissed off at me in the name of security, and having their website go dark (no matter the reason) is going to piss them off.
Re: LF_SCRIPT_ALERT
As I said, lfd already is coded to disable the directory within which it reports the script from the cwd= statement in the exim log.
Re: LF_SCRIPT_ALERT
One more time, it's disabling the *parent* directory (of where the script resides), not the directory of where the script actually is *in*. It's disabling the wrong directory.chirpy wrote:As I said, lfd already is coded to disable the directory within which it reports the script from the cwd= statement in the exim log.