harizalan

Okay, thank you for your reply. Another question: is it intentional that well-nigh all directories outside /home are list-accessible by anyone? It is at least quirky that (although I could not access the files themselves, fortunately) the contents of /boot can be freely listed, thus revealing the kernel version and literally every former patch. Not a security issue itself, but can be used for preparing an attack. Methinks /boot and /proc directories should be completely denied (including listing files) for anyone excluding root.

I have genuine security problems... for bypassing the storage limit, the problem itself is that Plesk does not „see” anything outside the home directory. Thus, I was able to create a rather huge file in /tmp (by running a Bash-based CGI script), which is continuously accessible between two restarts, and Plesk has still shown that my account has the same amount of disk space remaining. Methinks it is an issue. And there are a few other problems as well...

Good day! I have detected a few – closely linked – security issues on the Johnny server. First question: where could I contact the developers privately? Of course, it is possible that only I am concerned about insignificant problems, but, for example, being able to bypass the storage limit does not seem to be good. Thank you!