What measures should be taken to prevent File System Object from accessing directories of other customers on an IIS shared web host?

Posted by sean e on Server Fault See other posts from Server Fault or by sean e
Published on 2012-09-21T01:20:24Z Indexed on 2012/09/21 3:39 UTC
Read the original article Hit count: 191

Filed under:

iis

|

web-hosting

|

shared-hosting

We have our website on an IIS shared hosting server. While working on a file monitor for our site, we have found that the File System Object allows us to enumerate the directories and files of other customers that are on the same server as us. Attempting to enumerate files in some root customer directories results in access denied errors - but not all.

Is this an IIS configuration error? A Windows configuration error?

How can we direct our hosting company to fix the problem?

© Server Fault or respective owner

Related posts about iis

How to find and fix issue with Pound and HAProxy

as seen on Server Fault - Search for 'Server Fault'
Pound sits in front of HAProxy (on the same box) to perform SSL off-load. Requests are passed to 127.0.0.1:80 where HAProxy then balances the requests across backend servers for a hosted ASP .NET web app. A user is getting HTTP error 500 (Internal Server Error) returned to their browser this morning… >>> More
How to migrate deploy RESTful WCF Web Service from IIS 6.0 to IIS 7.0

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi all, I have a WCF Restful Web Service. It works find under VS and IIS 6.0. Now I want to move it to another work station with IIS 7.0 on it. I tried to copy all the deploy file from IIS 6 to IIS 7, but it cannot be accessed by other client, except for the request from it's own machine. I don't… >>> More
Server with IIS and Apache - how to SSL encrypt Apache with IIS

as seen on Server Fault - Search for 'Server Fault'
I have a Windows Server 2003 box already setup and working with IIS 6. IIS is set to serve a site out over both HTTP and HTTPS connections using default ports. For various reasons I need to set Apache up on the same server and it needs to serve its pages to end-users as SSL encrypted HTTPS pages… >>> More
Having IIS remote management problem with my vista machine managing Server 2008 IIS 7.5

as seen on Server Fault - Search for 'Server Fault'
I am trying to use IIS 7 Remote Management installed on Vista Ultimate SP1. Connection is to IIS 7.5 on Windows Server 2008 Webserver R2. Tried on both full & core install. When I connect up, the console wants to download and install new features. Microsoft.Web.Management.IisClient 7.5.0.0 Microsoft… >>> More
MVC4 App opens with directory listing and gives a 404 for any direct URL's entered in the browser

as seen on Pro Webmasters - Search for 'Pro Webmasters'
I've just deployed a previously (on my local IIS) working MVC4 app to IIS 7.5 on the dev server. After tweaking this and that - one knows how these things get forgotten - the app finally launches, but shows a directory listing of the app root. Clicking on most links there works, opening the directory… >>> More

Related posts about web-hosting

How to find web hosting that meets my requirements?

as seen on Pro Webmasters - Search for 'Pro Webmasters'
This question is here so we can offer users who are looking for information on how to determine which web hosting solution is right for them. All future questions pertaining to finding web hosting should be closed as a duplicate of this question. As per this meta question. How to find web hosting… >>> More
Swiching webhosting company & database erros.

as seen on Server Fault - Search for 'Server Fault'
Well here comes the situation. I used to have CompanyA for webhosting. (The hosting plan was a shared one). I decided to change the hosting provider and transfer my website to CompanyB, (exclusive IP). The issue that i face is that my webpage is now displayed in two different IP addresses. So i… >>> More
Top web-hosting sites with jQuery support?

as seen on Pro Webmasters - Search for 'Pro Webmasters'
I am looking to start building a website and I am looking for some good web hosting companies that gives the best bang for the buck. I had been reading on some websites in regards to some web hosting companies having the inability to run scripts on their servers (jQuery) which causes a big problem… >>> More
Point subdomain to another web hosting

as seen on Pro Webmasters - Search for 'Pro Webmasters'
I buy a domain from GoDaddy. Let's call this domain as abc.com. I've a hosting account on web hosting A with abc.com as my primary domain. I created a sub-domain pic.abc.com and I wish it to be pointed to my new hosting account. This web hosting B also use abc.com as the primary domain. The main… >>> More
proxy on free webhosting

as seen on Stack Overflow - Search for 'Stack Overflow'
It is possible to create proxy on some free webhosting? But I want surfing that I enter web address to the web browser. Do you think that is possible? How? >>> More