Thought I'd throw this out to share with all. Wanted to automatically update the Fantastico installation and found this:

http://netenberg.com/forum/viewtopic.php?t=2045

Seems to work fine.

Couple of hints:

Remember, wget is not enabled on the VPS . . . it's called "something else"

Be sure to replace the "x" in this string with your theme used in the Fantastico Admin account: 'https://127.0.0.1:2083/frontend/x/fantastico/admin/admin.php?action=auto_update'

/usr/bin/dltool

To learn why wget is/should be locked down, see the following article in our Knowledge Base:
https://www.powervps.com/support/index.php?x=&mod_id=2&id=89

Hope that helps!

Robert thanks for that info , i never knew about dltool,

If wget is better to lock and make it unavailable to anyone, dont you think that from now on /usr/bin/dltool should be locked as well , because you have just expressed the availability in public - dltool is available in replace of wget !!!!


What do you say?

Hi there!

dltool is an exact duplicate of wget. What happens is that 99% of script kiddies out there use scripts that have wget specified to get files, as it's the most common name. So instead of letting these millions of nasty scripts be able to possibly download something to your system using it, we rename the tool to something else that is generally not used anywhere else.

While it's not a FOOLPROOF system, it certainly makes it just a little bit harder for a script kiddie who scans for vulnerable scripts on your server to be able to upload stuff to your server that will in most cases start sending out TONS of spam. And it certainly stops those automated script attacks.

To date, I have not seen anyone use dltool to try and compromise a system, just because so few folks know that's what we do.