diff --git a/filemanager/filemanager.py b/filemanager/filemanager.py
index 61d55fbe6..891ca3e9f 100755
--- a/filemanager/filemanager.py
+++ b/filemanager/filemanager.py
@@ -604,6 +604,15 @@ class FileManager:
 
             pathCheck = '/home/%s' % (self.data['domainName'])
 
+            domainName = self.data['domainName']
+            website = Websites.objects.get(domain=domainName)
+
+            command = 'ls -la %s' % (self.data['completePath'])
+            result = ProcessUtilities.outputExecutioner(command, website.externalApp)
+
+            if result.find('->') > -1:
+                return self.ajaxPre(0, "Symlink attack.")
+
             if ACLManager.commandInjectionCheck(self.data['completePath'] + '/' + myfile.name) == 1:
                 return self.ajaxPre(0, 'Not allowed to move in this path, please choose location inside home!')
 
@@ -616,9 +625,6 @@ class FileManager:
                 self.data['completePath'] + '/' + myfile.name)
             ProcessUtilities.executioner(command)
 
-            domainName = self.data['domainName']
-            website = Websites.objects.get(domain=domainName)
-
             command = 'chown %s:%s %s' % (website.externalApp, website.externalApp,
                                           self.returnPathEnclosed(self.data['completePath'] + '/' + myfile.name))
             ProcessUtilities.executioner(command)
diff --git a/websiteFunctions/website.py b/websiteFunctions/website.py
index 9e07a76bd..9446867b3 100755
--- a/websiteFunctions/website.py
+++ b/websiteFunctions/website.py
@@ -1000,6 +1000,15 @@ class WebsiteManager:
         else:
             fileName = "/home/" + self.domain + "/logs/" + self.domain + ".error_log"
 
+        command = 'ls -la %s' % fileName
+        result = ProcessUtilities.outputExecutioner(command)
+
+        if result.find('->') > -1:
+            final_json = json.dumps(
+                {'status': 0, 'logstatus': 0,
+                 'error_message': "Symlink attack."})
+            return HttpResponse(final_json)
+
         ## get Logs
         website = Websites.objects.get(domain=self.domain)
 
@@ -1059,6 +1068,15 @@ class WebsiteManager:
 
         fileName = "/home/" + self.domain + "/logs/" + self.domain + ".error_log"
 
+        command = 'ls -la %s' % fileName
+        result = ProcessUtilities.outputExecutioner(command)
+
+        if result.find('->') > -1:
+            final_json = json.dumps(
+                {'status': 0, 'logstatus': 0,
+                 'error_message': "Symlink attack."})
+            return HttpResponse(final_json)
+
         ## get Logs
         website = Websites.objects.get(domain=self.domain)