The script that is running on that adress, Is that a commercials script such as phpbb, modernbill etc or self writing script?
i gave it as a sample. This was kayako but there are lots of different servers and this guy is becoming root on server and change all of the index.html pages. You can saw them on WHT forumThe script that is running on that adress, Is that a commercials script such as phpbb, modernbill etc or self writing script?
The most problem is that users of commercials scripts not updating the script when a new version is released with many securtiy fixes. This have I seeing with our customers.i gave it as a sample. This was kayako but there are lots of different servers and this guy is becoming root on server and change all of the index.html pages. You can saw them on WHT forum
If all your PHP scripts run as nobody, no abuse is needed as such; they already have write permission to ANYTHING in ANY ACCOUNT owned by nobody, or anything with generic write permission. This is one reason why phpsuexec is so important; without it every user on your host currently has access to at least read every other user's PHP files, including database passwords. It just doesn't make sense. Not that there aren't problems with phpsuexec - mainly performance, and some minor code changes needed in VERY unusual circumstances (ie PHP_AUTH_USER) - but they are much less than the problems without it.Yes, some directories of clients were on world-writable. But although we can't prevent to "guard the house, while the door is open", I'm still curious how they abused on of the accounts on my server to let a small shell-script run.
The problems caused by phpsuexec fall into two main categories once you understand the issues -- permission problems, and problems with .htaccess php_value / php_* directives. The permissions problem is easily solved with a few chowns and I think cpanel provides a script for that. The php_value problem is also easy to solve. You'll find only one in a hundred (or less) accounts uses php_* directives in .htaccess files, so there will be few to fix, and the fix is simply to move the directive after the php_value command into a php.ini file in each directory you want affected. There are quite a few threads on this in forums.cpanel.net and it's worth checking there; also you can hire one of the smart dudes (configserver.com, platinumservers, or rack911) to do the changeover for you - they should be able to do it in a few hours if you have less than 1000 accounts on the server. Check out the forums and you'll find others agreeing with me.We looked into phpsuexec a long time ago, but it gave a lot of problems to PHP-applications. I've heard good stories about mod_ruid, so I will take a look into this.
|Thread starter||Similar threads||Forum||Replies||Date|
|D||Has anyone Asterisk installed on their server?||General Discussion||3|
|T||Very easy question, anyone can probably answer.||General Discussion||1|
|A||Anyone Tried Attacker.Net||General Discussion||0|
|Has anyone succesfully upgraded rcync?||General Discussion||1|
|ht://Dig. Anyone running it?||General Discussion||0|