jazz1611

Well-Known Member
Jun 5, 2012
82
0
56
cPanel Access Level
Root Administrator
Hi,

How can i disable shell php (c99, r57, x-shell, cgi shell ....)? There is backdoor php. We dont like it have on server, right.

Regards,
 

quizknows

Well-Known Member
Oct 20, 2009
1,008
87
78
cPanel Access Level
DataCenter Provider
These usually get in through old CMS software that was never updated. If you find these in an account it's usually safe to say that person either had a really weak password for their CMS (wordpress, joomla, etc)., or they were running an old version of one of those softwares with bad/old components.

A couple things that help these to not get in, and also help cripple their functionality:

Use a good mod_security ruleset. I recommend either atomicorp ("gotroot") or Trustwave's managed rules.

Disable these functions in php.ini:

disable_functions = shell_exec,show_source,system,passthru,exec,phpinfo,popen,proc_open,allow_url_fopen,ini_set

(some hackers may place their own php.ini to bypass this, but many shells will not work well with shell_exec and passthru disabled.)
 

HostingH

Well-Known Member
Jan 13, 2008
125
17
68
cPanel Access Level
Root Administrator
Hi,

For server security, I would like to suggest, use CageFS. According to CloudLinux, CageFS “is a virtualized file system and a set of tools to contain each user in its own ‘cage’. Each customer will have its own fully functional CageFS, with all the system files, tools, etc”.
 

24x7server

Well-Known Member
Apr 17, 2013
1,911
96
78
India
cPanel Access Level
Root Administrator
Twitter
Thread starter Similar threads Forum Replies Date
A Security 5
G Security 9
D Security 6