How can i disable cgi shell (security issue!)

[musti19]

Hello,
i detected today,
that one people uploaded a file, withem it is possible to upload, download files and
execute commands(shell)

How can i disable shell function?
(This file is named web.root and executable)

Is this a security issue of cpanel ?

 

[HostingH]

Hello,

Its not related with Cpanel.

First you must change your FTP pass, If you are using any third party application, please upgrade it to latest version. Disable unwanted themes/plugins. Set hard pass for admin panel etc.

You can disable php function in php.ini as follows:

disable_functions = "apache_child_terminate, apache_setenv, define_syslog_variables, escapeshellarg, escapeshellcmd, eval, exec, fp, fput, ftp_connect, ftp_exec, ftp_get, ftp_login, ftp_nb_fput, ftp_put, ftp_raw, ftp_rawlist, highlight_file, ini_alter, ini_get_all, ini_restore, inject_code, mysql_pconnect, openlog, passthru, php_uname, phpAds_remoteInfo, phpAds_XmlRpc, phpAds_xmlrpcDecode, phpAds_xmlrpcEncode, popen, posix_getpwuid, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, posix_setuid, posix_uname, proc_close, proc_get_status, proc_nice, proc_open, proc_terminate, shell_exec, syslog, system, xmlrpc_entity_decode"

Plz try it.

 

[cPanelMichael]

that one people uploaded a file, withem it is possible to upload, download files and
execute commands(shell)

Could you elaborate a little more on how the file was uploaded? Was it through FTP, File Manager, or through a PHP script?

Thank you.