I ran the cpanel.php security check by a-squad
Performing white box security audit...
PASSED: cPanel INSTALLED (9.3.0-CURRENT_4)
FAILED: Privileged UID Vulnerability Check (99) Explain
FAILED: nobody execution Explain
FAILED: Stealth Snoop Vulnerability [/home/vns] Explain
PASSED: Simple $HOME Scanning [/home/vns]
PASSED: Group $HOME Scanning [/home/vns]
PASSED: Root /home scanning
PASSED: Simple WEBROOT Protection
FAILED: Real WEBROOT Protection Explain
FAILED: SUEXEC mod_php Exploit Test Explain
EXEC [id -a] as [vns]:
uid=32013(vns) gid=514(vns) groups=514(vns)
FAILED: One or more insecure cPanel configurations were detected. Visit A-Squad.Com for details on where to find more secure cPanel hosting.
Explanations:
#2 The special UIDs below 500 are for internal use and should not be used by unprivileged users.
#3
You are executing as the nobody user probably because you are using mod_php. Allowing different unprivileged users to execute arbitrary code as a common user is bad. Why? If you are the administrator of the server, it makes it more difficult to track which of your users are running programs that are grinding away the CPU or who is spamming or who filled up your /tmp partition with 800 GIGABYTES of MP3s, porn, warez, etc. If you are the user, it means that other unprivileged users on the system can view and execute any of your programs within your directory that need to be run as this common user. How can you stand to have a site hosted on a server like this?
NOTE: All the following issues are easy to fix by simply switching from mod_php to mod_phpsuexec.
#4
Your home directory is world reachable or executable. This means everyone can get into your home directory (using chdir) and snoop around your files and directories without your knowledge or consent as long as the exact target file or directory is known to the snooper. You must individually lock down each and every file and directory (using chmod) that you do not explicitly want to let everyone see.
NOTE: This is one of the most difficult vulnerabilities to fix. If you cannot figure out how to protect your system against this issue, then don't worry. I think A-Squad is the only one smart enough to figure out how to lock down this issue while still allowing ALL services to function perfectly. This is only a precautionary vulnerability but not a direct problem itself.
#9
Even if Simple WEBROOT protection is enabled, other users can bypass it and still access all the files within your document root. It is not possible to have Real WEBROOT Protection without mod_phpsuexec because the same user that needs access to serve your static pages (nobody) is the same user that other users on the machine are allowed to execute arbitrary code using php scripts. Trying to restrict users using open_basedir might help a little, but it doesn't stop the user from executing arbirary code in another language (like perl) and obtaining total access to your web documents and scripts.
#10
Any user on your machine can execute any arbitrary command as any other user on your machine. This is probably the most severe vulnerability of all. If you are the administrator, you can eliminate this vulnerability by disabling mod_php when you recompile Apache (option 2). If you are the user, then I suggest you frequently make backups of your site since everyone has access to read, manipulate, and destroy all of your files and directories.
If you move to A-Squad, you'll be safe.
PLEASE HELP ME FIX THIS!!!!
I already updated to Apache 1.3.1 - What next? When they say for example switch from mod_php to php_suEXEC where in WHM do I do this? I'm guessing "update apache" but what should I check and uncheck during the update?
Performing white box security audit...
PASSED: cPanel INSTALLED (9.3.0-CURRENT_4)
FAILED: Privileged UID Vulnerability Check (99) Explain
FAILED: nobody execution Explain
FAILED: Stealth Snoop Vulnerability [/home/vns] Explain
PASSED: Simple $HOME Scanning [/home/vns]
PASSED: Group $HOME Scanning [/home/vns]
PASSED: Root /home scanning
PASSED: Simple WEBROOT Protection
FAILED: Real WEBROOT Protection Explain
FAILED: SUEXEC mod_php Exploit Test Explain
EXEC [id -a] as [vns]:
uid=32013(vns) gid=514(vns) groups=514(vns)
FAILED: One or more insecure cPanel configurations were detected. Visit A-Squad.Com for details on where to find more secure cPanel hosting.
Explanations:
#2 The special UIDs below 500 are for internal use and should not be used by unprivileged users.
#3
You are executing as the nobody user probably because you are using mod_php. Allowing different unprivileged users to execute arbitrary code as a common user is bad. Why? If you are the administrator of the server, it makes it more difficult to track which of your users are running programs that are grinding away the CPU or who is spamming or who filled up your /tmp partition with 800 GIGABYTES of MP3s, porn, warez, etc. If you are the user, it means that other unprivileged users on the system can view and execute any of your programs within your directory that need to be run as this common user. How can you stand to have a site hosted on a server like this?
NOTE: All the following issues are easy to fix by simply switching from mod_php to mod_phpsuexec.
#4
Your home directory is world reachable or executable. This means everyone can get into your home directory (using chdir) and snoop around your files and directories without your knowledge or consent as long as the exact target file or directory is known to the snooper. You must individually lock down each and every file and directory (using chmod) that you do not explicitly want to let everyone see.
NOTE: This is one of the most difficult vulnerabilities to fix. If you cannot figure out how to protect your system against this issue, then don't worry. I think A-Squad is the only one smart enough to figure out how to lock down this issue while still allowing ALL services to function perfectly. This is only a precautionary vulnerability but not a direct problem itself.
#9
Even if Simple WEBROOT protection is enabled, other users can bypass it and still access all the files within your document root. It is not possible to have Real WEBROOT Protection without mod_phpsuexec because the same user that needs access to serve your static pages (nobody) is the same user that other users on the machine are allowed to execute arbitrary code using php scripts. Trying to restrict users using open_basedir might help a little, but it doesn't stop the user from executing arbirary code in another language (like perl) and obtaining total access to your web documents and scripts.
#10
Any user on your machine can execute any arbitrary command as any other user on your machine. This is probably the most severe vulnerability of all. If you are the administrator, you can eliminate this vulnerability by disabling mod_php when you recompile Apache (option 2). If you are the user, then I suggest you frequently make backups of your site since everyone has access to read, manipulate, and destroy all of your files and directories.
If you move to A-Squad, you'll be safe.
PLEASE HELP ME FIX THIS!!!!
I already updated to Apache 1.3.1 - What next? When they say for example switch from mod_php to php_suEXEC where in WHM do I do this? I'm guessing "update apache" but what should I check and uncheck during the update?
