The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

I want Make my Server Can't Accept any shell file

Discussion in 'General Discussion' started by A_1, Jan 17, 2007.

  1. A_1

    A_1 Active Member

    Joined:
    Jan 5, 2007
    Messages:
    35
    Likes Received:
    0
    Trophy Points:
    6
    Hello,

    i want make my server can't read any shell file on sites , so when any one want upload any shell file , so that can't read or do any thing
    can any one tell me how i can make that ?

    for info: i have disabled this functions:
    PHP:
    curl_initdlexecshell_execsystempassthrupopenpcloseproc_openproc_niceproc_terminateproc_get_statusproc_closepfsockopenleakapache_child_terminateposix_killposix_mkfifoposix_setpgidposix_setsidposix_setuidescapeshellcmdescapeshellarghell-execfpassthruexeccrack_checkcrack_closedictcrack_getlastmessagecrack_opendictpsockopenphp_ini_scanned_filesphp_unamephpinfocopy
    AND i have already setup mode_security
    and make safe_mode On


    the last what ASK;
    how can disable this open bae dir



    i hope any one can help me

    thanks,
     
  2. mohit

    mohit Well-Known Member

    Joined:
    Jul 12, 2005
    Messages:
    553
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Sticky On Internet
    hi,
    you can set open base dir restriction from WHM-->Tweak security-->Php open_basedir TweaK.

    see ya,
    mohit
     
  3. A_1

    A_1 Active Member

    Joined:
    Jan 5, 2007
    Messages:
    35
    Likes Received:
    0
    Trophy Points:
    6
    thanks , for ur reply
    and what about that first ask ?
     
  4. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    In reality, what you're asking for simply isn't possible. You can go some way by disabling PHP functions as you've mentioned, but there are ways around that that you cannot avoid without completely breaking PHP. Once you've done all that work, it's still trivial to do in perl which you cannot restrict in that way. It's simply something you have to accept in a shared hosting environment and make sure your server and scripts are as secure as they can be. One essential with PHP is to run with phpsuexec (or suphp) otherwise PHP scripts can access anything in other users sites.
     
  5. A_1

    A_1 Active Member

    Joined:
    Jan 5, 2007
    Messages:
    35
    Likes Received:
    0
    Trophy Points:
    6
    Thank you for ur answer , and i want ur advice ,
    what function u advice me disable it ? and any secure in PHP :rolleyes:


    Thanks
     
  6. AndyReed

    AndyReed Well-Known Member
    PartnerNOC

    Joined:
    May 29, 2004
    Messages:
    2,222
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Minneapolis, MN
    This pretty much covers the vast majority of Php functions you can disable in php.ini. Install Mod Security with a very good set of rules.

    Regadring passwords, when choosing a new password, make sure it's unrelated to any previous password. You might use a word pair with punctuation inserted, a pass phrase
    (an understandable sequence of words), or the first letter of each word in a
    pass phrase. In addition, a password must be at least eight characters in length. Just a thought :)
     
  7. A_1

    A_1 Active Member

    Joined:
    Jan 5, 2007
    Messages:
    35
    Likes Received:
    0
    Trophy Points:
    6
    many thanks bro for ur reply

    u have any good mode_secuirty ?
    and how install it ?

    thanks,
     
Loading...

Share This Page