KhaledSalama

Registered
Feb 5, 2014
2
0
1
cPanel Access Level
Root Administrator
hello

i have problem in php security

some one upload php file contain mail() function and execute this page remotely

How can I prevent that?

note :the attacker connect to this page using many ip's
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,880
2,268
463
Hello :)

Have you determined how the file was uploaded? You may want to delete the file that was uploaded to ensure it's no longer used to send out email. Are you attempting to prevent all PHP scripts from using the "mail()" function?

Thank you.
 

cPanelPeter

Senior Technical Analyst
Staff member
Sep 23, 2013
586
25
153
cPanel Access Level
Root Administrator
Hello,

In addition to what cPanelMichael stated, you might consider installing cXs ConfigServer Exploit Scanner... It should quarantine scripts like this when they are uploaded so that they can't be used.
 

KhaledSalama

Registered
Feb 5, 2014
2
0
1
cPanel Access Level
Root Administrator
Hello :)

Have you determined how the file was uploaded? You may want to delete the file that was uploaded to ensure it's no longer used to send out email. Are you attempting to prevent all PHP scripts from using the "mail()" function?

Thank you.
in this time i'm prevent any php to use mail() but i need to use it in other website

can you tell me how to detect how this files uploaded to server ?
 

psrsathish

Active Member
Jul 19, 2006
31
0
156
India.
in this time i'm prevent any php to use mail() but i need to use it in other website

can you tell me how to detect how this files uploaded to server ?
-----

Create a new php.ini in or copy the servers global php.ini file in to the home directory of an account where you want to deny this function. Then open the php.ini file and search for the directive "disable_functions" here just include the php function that you want to disable for this account.

This will deny the appropriate php function for this particular account only and this will not get reflected globally for all the other acct that was hosted on the server.

ex: disable_functions = mail

else

If there is a .htaccess file on the account then please open the file and insert the below code.

php_value disable_functions mail

That's It!