Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

PHP.Shell-38 Found

Discussion in 'Security' started by yatinthakur, Sep 29, 2014.

  1. yatinthakur

    yatinthakur Member

    Joined:
    Mar 27, 2014
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hello

    While daily server scan I found some files with result : PHP.Shell-38 found . When I tested those file found its very risky.

    How can I prevent user for accessing/uploading these types for files

    I found that by setting shell_exec in php.ini will stop access those file. but as I am having suphp on server , users can override rule by creating own php.ini in their account.

    There mus be some way to block it but how ?
     
    #1 yatinthakur, Sep 29, 2014
    Last edited: Sep 29, 2014
  2. PlotHost

    PlotHost Well-Known Member

    Joined:
    Apr 29, 2011
    Messages:
    258
    Likes Received:
    4
    Trophy Points:
    68
    Location:
    US
    cPanel Access Level:
    Root Administrator
    Twitter:
    By using something like ConfigServer eXploit Scanner (cxs)

    Read here http://forums.cpanel.net/f185/methods-increase-security-suphp-restricting-who-can-use-php-ini-files-167186.html
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #2 PlotHost, Sep 30, 2014
  3. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    47,005
    Likes Received:
    2,123
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello :)

    Yes, as mentioned in the previous post, the following thread provides information on how to restrict users from modifying the php.ini file when suPHP is enabled:

    Methods to increase security with suPHP

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #3 cPanelMichael, Sep 30, 2014
  4. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    1,008
    Likes Received:
    86
    Trophy Points:
    78
    cPanel Access Level:
    DataCenter Provider
    These files are generally uploaded through old CMS software and/or out-dated CMS plugins. On the domain you found the file on, make sure you update all software (i.e. wordpress, joomla), themes, components, and plugins. Also change the administrator password for the CMS.

    You can do all sorts of things to secure your server, but if your customer installs a vulnerable CMS plugin, there is very little you can do to stop it from being hacked, aside from a very good ModSecurity rule set.
     
    #4 quizknows, Sep 30, 2014
  5. 24x7server

    24x7server Well-Known Member

    Joined:
    Apr 17, 2013
    Messages:
    1,890
    Likes Received:
    91
    Trophy Points:
    78
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #5 24x7server, Oct 1, 2014
  6. yatinthakur

    yatinthakur Member

    Joined:
    Mar 27, 2014
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    #6 yatinthakur, Oct 2, 2014
  7. 24x7server

    24x7server Well-Known Member

    Joined:
    Apr 17, 2013
    Messages:
    1,890
    Likes Received:
    91
    Trophy Points:
    78
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Hi Dear,

    It's nice to hear that your issue has been fixed. :)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #7 24x7server, Oct 4, 2014
(You must log in or sign up to post here.)
Loading...
Similar Threads - Shell Found
  1. andysag

    WHMCS cron job not working error - jailshell/5: command not found

    andysag, Jul 1, 2017, in forum: General Discussion
    Replies:
    4
    Views:
    1,410
    rpvw
    Jul 1, 2017
  2. <esc>

    SOLVED curl not working in JailShell

    <esc>, May 20, 2019 at 3:21 AM, in forum: Security
    Replies:
    4
    Views:
    145
    cPanelMichael
    May 21, 2019 at 1:29 PM
  3. robahas

    API Shell and API version

    robahas, Apr 29, 2019, in forum: cPanel Developers
    Replies:
    1
    Views:
    127
    cPanelMichael
    Apr 30, 2019
  4. SoftDux

    Cannot get PHP 7.2 in shell

    SoftDux, Mar 6, 2019, in forum: EasyApache
    Replies:
    10
    Views:
    682
    cPanelMichael
    Mar 11, 2019
  5. dstana

    List Subdomains from Shell

    dstana, Feb 15, 2019, in forum: General Discussion
    Replies:
    4
    Views:
    176
    sparek-3
    Feb 19, 2019

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice