The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

phpshell

Discussion in 'General Discussion' started by dethman, Dec 10, 2004.

  1. dethman

    dethman Well-Known Member
    PartnerNOC

    Joined:
    Jan 4, 2003
    Messages:
    120
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Buenos Aires, Argentina
    cPanel Access Level:
    DataCenter Provider
    Hello, i need help to disable the phpshell... in use /scripts/securetmp and in /path/php.ini add this:

    "disable_functions = dl,exec,passthru,proc_open,proc_close,shell_exec,s ystem,system"

    but equal phpshell works and they have access to several folders within the servant and they are possible to be executed in tmp. Recently i find the following process running: "/hsphere/shared/apache/bin/httpd -DSSL" and a called file spykids.pl in /tmp for that reason I want to deshabilitar the access phpshell or to block read/write/executed of the folders and/or xploit.

    Thanks, Esteban
     
  2. LP-Trel

    LP-Trel Well-Known Member

    Joined:
    Oct 13, 2003
    Messages:
    184
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Nirvana
    cPanel on an H-Sphere server..? :confused:
     
  3. dethman

    dethman Well-Known Member
    PartnerNOC

    Joined:
    Jan 4, 2003
    Messages:
    120
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Buenos Aires, Argentina
    cPanel Access Level:
    DataCenter Provider
  4. Etheral

    Etheral Well-Known Member

    Joined:
    Dec 8, 2003
    Messages:
    208
    Likes Received:
    0
    Trophy Points:
    16
  5. dezignguy

    dezignguy Well-Known Member

    Joined:
    Sep 26, 2004
    Messages:
    534
    Likes Received:
    0
    Trophy Points:
    16
    and make sure that all php/perl scripts on the server are secure and or updated... as that's likely how phpshell was uploaded in the first place.

    The most recent security problems in a major script was for phpbb... so if you haven't updated all instances of that very recently, then you're going to get exploits again and again.
     
  6. RavenSoul_

    RavenSoul_ Well-Known Member

    Joined:
    Nov 2, 2004
    Messages:
    95
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Belgium
    This will help: http://eth0.us/?q=node/1


    I had the same problems... A major injection leak in phpBB & some photo script...

    Be sure to check your "mod_security" often...
     

Share This Page