Hello,
Today I found a exploited account on my dedicated server, I then decided I was going to look at the php files in the webbrowser and found they were all webshells. While navigating around the directories on this I noticed I could see all of the users home directories, while I could not enter them it also displayed their domain name as well. My question is would there be any way to keep this type of information from being shown should something like this occur again, which I am guessing it will.
Currently we are using suPHP, and php 5.3/5.4 on the server and have suexec disabled. I was reading on mod_ruid and that seems that may be the way to go to protect against symlink attacks and such but am not sure it will protect this data.
Thanks
Today I found a exploited account on my dedicated server, I then decided I was going to look at the php files in the webbrowser and found they were all webshells. While navigating around the directories on this I noticed I could see all of the users home directories, while I could not enter them it also displayed their domain name as well. My question is would there be any way to keep this type of information from being shown should something like this occur again, which I am guessing it will.
Currently we are using suPHP, and php 5.3/5.4 on the server and have suexec disabled. I was reading on mod_ruid and that seems that may be the way to go to protect against symlink attacks and such but am not sure it will protect this data.
Thanks
