Restricting PHP file names

M001

Member
Aug 30, 2011
16
0
51
cPanel Access Level
Root Administrator
Hi all,

Lately I've been having some security issues with a software I am using, I believe the software might have some type of exploit that allows files to be uploaded to it's root directory. I don't want to say the name of the software at this point until that vendor has fully checked into it, but as a temporary solution I thought it might be possible to restrict file names of PHP files that are allowed to run under my cpanel account. Is this possible?

i.e. if the attacker does upload a file called "shell.php", they won't be able to run it if it doesn't match a file name in the list of allows PHP files
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,903
2,237
463
Hello :)

It might be possible, but I don't really think it would be an effective way of mitigating an attack. Instead, you should ensure Mod_Security is installed with a robust ruleset, and ensure overall security is increased by reviewing any warnings in the "Security Advisor" option within WHM. If it's an exploit within a script, check with the developer to see if a patch is available until a new release is pushed out.

Thank you.
 

quizknows

Well-Known Member
Oct 20, 2009
1,008
87
78
cPanel Access Level
DataCenter Provider
A good modsecurity rule set will help.

You can deny a specific file name with a very basic modsecurity rule:

SecRule REQUEST_URI "shell\.php" "id:2923545,deny"

You could make additional rules; each needs a unique number after id:
 

M001

Member
Aug 30, 2011
16
0
51
cPanel Access Level
Root Administrator
I am having the developer/vendor check into it, but I want to continue using the software so I don't have any downtime. I thought about making rules that would block certain file names, but all they would have to do is rename the file, which is why I wanted to block all except the permitted file names. Is there any other ideas for this temporary fix? I currently do have mod_security installed for other things, but I don't know how to write many rules.