Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Security problem

Discussion in 'Security' started by cybervolkan, Aug 24, 2007.

  1. cybervolkan

    cybervolkan Member PartnerNOC

    Aug 22, 2007
    Likes Received:
    Trophy Points:
    Hello everybody.

    I think I have a security hole in my server.
    A user in my server uploads a malicious php script to his account.
    And then he run this script on his browser and can see my php.ini , cat valuable files... even he can change files an another account.I don't know howto prevent this. I have looked at the script. it uses funtions like ini_get etc...I have disabled these function in php.ini ,but at this time sites like joomla etc did't work.:confused:

    [~]# php -v
    PHP 4.4.7 (cli) (built: Jul 29 2007 21:53:32)
    Copyright (c) 1997-2007 The PHP Group
    Zend Engine v1.3.0, Copyright (c) 1998-2004 Zend Technologies
    with Zend Extension Manager v1.0.10, Copyright (c) 2003-2006, by Zend Technologies
    with Zend Optimizer v3.0.1, Copyright (c) 1998-2006, by Zend Technologies

    Thanks for any help.
  2. madaboutlinux

    madaboutlinux Well-Known Member

    Jan 24, 2005
    Likes Received:
    Trophy Points:
    Turn off safe_mode and register_globals in php.ini file for the time being and also suspend the account. And then hire an admin and get your server check thoroughly as it will be difficult to guide without logging in to your server.
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. twhiting9275

    twhiting9275 Well-Known Member

    Sep 26, 2002
    Likes Received:
    Trophy Points:
    cPanel Access Level:
    Root Administrator
    take a look at something like suhosin which will do a great deal for securing your php distribution. This isn't really a CP/WHM problem, but more like a php issue it sounds like
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. ChadE

    ChadE Active Member

    Mar 14, 2005
    Likes Received:
    Trophy Points:
    Also migrate from PHP 4 to PHP 5; it is significantly faster and more secure. It won't stop situations like this, but it can prevent other minimize risks.

    You can go through and disable things like exec, shell_exec, ini_alter, the posix_ functions, pcntl_exec, parse_ini_file. Safemode, register_globals, openbasedir, suhosin, and other access restriction modifications will reduce their interactivity with other users, ability to access insecure scripts/functions and will hopefully prevent them from escalating their privileges enough to interfere with server operations. Also check your /tmp sure that it doesn't allow file execution and look for any odd scripts. Last thing you need is someone rooting your box or dropping a remote IRC bot before you get rid of them.

    Enable phpsuexec when STAGE 2 of cPanel 11 is released for your distribution.
    #4 ChadE, Aug 25, 2007
    Last edited: Aug 25, 2007

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice