The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Security problem

Discussion in 'Security' started by cybervolkan, Aug 24, 2007.

  1. cybervolkan

    cybervolkan Member
    PartnerNOC

    Joined:
    Aug 22, 2007
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Hello everybody.

    I think I have a security hole in my server.
    A user in my server uploads a malicious php script to his account.
    And then he run this script on his browser and can see my php.ini , cat valuable files... even he can change files an another account.I don't know howto prevent this. I have looked at the script. it uses funtions like ini_get etc...I have disabled these function in php.ini ,but at this time sites like joomla etc did't work.:confused:

    [~]# php -v
    PHP 4.4.7 (cli) (built: Jul 29 2007 21:53:32)
    Copyright (c) 1997-2007 The PHP Group
    Zend Engine v1.3.0, Copyright (c) 1998-2004 Zend Technologies
    with Zend Extension Manager v1.0.10, Copyright (c) 2003-2006, by Zend Technologies
    with Zend Optimizer v3.0.1, Copyright (c) 1998-2006, by Zend Technologies

    Thanks for any help.
     
  2. madaboutlinux

    madaboutlinux Well-Known Member

    Joined:
    Jan 24, 2005
    Messages:
    1,052
    Likes Received:
    2
    Trophy Points:
    38
    Location:
    Earth
    Turn off safe_mode and register_globals in php.ini file for the time being and also suspend the account. And then hire an admin and get your server check thoroughly as it will be difficult to guide without logging in to your server.
     
  3. twhiting9275

    twhiting9275 Well-Known Member

    Joined:
    Sep 26, 2002
    Messages:
    538
    Likes Received:
    15
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Twitter:
    take a look at something like suhosin which will do a great deal for securing your php distribution. This isn't really a CP/WHM problem, but more like a php issue it sounds like
     
  4. ChadE

    ChadE Active Member

    Joined:
    Mar 14, 2005
    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    6
    Also migrate from PHP 4 to PHP 5; it is significantly faster and more secure. It won't stop situations like this, but it can prevent other minimize risks.

    You can go through and disable things like exec, shell_exec, ini_alter, the posix_ functions, pcntl_exec, parse_ini_file. Safemode, register_globals, openbasedir, suhosin, and other access restriction modifications will reduce their interactivity with other users, ability to access insecure scripts/functions and will hopefully prevent them from escalating their privileges enough to interfere with server operations. Also check your /tmp folder...be sure that it doesn't allow file execution and look for any odd scripts. Last thing you need is someone rooting your box or dropping a remote IRC bot before you get rid of them.

    Enable phpsuexec when STAGE 2 of cPanel 11 is released for your distribution.
     
    #4 ChadE, Aug 25, 2007
    Last edited: Aug 25, 2007
Loading...

Share This Page