The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

shell access

Discussion in 'Security' started by Potato, Dec 21, 2009.

  1. Potato

    Potato Active Member

    Joined:
    Dec 7, 2009
    Messages:
    37
    Likes Received:
    0
    Trophy Points:
    6
    I uploaded a shell file to my server to test the security and found that with a simple c99 someone could access everything on my server even the root files. please help me. how can i stop this from happening?
     
  2. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    #2 Spiral, Dec 22, 2009
    Last edited by a moderator: Dec 23, 2009
  3. mambovince

    mambovince Well-Known Member

    Joined:
    Jan 15, 2005
    Messages:
    192
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    London, UK
    Are there any specific mod_security rules recommended for stopping shell script uploads please?
    Thanks,

    - Vince
     
  4. ModServ

    ModServ Well-Known Member

    Joined:
    Oct 17, 2006
    Messages:
    332
    Likes Received:
    5
    Trophy Points:
    18
    Location:
    Egypt
    cPanel Access Level:
    Root Administrator
    And don't even forget about open_basedir, You can get rules for modsec from gotroot.com
    Also disable some functions

    There are a lot of things to do after that but thats the most important things.
     
  5. mambovince

    mambovince Well-Known Member

    Joined:
    Jan 15, 2005
    Messages:
    192
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    London, UK
    Anyone know what is the rule to add for preventing file uploads by extension please:
    i.e.
    *.exe
    *.bin

    Many thanks,

    - Vince
     
  6. ModServ

    ModServ Well-Known Member

    Joined:
    Oct 17, 2006
    Messages:
    332
    Likes Received:
    5
    Trophy Points:
    18
    Location:
    Egypt
    cPanel Access Level:
    Root Administrator
    Hello,

    Instead of rule you can restrict the access from those two extensions from the explorer, You can make that by Deny from all in httpd.conf, If you need more assistance just tell me.
     
  7. mambovince

    mambovince Well-Known Member

    Joined:
    Jan 15, 2005
    Messages:
    192
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    London, UK
    Hi,
    Would you be so kind as to provide the lines we need to add into httpd.conf please, for both myself and others here in same situation? :)

    Many thanks,

    - Vince
     
  8. ModServ

    ModServ Well-Known Member

    Joined:
    Oct 17, 2006
    Messages:
    332
    Likes Received:
    5
    Trophy Points:
    18
    Location:
    Egypt
    cPanel Access Level:
    Root Administrator
    Edit httpd.conf by pico or any other editor you would like.

    Search for <FilesMatch "^\.ht">

    You will see something like that:
    <FilesMatch "^\.ht">
    Order allow,deny
    Deny from all

    Satisfy All
    </FilesMatch>

    after all of that add those lines

    <Files ~ "\.EXT$">
    Order allow,deny
    Deny from all

    </Files>

    Replace EXT with the extension you would like to deny. Done ;)
     
  9. mambovince

    mambovince Well-Known Member

    Joined:
    Jan 15, 2005
    Messages:
    192
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    London, UK
    Thank you for that!

    Just to be clear, would we still need to do this even if we install SuPHP?

    Best wishes

    - Vince
     
  10. ModServ

    ModServ Well-Known Member

    Joined:
    Oct 17, 2006
    Messages:
    332
    Likes Received:
    5
    Trophy Points:
    18
    Location:
    Egypt
    cPanel Access Level:
    Root Administrator
    Hello,

    Any modifications that happened to httpd.conf didn't affect this code also it can work on SuPHP, DSO, CGI and any other handler.
     
Loading...

Share This Page