suPHP protects against massa defacement? perl scripts

Hello

suPHP protects against mass.pl? ( Mass defacement )

I'm tired of hackers who make mass defacement.

I compiled Apache with suPHP. This protection is valid against perl scripts that are used to mass-defacement?

Thank you
Konrath



-rw-r--r-- 1 0 0 17699 Aug 29 00:29 dir.txt
-rw-r--r-- 1 0 0 33 Aug 29 00:20 Ownz.html
-rwxrwxrwx 1 99 99 134232 Aug 29 00:12 find
-rw-r--r-- 1 99 99 591581 Aug 29 00:08 ovshell.php
-rw-r--r-- 1 99 99 2001 Aug 29 00:01 index.html
-rw-r--r-- 1 99 99 27278 Aug 28 23:57 is.asp
-rwxrwxrwx 1 99 99 6380 Aug 28 23:45 mass.pl
-rw-r--r-- 1 99 99 2178 Aug 28 23:30 pink.pl
-rw-r--r-- 1 99 99 7307 Aug 28 23:27 zone.php
-rwxrwxrwx 1 99 99 6772 Aug 28 23:21 fokak
-rwxrwxrwx 1 99 99 735 Aug 28 23:20 dc.txt
-rw----r-- 1 99 99 72352 Aug 28 23:19 love.php
-rw-r--r-- 1 99 99 66567 Aug 19 19:30 ad.php

 

Dear cPanelJared

My English is not good but I understood what you wrote.

I interpreted correctly? It is impossible to avoid a mass defacament via perl script?

Thank you
Konrath

 

Dear cPanelJared

I work with shared hosting. 2000 sites per server or more . It is impossible to be sure that a customer is with your scripts updated and thus allow the entry of the hacker.

In this case I do not recommend using suPHP.

The suPHP no provides no protection whatsoever, and also generates various (internal server error) and server load. suPHP is worthless ( useless )_

The easiest way to detect the invasion is using the nobody check script.

Nobody Check Security Tool

I am seriously considering selling my webhost company. I host 20,000 sites, unsafe.

Thanks for your explanation.

Thank you
Konrath

 

Hello cPanelJared

I greatly appreciate your answers.

I understand what you wrote and after reading several threads and your answer I conclude

suPHP only serves to generate several (internal server errors) and to leave the server slow. suPHP is totally useless. suPHP break the server.

The nobody check script, can tell me where a malicious script is run with precision.

Unfortunately I conclude that I host 20 000 unsecured sites. Anytime my sites can be defaced.

Unfortunately I can not disable perl.

Thank you
Konrath

 

Hello George

suPHP does not protect the server so that the hacker can not change all
index.

I do not see any utility for suPHP.

suPHP serves only to detect which directory the hacker is running
the malicious script?

My English is not good. I do not understand exactly what you wrote.

>>> suPHP is needed to protect hackers from writing in group writeable directories at all the hosting accounts <<<

If the hacker can change all index using a perl script even using suPHP. What is the advantage of using suPHP?

If suPHP only allows knowing the directory that the hacker is running the script, I know using the script (nobody check) without receiving (internal server errors) and server load.

Thank you
Konrath

 

I wonder how to create a protection against mass defacement.

I've realized that suPHP does not solve this problem.

I'm talking about shared hosting with over 2000 websites or more per server, with several outdated script that allows a hacker to put files on FTP and execute malicious scripts to mass defacement.

I'm talking only of hosted sites, with scripts that are installed and
outdated and that allows a hacker to execute malicious files.

I'm not dealing with problems with root invasion. Only with malicious scripts in / home / ANY USER / and allows mass defacement.


Thank you
Konrath

 

Dear cPanelDon

This control is impossible. It's a fantasy. As are civil laws that are broken. There'll always be a percentage of consumers idiots that will not keep your scripts updated.

Okay, I'll install all recommendations.

I realized that only perl scripts have the ability to change all index. I find only available for PHP hardening, but not for PERL


Anyone know tips for hardening to perl?


Thank you
Konrath

 

Hello B12Org

Thank you
Konrath