Is there any solution , User is unable to upload a shell ??
- Thread starter u4xlol
- Start date
zEitEr
Super Moderator
Hello,
There is nothing you can do to forbid uploading shells; of course you might try and write a rule (or a set of rules) for apache mod_security, but no 100% protection, as a PHP script might be obfuscated or encoded; and you'd better get rid of such a customer, who violates your TOS.
Of course, you might want to secure php.ini and disable "dangerous" functions there, but it won't give you 100% of protection. Another thing you could do is to install suhosin.
There is nothing you can do to forbid uploading shells; of course you might try and write a rule (or a set of rules) for apache mod_security, but no 100% protection, as a PHP script might be obfuscated or encoded; and you'd better get rid of such a customer, who violates your TOS.
Of course, you might want to secure php.ini and disable "dangerous" functions there, but it won't give you 100% of protection. Another thing you could do is to install suhosin.
u4xlol
Verified User
- Joined
- Nov 12, 2009
- Messages
- 60
thanks zEitEr
I've done these things on the server , Perl access to closed and disable "dangerous" functions on php.ini and is good my check serevr in CSF
my servers are shared hosting because mod_security with some of the sites is difficult and I do not want to activate it !
can be found shell by searching the server?
I've done these things on the server , Perl access to closed and disable "dangerous" functions on php.ini and is good my check serevr in CSF
my servers are shared hosting because mod_security with some of the sites is difficult and I do not want to activate it !
can be found shell by searching the server?
zEitEr
Super Moderator
Search files with .php extension or other which contains any "dangerous" code; grep them for
- eval
- exec
- system
etc.
or by developers name, as they sometimes have copyright notes within.