so lately I been noticing lots of errors in my error log, mainly this
sh: /uptime: No such file or directory
So something is allowing to run shell commands. I have all my clients on safe mode excpet for the galleries and in their httpd config I have:
php_admin_value disable_functions "dl,passthru,system,exec,shell_exec,escapeshellarg,escapeshellcmd,ini_alter,popen,proc_c$
Anyway, I got to thinking since those errors were in my admin error log it may be from var, so I turned off mod security and uploaded php terminal and I about died. besides running as apache which is dangerous anyway it executed all shell commands and even was able to use gcc.
I have shell exec and passthru disabled in php.ini like this:
disable_functions = shell_exec,passthru,escapeshellarg,escapeshellcmd
Why is var/www still able to execute shell commands?
What can I do to prevent this? I was also able to use that phpterm to browse other users folders and write to their sites. If someone got a shell to apache on any site or from var/www they could mass deface your entire server.
Surely they has to be a way to fix these security issues. I like directadmin and all but this apache situation is very risky
UPDATE: They are all are still able to run shell commands no matter what I put in php.ini or custom httpd config
sh: /uptime: No such file or directory
So something is allowing to run shell commands. I have all my clients on safe mode excpet for the galleries and in their httpd config I have:
php_admin_value disable_functions "dl,passthru,system,exec,shell_exec,escapeshellarg,escapeshellcmd,ini_alter,popen,proc_c$
Anyway, I got to thinking since those errors were in my admin error log it may be from var, so I turned off mod security and uploaded php terminal and I about died. besides running as apache which is dangerous anyway it executed all shell commands and even was able to use gcc.
I have shell exec and passthru disabled in php.ini like this:
disable_functions = shell_exec,passthru,escapeshellarg,escapeshellcmd
Why is var/www still able to execute shell commands?
What can I do to prevent this? I was also able to use that phpterm to browse other users folders and write to their sites. If someone got a shell to apache on any site or from var/www they could mass deface your entire server.
Surely they has to be a way to fix these security issues. I like directadmin and all but this apache situation is very risky
UPDATE: They are all are still able to run shell commands no matter what I put in php.ini or custom httpd config
Last edited: