Prevent User Use Custom Php.ini
Apr 26, 2008I have added some functions in php.ini for security.
But when user use their php.ini file located in their account, all functions enabled again.
How can i prevent user custom php.ini?
ADVERTISEMENT
Redirect Domain/user To User.domain ONLY IF Folder 'user' Doesn't Exist
May 7, 2007I thought I knew enough about my .htaccess stuff to do this, but I can't seem to work it out. What I want to do is if a user visits domain.com/folder, we check to see if the folder exists. If so, show as normal (IE domain.com/support)
If a user visits domain.com/dynamicusername (dynamicusername is not a physical folder), redirect to dynamicusername.domain.com
How To Prevent Rm -rf /
Jul 4, 2009Does anyone know anyway that "rm -rf /" can be disabled? OR any selinux rule or something to prevent this?
Or if I wanted to prevent a certain directory from being deleted like backups but something unlike chattr that someone can figure out quickly.
Im sure LOTS of people would like to know about this. Ive searched around and only somewhat useful thing I have found is an rm wrapper that sends everything to a trash file in the root of the mount point.
Plesk Automation :: Login As User From Admin / Actual Login As User Are Different
Jan 3, 2014when I find the subscription from the admin side of PPA, if I select "Login as user" I've noticed that it is different from actually logging in as the user - for example - "add domain alias" is missing when I login as a customer - but not as an admin... I need my customers to add their own aliases and manage them - how do I add that feature to the client login side?
View 9 Replies View RelatedHow To Prevent DNS Flood
May 28, 2008Can anyone share tips how to prevent DNS flood on a cPanel and Directadmin server platform on Centos?
View 7 Replies View RelatedPrevent Phishing
Jun 1, 2008I'm not that techy I'd like to ask why this person downloaded the file below before uploading some phishing webpages on my account ? I've changed my password numerious times from different computers and even from mobile phone just to check if the person can still get in. But again it is no use the person were able to upload phishing pages.
logs:
May 25 21:50:42 server100 pure-ftpd: (weblogin100@62.56.133.36) [NOTICE] /home/weblogin100//.htpasswds/update/Login.php downloaded (21251 bytes, 755.78KB/sec)
Right now I deleted all other scripts on the account and remain some htmls. Folder were also set to 644 no 777, while waiting if the person can still upload his phishing pages please help me why he downloaded the file above. I've check the file on my account and I cannot see Login.php. By the way I have a root login and only two accounts were a constant phishing victims.
How Prevent Hackers Away
Feb 21, 2007I am giving few tips on securing your server against hack attempts. You must check these inspite of other securities like firewall, rootkits detectors etc.
1. Most Important, do not disable safe_mode under php.ini. If any customer asks to disable it, turn it off on his account only, not on whole server.
As most of the time attack is done using shellc99 (phpshell) script. In case safe_mode is off on server and there are public dirs with 777 permission, he can easily hack through.
2. Compile apache with safe mode as well.
3. In cpanel under tweek settings, turn on base_dir, if someone requests to turn off, turn it off on his/her account only. As using phpshell one can easily move to main server dirs like /etc, /home.
4. Do not allow Anonymous Ftp on your server. You can turn it off from ftp config under WHM Service Configuration. If its allowed, one can easily bind port using nc tool with your server and gain root access. Always keep it disabled.
5. Make sure /tmp is secured. You can easily do that by running this command /scripts/securetmp using ssh. But do make sure, /tmp is secured. Else one can upload some kind of perl script in /tmp dir and can deface or damage all data on the few/all accounts on your server.
keeping your server secure from hack attempts.
Prevent Php Script Run As .gif Or .jpg
Oct 28, 2007Does anyone know how to prevent some shell, php script change file name from file.php to file.jpg or file.gif and upload to server and run it to attack server?
View 14 Replies View RelatedPrevent Ddos
Sep 11, 2007from 2 days ago until now my server be ddos and i stay in my computer and block ip but it is not finish is a program to do block ip automatic?
View 2 Replies View RelatedPrevent IPs Unallocated IPs Being Used
Sep 13, 2007We have been using our L2 switches functionality to only allow IPs that are assigned to a particular server to be accessed for sometime. However, the latest version of this particular switch no longer includes this feature. Moreoever, it is quite a labor intensive task which is not good for "budget" servers.
I am considering moving the rules to the main router, but am afraid of the scalability of this. Will it hold up with a few 1000 servers?
How are other hosties going about this? I have heard that some just don't bother at all, which leaves their clients open to having their IPs duplicated by others on the same subnet. This can't be good....
Allow Custom Php.ini
Jun 12, 2009I would like to know how to allow customers to use their own php.ini file. I have had hosts in the past that allowed you to use a custom php.ini file so long as you put it in every directory that you would need to use it.
I was just trying to figure out how this is done as I am new to all of this and trying to learn.
How To Custom Php.ini
May 18, 2008I'm using CentOS 5, Cpanel/WHM with php as cgi, when i try to put a php.ini file to to custom php for one account and it overwrite main setting on our server, someone use this bug to run c99 and try local attack other account, i've try fix this problem by edit /opt/suphp/etc/suphp.conf and set phprc_paths to /usr/local/lib/. But when i do this, php.ini in my custom account doesnt work any more... How can i custom php for one account and it not effect to main setting to prevent local attack?
View 3 Replies View RelatedCustom Php.ini
Mar 15, 2007I have a reseller account on a server, and I have a client who needs to used a custom php.ini file to set the session.save_path variable. He has created this file and placed in the public_html folder, but this path still comes up as 'No Value' and the Configuration File Path still reads '/usr/local/Zend/etc/php.ini '.
What do I need to do to get this site to read from the correct php.ini file? I tried setting this in the .htaccess file, to no avail.
.biz As Custom Dns
Jun 25, 2007I have a question .. does it effect to any service if i use .biz extension as a custom DNS instead of .com or .net extensions
View 10 Replies View RelatedPrevent Mass Download
Sep 21, 2006i need any thing to prevent mass download
my server is cost a huge bandwidht monthly . because mass downloading?
Prevent From Iframe Virus
May 24, 2008I need to know so idea, how to prevent iframe virus injection into the server,also is there is any mod which help in protection for iframe virus.
View 14 Replies View RelatedHow To Prevent Nobody To Move In Server
Jun 13, 2009i have my own box for my forum .. now i shared my box with friend's , but in reall they a freak friend's , just to be in safe brother, am looking to know what function i can disable in php.ini or any problem/tool to prevent anybody / attacker * nobody* permission to move in the server via his shell script..
as we know some attacker's use them own php-shell to hack site's * shared hosting *, so they can move to any account after they know the user account name * /etc/passwd * .. so as i say before is there any good functions to prevent these attacker to move in the server? so i can disable it .. or install any good tool * else modsecurity * in the system to prevent them *nobody* of that?
Mod_security To Prevent Some Script
Jul 30, 2009I try to use mod_security to prevent some script in some files,
imagine I want to block all scripts includes "test" in the body
so if code of script.php is:
HTML Code:
<html>
<p>test</p>
</html>
and someone run script.php , I want block running and show 406 error
now can you tell me how can I write this rule in mod_security 2 with apache 2?
I use SecRule RESPONSE_BODY "test" but its now working ...
How To Prevent Perl From Working
Jan 12, 2008I have a cPanel/Linux server, runing apache as a webserver.
i want to know how can i prevent perl/cgi files from working on all virtual hosts on both apache2/apache1.3!
What Can I Do To Prevent DDoS Attack
Aug 4, 2008My site was recently under a DDoS attack and was down for a few days, the attack came from Russia i believe.
The people who did it asked for $800, but of course i didnt pay. My hosting company did the best they could in order to stop the attack but it still lasted a few days and badly hurt my rankings.
I moved my site to a dedicated server, but i dont know what kind of software/hardware i need to install on it in order to prevent more future attacks, the hosting company suggested a few things but i dont know if they are just trying to get more money out of me.
How To Prevent OOM (Out Of Memory) Crashes
Aug 19, 2008I have a colocated server with the following specs:
Intel Core 2 Quad Q6600 2.4Ghz
4GB RAM
400GB SATA Drive
I have a problem every few days, the server keeps hanging up and giving an "Out of Memory" message and SSH just hangs and doesn't connect. Every time i have to call out a tech to manually reboot it.
Is there a setting i can change to make SSH connect even when it is out of memory, or anything that can prevent it happening?
Prevent Directory Listing
Apr 2, 2007I've just made a transition from a VDS to a Dedicated and I'm having problems preventing directory contents from showing. In my previous server whenever I created a directory, it would automatically give a 403 when you tried to access the directory directly in your browser (which is what I want). Now when I set up directories in this new dedicated the contents of the directories display when there is either no index page or if I didn't have an htaccess file preventing it from listing the contents.
So what im asking is how did my previous server automatically set up the directories to not display the contents but use the contents and allow access to say for example pictures in the directory?
Is there a way I can have apache automatically do this for me or do I have to place a blank index page in every directory i create or have to place an htaccess file in every directory I create? How can I protect the contents with a 403 but still allow the contents to be accessed only through full path?
My Server Was Hacked -- How To Prevent This
Oct 2, 2007My server was recently hacked and I'm looking ways to secure it in the future. I use the server to host my own websites.
It was hacked to be a spam server. I traced the new files the hackers added to my "upload" directory, which is where my site members upload pics. I had set the directory to chmod 777. Could someone hack that directory solely from it being its rights being 777?
The site was custom developed in PHP, and looking through it myself, I couldn't find any security issues. But then again, I may not know what exactly to look up.
I would appreciate any general tips to protecting a server, as well as general tactics hackers use to hack a server and PHP site.
To Prevent Local Hack
Nov 29, 2007I try to enhance my server security and prevent local hack but it seem useless.
I tried to chmod home/user/public_html to 711; disable functions; enable php open_basedir.
I can stop some popular shell such as c99shell.php but server can be hacked local.
Anyway to prevent it completely?
Way To Prevent Iframe Attack
Oct 31, 2007some sites on my server is inserted iframe code to its homepage index.php and index.html
I found this topic is discussed on WHT for sometimes but no solution yet. I found a article help to solve this issue but i am lack of knowledge to understand the article.
[url]
Prevent Download Manager
Jun 8, 2007Download manager software usually split files to many parts than download them at the same time. Will it makes server load higher, if yes how to limit the parts of file they can split to?
View 3 Replies View Related
