C99shell Disable PHP Scripts?
the biggest security issue i have with my clients is php c99 shell and similar php files, somehow these files uploaded on the website and from here they start attacking the websites.
i have seen also that once you upload the c99 php file you are able to see the accounts information ( such as a user name ) on the same server
so is there any way to disable this kind of php file or at least disable some function within the file!
i have been thinking to install and run a antivirus on the server , but i see sometimes they upload the encrypted version of the file , so the antirus can't catch the file as a torjan!
View Complete Thread with Replies
Sponsored Links:
Related Forum Messages:
C99Shell :: How To Detect Or Disable The Functionality Of C99Shell
Recently my site was defaced, (i own a dedicated server), my server was not touched, but one of the applications I used on the site was exploited to gain access to it. I have noticed 4 or 5 c99 shells in different locations on my ftp. The site is back online, but it's definitely possible that they have one of these hidden somewhere and that they'll just do it again. I am using cent os 5 How can I easily search for these on my box? Can I disable their functionality? is there setting I can use in htaccess or something to make my website safer? I visited one of the scripts, and it said SAFEMODE OFF, how can I at least enable safemode? I don't know much of anything about linux, but I am running cpanel and WHM. I have a guy who manages my box but he is hard to get a hold of sometimes, and I'd like to take care of this ASAP!
View Replies!
View Related
How Disable Php On Cpanel
any one can apply php scripts under cpanel like: domain.com:2082/scripts.php I have run phpinfo for looking for cpanel php.ini I have Configuration File (php.ini) Path /usr/local/cpanel/3rdparty/etc I renamed /usr/local/cpanel/3rdparty/etc to /usr/local/cpanel/3rdparty/etc.OLD then restart the server I am still get cpanel php work and phpinfo give : Configuration File (php.ini) Path /usr/local/cpanel/3rdparty/etc how to disable cpanel php to prevent some one exploit php to hacking my server?
View Replies!
View Related
Disable Php Functions
Does the below look good for a private server (linux, cpanel, phpsuexec disabled)? disable_functions = show_source, system, shell_exec, passthru, phpinfo, popen, proc_open What about a shared hosting server (linux, cpanel, phpsuexec *enabled*)? disable_functions = show_source, system, shell_exec, passthru, phpinfo, popen, proc_open
View Replies!
View Related
PHP Disable Functions Override
In the php.ini ive disabled several functions for security reasons but i need to enable exec() and shell_exec() for WHMCS Status, but i dont want it enabled for anything or anyone else. I know you can over ride global php.ini but i preferably dont want that on and also i forgot where that option is but i was wondering if there was any work arounds or would i have to enable exec() and shell_exec() globally or enable php.ini override.
View Replies!
View Related
Disable PHP Shell_exec And Readfile
To disable or not to disable shell_exec and readfile. I haven't found any possible problems about enabling readfile but regarding shell_exec, I might be vulnerable to phpshell scripts though if the server is correcly configured (suPHP, suoshin, etc.), the risks are minimun.
View Replies!
View Related
How-to Disable Php Functions Per Domain
When dealing with the security of your server you will eventually get to the part were you will want to disable some php functions. The only problem on shared hosting is that you cannot disable exec for a domain and enable that function for an other that needs it because of some lame script. Eventually you will get to the part were you will need to enable exec on the entire server because of one site. There is a solution to this and it’s called suhosin. Suhosin has a configuration variable called ”suhosin.executor.func.blacklist” which can be used to disable some php functions. The difference between this variable and disable_functions in php.ini is that it can be set for all the sites and then it can be modified for a domain only (it can be overwritten) so you will be able to disable exec on the entire server and enable that function for a single domain. I will not write here how to install suhosin. Also, you only need the extension for this so you do not need to patch php and recompile. IMPORTANT: I have noticed that the suhosin extension 0.9.20 will not work anymore as there are some problems with it. It’s ok as long as we have 0.9.18. Probably the next version of the extension will be fixed to work ok again so remember to use version 0.9.18 for this until the problem is fixed. Ok, so to use suhosin as the php function blocker we need to comment out disable_functions in php ini (yes, enable all the functions) and then set in php.ini suhosin.executor.func.blacklist to something like this: suhosin.executor.func.blacklist = exec, passthru, shell_exec, system, pcntl_exec, proc_open, proc_nice, proc_terminate, proc_get_status, proc_close, leak, apache_child_terminate, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, escapeshellcmd, escapeshellarg You can add as many functions as you like. After that, all the functions added in suhosin.executor.func.blacklist will not work anymore in php scripts. If you need to enable a function for a domain, let’s say exec, you will have to edit apache configuration file and add suhosin.executor.func.blacklist without the exec function: <VirtualHost 127.0.0.1> ServerAlias www.test.com ServerAdmin webmaster@test.com DocumentRoot /home/test/public_html php_admin_value suhosin.executor.func.blacklist "passthru, show_source, shell_exec, system, pcntl_exec, popen, pclose, proc_open, proc_nice, proc_terminate, proc_get_status, proc_close, leak, apache_child_terminate, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, escapeshellcmd, escapeshellarg" </VirtualHost> Now exec is disable on the server but it’s enabled on the test domain.
View Replies!
View Related
C99Shell Folders?
I found these folders in the root /usr/bin/c99 /usr/include/boost/numeric/interval/detail/c99_rounding_control.hpp /usr/include/boost/numeric/interval/detail/c99sub_rounding_control.hpp what are these ? is it normal folders ? or somebody hacked our server? what shall I do?
View Replies!
View Related
Trojan C99Shell
I just installed zen cart on my webhosting and after few days later i saw some file written like core1405.php and when i open to view the file it is actually trojan c99shell. I have deleted all of the core file. Now how can i prevent it from happen again? Cause it is too much work to clean up the hosting server.
View Replies!
View Related
C99Shell Hackers Killing Me!
guys im tired off fighting those hackers everyday! i have about 20 websites,and everyday i have one of them hacked! i restore a backup then another one hacked! thats unbelivable!!! those bastards upload there shell scripts to websites via bugs or whatever from php files!! is there anyway to stop these commands? can .htaccess helps? how? i talked to my webhosting companies for my websites! ....
View Replies!
View Related
Mod_security & C99shell Anyone Help Please ?
I installed modsecurity from Addone module in Cpanel When I try to apply phpshell woork good without a mistakes and I can do anything despite of the presence of protection modsecurity and disable_functions in php.ini. Is there a particular settings add to the httpd.conf to prevent application phpshell or prevent upload it to the site?
View Replies!
View Related
C99Shell :: Attack Rules For Mod_security
i want to prevent c99shell scripts from running. I found this rule to detect URI's for the c99 shell. #new kit SecFilterSelective REQUEST_URI "/c99shell.txt" SecFilterSelective REQUEST_URI "/c99.txt?" My problem is that the hackers are being more stealthy and calling the script some random name like .../myphpstuff.php. So the URI no longer helps detect it. How could I detect "c99shell" in the actual file that apache servers? This assumes that the hacker was successfully in installing it. my box Apache 1.3.37 WHM 11.2.0 cPanel 11.11.0-R16983 FEDORA 5 i686 - WHM X v3.1.0
View Replies!
View Related
Why Disable Parse_ini_file
I've seen for securing PHP recommends putting parse_ini_file() in the disable_functions line in php.ini but I cannot find an exact reason why. This being disabled is causing an error message to appear on some of my users sites but I'm trying to find a clear cut reason why it is disabled.
View Replies!
View Related
Disable Clamav
How can I disable clamav on cpanel server and make sure that it's not running because when clamav is running the outlook is not working so I have to restart clamav every time.
View Replies!
View Related
Disable Logrotate
is it possible to disable log rotate? I can't seem to find the cron under my weeklys or dailys nor monthlys unless it's named "mad-db" but is there a way to make it say yearly? or just disable it all together? I say this because the script I use has a function already to clear the logs and when log rotate runs it kills all processes going by the script
View Replies!
View Related
Disable Auditd
I have disabled auditd Code: root@server48 [~]# chkconfig --list |grep audit root@server48 [~]# rpm -qa|grep audit audit-libs-1.7.7-6.el5_3.3 audit-libs-1.7.7-6.el5_3.3 audit-libs-python-1.7.7-6.el5_3.3 root@server48 [~]# lsmod |grep audit root@server48 [~]# root@server48 [~]# ps aux|grep audit root 532 0.0 0.0 0 0 ? S< May17 0:00 [kauditd] root 20690 0.0 0.0 61180 740 pts/0 R+ 06:12 0:00 grep audit root@server48 [~]# I still get audit on /var/log/messages Quote: May 24 06:10:01 server48 kernel: type=1101 audit(1243163401.625:179651): user pid=19715 uid=0 auid=0 msg='PAM: accounting acct="root" : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)' May 24 06:10:01 server48 kernel: type=1101 audit(1243163401.716:179652): user pid=19716 uid=0 auid=0 msg='PAM: accounting acct="youtubet" : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)' May 24 06:10:02 server48 kernel: type=1101 audit(1243163402.087:179656): user pid=19719 uid=0 auid=0 msg='PAM: accounting acct="vidzboxc" : exe="/usr/sbin/crond" (hostname=?, addr=?, terminal=cron res=success)' How do i disable auditd completely?
View Replies!
View Related
How Do I Disable IPTables?
I installed APF/BFD a log time ago on my centos server and have had no problems up until now. Approx 3 days ago, the server was uncontactable by SSH/HTTP/FTP. So I ran a traceroute and the host confirmed the box was up with no problems. He disabled IPTables and I was allowed in. Anyway, overnight, the same thing has happenned again. I will have to SSH in from another IP however, my main question is how do I disable IPTables ? Or better still, how do I uninstall APF!
View Replies!
View Related
Disable Email
I got the problem with email running on my server. That mean, I using my domain email service with other server. Now I hosted a website for this domain on one other server. Note that the IP for domain and email domains are different (Using managed domain service) But I got the problem now when email sending from the server (using php email function ) with the website running that will confusing, not sending anymore. Don't know that you understand my case. But I want to stop email service for this domain on my server, all email just send and receive through other email server. How can I setup or configure it through SSH?
View Replies!
View Related
How To Disable This Message
I have placed .htaccess to block some ip, when the person ip matches, my server will gives this message "client denied by server configuration", got lots of them everday in my error log, how can I disable this message? I need other error log message but not this message, is there any way I can disable it? using centos and plesk.
View Replies!
View Related
How Do I Disable Apache
I have Apache 2.2 using cPanel 11 how do I disable apache I was sure it was using this cmd, /etc/httpd/conf/httpd.conf off When I try that I get permission denied and im logged in with root! I also tried this /etc/httpd/conf/httpd.conf chmod 777 permission denied again. Anyways, I need to disable Apache so LiteSpeed will work and I can dump Apache the unforgiven pos that will dos it recieves a request to visit a webpage. (That is over doing it, Apache is really good just if it gets hit it's down easy.)
View Replies!
View Related
Dr Web - How To Disable It
I can stop Dr Web from within Plesk Control panel, but every time server restarts - Dr Web is automatically started again. Any possible way to disable it from running? Also the same with Spam Assassin. I am running CentOS
View Replies!
View Related
Disable Function
It possible to disable the disable function for all user expect one account for running few application i need shell_exec, passthru, exec these so for other account it possible to disable it?
View Replies!
View Related
Disable Clamd
we have a dedicated with 1 only customer that use server x mailing we would disable clamd because is not used in this situation we have disable, any day ago, from 'service manager' of WHM but now we see this under "today cpu usage": Top Process %CPU 67.5 /usr/sbin/clamd Top Process %CPU 44.0 /usr/bin/perl -w /usr/sbin/eximstats Top Process %CPU 25.9 /usr/sbin/clamd
View Replies!
View Related
How To Disable Sendmail Completely
Is there any way to have sendmail completely disabled on my server? I tried: service sendmail stop but my maillog keeps filling up with a lot of messages like these: stat=Deferred: Connection refused by [127.0.0.1] How can I stop the maillog from filling up?
View Replies!
View Related
Disable WHM/Cpanel
I want to disable WHM/Cpanel.because client purchase dedicate server from us and he want to access from command line and no WHM/Cpanel so how can i do it and it will be effect on any service because i have installed all the service like dns, exim and http from WHM.
View Replies!
View Related
Disable Mail Function
I am starting to webhosting company in it I have included a package will be free and add supported and also I want to disable some functions like mail() ..........I mean I want to disable SMTP services anyone have idea how can I do that.
View Replies!
View Related
Disable Awstats For Just One Domain
if anybody has been successful in disabling awstats for one domain only? I've seen this method somewhere else but was wondering if any of you guys have tried it here: ---------------------- Append the line, skipawstats=1 to the file /var/cpanel/users/<username> ----------------------
View Replies!
View Related
|
TRACKER
