Results 1 to 4 of 4

Thread: MyShell script

  1. #1
    Join Date
    Nov 2002

    MyShell script

    Any advice on countering this script
    We had a user upload this script to the server recently but was lucky enough to catch it on time so we suspended the account untill such times as we could contact the owner.

    Needless to say we never did get in contact as the domain name used was not registered and he/she used another persons details to pay for the hosting of course a full refund was given to the proper oowner of account also the account was deleted.

    We did manage to get ip address of the person that signed up for account and duly informed his/her ISP.

    We do not allow shell access on our servers unless it is paid for as an option and even then it is jailed.

    I was reading a few other threads about this script and there was a suggestion that it was used in some cases for legitimate reasons.

    Clearly this is not the case here.

    Is there any other way to protect server from this script aswell as jailing shell access.
    Do unto others as you would have them do to you.

  2. #2
    Join Date
    Oct 2002
    State of Disbelief
    "Or perhaps your web hosting company do not provides shell access because the so called security reasons."

    Charming script.
    /*adds it to the list of bad things to look for*/

  3. #3
    Join Date
    Jan 2003
    Lake Arrowhead, CA
    Did the script even work? If you are properly configuring your server for reasonably secure php (safe mode, open_basedir, etc.), php scripts under a given user account shouldn't have access to any external directories... rendering Myshell or similar php shell scripts entirely harmless.
    Stability, redundancy and peace of mind

  4. #4
    Check CERT alerts for PHP

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts