Results 1 to 8 of 8

Thread: Apache security

  1. #1
    Join Date
    Feb 2004
    Location
    Ashdod, Israel
    Posts
    49

    Apache security

    I saw in two cases two difrent scripts that allow to view all the directories and files on the server, and may be eve modify and delete them.

    i test the "mod_userdir Tweak" in the WHM options, but it didn't helped.

    i'm doing updates eve few days, and it didn't helped

    what can i do to secure my server and fix that thing ?

    Linux redhat, apache, P4 2.8 GHz, 1 GB RAM
    Attached Thumbnails Attached Thumbnails test1.gif  
    Misha B.
    Benis Computers and Communication
    Israel

  2. #2
    Join Date
    Feb 2004
    Location
    Ashdod, Israel
    Posts
    49
    and the second pic, with the files from the /home/ drictory
    Attached Thumbnails Attached Thumbnails test2.gif  
    Misha B.
    Benis Computers and Communication
    Israel

  3. #3
    Join Date
    May 2004
    Location
    Hungary
    Posts
    106
    What type of script is this? PHP? CGI?

  4. #4
    along with what script... have you tested the ability to actually edit/create/delete files with it? It may show you but still not have permission to do anything with it
    Joe
    www.DollarWebHosting.Biz
    |:| Shared |:| Reseller |:| Dedicated |:|

  5. #5
    Join Date
    Feb 2004
    Location
    Ashdod, Israel
    Posts
    49
    Originally posted by joekushner
    along with what script... have you tested the ability to actually edit/create/delete files with it? It may show you but still not have permission to do anything with it
    no, i will test it,
    but i not looking good, eve if it just show it

    What type of script is this? PHP? CGI?
    a PHP script, may be i need to Attach the script file ?
    Attached Files Attached Files
    Misha B.
    Benis Computers and Communication
    Israel

  6. #6
    Join Date
    Feb 2004
    Posts
    1,226
    i recommend reading http://www.webhostingtalk.com/showth...hreadid=277411

    this issue is because PHP runs as 'nobody' user

  7. #7
    Join Date
    Feb 2004
    Location
    Ashdod, Israel
    Posts
    49
    Originally posted by Lem0nHead
    i recommend reading http://www.webhostingtalk.com/showth...hreadid=277411

    this issue is because PHP runs as 'nobody' user
    The things ware fixed by the security options in WHM

    but still have accses to the /tmp folder
    i used the "secure tmp" function,
    but still have accses

    -----
    the scripts i'm talikung about is a file manager scripts (upload, edit & delete files from the server by web browser),
    i sure it's the same thing with any file manager script
    Misha B.
    Benis Computers and Communication
    Israel

  8. #8
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,294
    You will always be able to access the /tmp because php use it for sessions, etc. securetmp only restircts being able to do something like


    echo "uptime" > uptime.sh
    chmod +x uptime.sh
    ./uptime.sh
    and executing like that but they still can do:

    echo "uptime" > uptime.sh
    /bin/sh uptime.sh
    and get output that way.


    One way you can prevent those kind of attacks like you are talking about is adding this line to php.ini

    disable_functions = system, exec, shell_exec, popen, proc_open, passthru
    Yes this will break some scripts but it will help prevent those kind of scripts you are talking about.

    Thank you
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •