Web Hosting Talk : Web Hosting Main Forums : Hosting Security and Technology : Is there a way to Stop Shell hacking totally? c99

[toby27]

My server got often get a c99 and other shell attack.

Is there a way to stop them totally? i.e. even though they are successfully uploaded but I do not want the source to be available to them etc.?

I mean, is there a way to hide or not allow them to execute any shell?

[david510]

Do you have mod_security installed on the server?

[dtredwell]

Use a simple two-layer setup.

use mod security to filter out the URL's
use php.ini to block the functions.

[toby27]

Quote:

Originally Posted by dtredwell

Use a simple two-layer setup.

use mod security to filter out the URL's
use php.ini to block the functions.

I'm not familar with both. could you explain?

David: Thanks! hope you can explains more on mod_security though.

[LoganNZ]

http://www.modsecurity.org

Its basically a modification for apache which filters malicious code, stopping those kids from uploading web shells onto your box.

Mod_security allows you to monitor the attack attempts and in some cases/setups allows you to automatically ban the attacking IP.

Becareful with mod_security as it can mess with the average day PHP scripts if the configuration is a little aggressive. ( Logs help a lot in this area )

I can log up to 4-5 attacks a day via mod_sec, its a great mod for apache

mod_dosevasive is also a good script to install just for peace of mind.

Good luck with the install

[zacharooni]

Also make sure your directories aren't CHMOD 0777, and /tmp is noexec,nosuid. Additionally, make sure you have allow.url_fopen and allow.url_include is Off in php.ini.

[toby27]

i checked with my support team and they said the box is alrady has mod_secure . So now, how can i setup the rule to avoid c99 shell? and where do i put them?

[tweakservers]

Perhaps this thread may give you some ideas

http://www.webhostingtalk.com/showthread.php?t=610636