Results 1 to 10 of 10
  1. #1
    Join Date
    Nov 2005
    Location
    Romania
    Posts
    190

    Unhappy suPHP bytes the dust

    After upgrading to Apache2, installing suPHP and mod_userdir, and enabling open_basedir, I can still browse other users webroot with a c99 shell script. Anyone have any suggestions to increase protection without needing safe_mode on?

    PS. Merry Christmas to all

  2. #2
    Merry Christmas:

    Please see if http://www.hardened-php.net/ and http://modsecurity.org/ -- http://www.gotroot.com/ has a good set of starter rules -- helps.

    Thank you.
    ---
    Peter M. Abraham
    LinkedIn Profile

  3. #3
    I second what dynamicnet says

  4. #4
    Join Date
    Jul 2007
    Posts
    55
    Are you sure mod_userdir is activated? Please double check.
    L
    I work with a cup of tea, prefer green tea.

  5. #5
    Join Date
    Sep 2000
    Location
    New Jersey
    Posts
    389
    On gotroot.com the "Known rootkits/worms" actually block many of C99 calls. Also clamav detects C99 shells (among other php shells) during a scan so you may want to consider installing it and scanning the server once in a while to look for them.
    John Quaglieri - InterServer, Inc

  6. #6
    Join Date
    Nov 2005
    Location
    Romania
    Posts
    190
    Quote Originally Posted by dynamicnet View Post
    Merry Christmas:

    Please see if http://www.hardened-php.net/ and http://modsecurity.org/ -- http://www.gotroot.com/ has a good set of starter rules -- helps.

    Thank you.
    I don`t think mod_security is very effective in some cases when you hardcode the access strings in php. mod_security is just for blocking XSS security type issues.

    Quote Originally Posted by Tealeaf View Post
    Are you sure mod_userdir is activated? Please double check.
    Been for some while in the hosting gig, and trust me, mod_userdir bytes dust when you`re dealing with shell scripts.

  7. #7
    Join Date
    Feb 2005
    Location
    Australia
    Posts
    5,842
    Do you have the correct permissions and ownership on the user directories? eg.
    /home/user user:user 711
    /home/user/public_html user:apache 750
    Chris

    "Some problems are so complex that you have to be highly intelligent and well informed just to be undecided about them." - Laurence J. Peter

  8. #8
    Join Date
    Nov 2005
    Location
    Romania
    Posts
    190
    Of course.

  9. #9
    Join Date
    Feb 2005
    Location
    Australia
    Posts
    5,842
    With those permissions and php running suexec one user cannot read another user's files. If you have the correct permissions then check php:
    Code:
    <?php
    echo `whoami`;
    ?>
    Chris

    "Some problems are so complex that you have to be highly intelligent and well informed just to be undecided about them." - Laurence J. Peter

  10. #10
    Join Date
    Apr 2002
    Location
    Auckland - New Zealand
    Posts
    1,572
    You might not be enforcing the user (uid check) with suphp, check the conf for suphp and enable it if needed.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •