Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Categories

In this Discussion

Best way to prevent modification of PHP.ini from hackers ?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Best way to prevent modification of PHP.ini from hackers ?

HostripplesHostripples Member
in General

We would like to see the different views of each people how we can stop the modification in php.ini that hackers do once the website is Vulnerable ?

Comments

  • CentrioHostCentrioHost Member

    You really want to learn regarding symlink bypass :P Surprised your tag contains hostripples, affected host with hackers?

  • SimranSimran Member

    Hello CentrioHost.. seems you misunderstood the query :)
    symlink bypass can be stop in many ways if you are a good hacker and system admin .. and been a playing both roles from long time :) i am sure we can stop the users and restrict access to php.ini variables .. which is the real query of hostripples.. hope he/she will be agree with me :)

    by searching on net found one usefull info which will help you to get solve your query hostripples check it http://winlinuxadmins.com/index.php?/topic/1177-creating-custom-php-ini-in-cpanel-suphp-server/

  • Master_BoMaster_Bo Member

    Question is what 'vulnerable' means. What is the scenario of gaining access to Web root?

  • qtriangleqtriangle Member

    scenario: like a backdoor php script

  • skaska Member
    edited October 2013

    I. Are you guys connected?

    II. How about cutting down the signature to a reasonable, space-saving one-liner?

  • terafireterafire Member

    I'm sure they ripped centriohost's signature

  • Master_BoMaster_Bo Member

    @qtriangle said:
    scenario: like a backdoor php script

    The first question I would ask would be "How on Earth did it appear on server?"

    -- Incoming traffic from compromised IPs/nets should be blocked; suspicious activity (such as posting to URLs not present on server) should result in banning corresponding IPs

    -- Web server process UID/GID should not be able to write within Web root. If that is required, no file execution should be allowed within directory where file creation/upload is allowed to. Similarly, no file may be directly included/interpreted (as a script, for example)

    -- Web server process UID/GID should not be allowed reading where it isn't supposed to

    -- Web server processes should not be able to execute scripts/whatever; if it is absolutely required, they should only be allowed to execute certain files/scripts

    -- Intrusion detection system should raise alert/restrict access to servers etc if data is written/changed where it isn't supposed to

    -- SELinux/APpArmor/other security facilities should be set up to prevent access to where it isn't allowed

    The above are obvious measures that should be in effect under any circumstances, IMNSHO.

  • CentrioHostCentrioHost Member

    @ska said:
    I. Are you guys connected?

    II. How about cutting down the signature to a reasonable, space-saving one-liner?

    Wow... Just noticed...! Whats a freak. First discussed about symlink protection on a thread, then another thread about php.ini protection, just cloning signature styles... What next...!!

  • MrObviousMrObvious Member

    oh no someone stole how I styled my signature pls ban he!

  • PatsPats Member

    @CentrioHost said:
    What next...!!

    teach how to clone ur sig.. :P

Sign In or Register to comment.