Hi All I'm having a big headache with Shell Scripts. I want to block php shells. I'm a re seller. I can disable some of functions in php.ini. But that will be a issue for my clients . What is the easiest way to block php shells without having a issue for my clients.
Its a difficult process. But most of our clients don't have issues with PHP shells and can block most of them.
It may not be a popular view, but security has to come over convenience when you're hosting sites for other people. There's always a compromise somewhere but things like PHP Shell on shared or reseller hosting are a no-no if they pose a security risk to the server or other web sites. If someone needs them so much then they can go for a VPS or Dedicated server and then do what they want, but not on shared/reseller hosting. You have a duty of care, not a duty of convenience.
One of the best answers I have seen on this subject. Applehost, you are doing your shared customers a huge disservice by allowing unsafe PHP functions that are unneeded for the vast majority of websites.
You being a reseller really doesn't have a lot that you can do. Better talk to your parent company and have them take steps towards the security. If you have a lot of wordpress / joomla etc websites, then it is most likely sym link vulnerability which is screwing the entire server and all the websites on it.
This is the price of security ! No Shell at all on shared server ... At least you can allow you customer to access shell on VPS or hybrid server. On shared server you will compromise all websites of the server. Shell is a specific need, if you want it, you pay it !