1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

PHP Shell

Discussion in 'Security' started by applehost, Aug 11, 2012.

  1. #1
    Hi All

    I'm having a big headache with Shell Scripts. I want to block php shells.

    I'm a re seller. I can disable some of functions in php.ini. But that will be a issue for my clients . What is the easiest way to block php shells without having a issue for my clients.
    SEMrush
     
    applehost, Aug 11, 2012 IP
    SEMrush
  2. TiffanyJ.SSS

    TiffanyJ.SSS Member

    Messages:
    72
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    33
    #2
    Its a difficult process. But most of our clients don't have issues with PHP shells and can block most of them.
     
    TiffanyJ.SSS, Aug 11, 2012 IP
  3. RonBrown

    RonBrown Well-Known Member

    Messages:
    934
    Likes Received:
    55
    Best Answers:
    4
    Trophy Points:
    105
    #3
    It may not be a popular view, but security has to come over convenience when you're hosting sites for other people. There's always a compromise somewhere but things like PHP Shell on shared or reseller hosting are a no-no if they pose a security risk to the server or other web sites. If someone needs them so much then they can go for a VPS or Dedicated server and then do what they want, but not on shared/reseller hosting. You have a duty of care, not a duty of convenience.
     
    RonBrown, Aug 12, 2012 IP
  4. Ray Baron

    Ray Baron Member

    Messages:
    148
    Likes Received:
    10
    Best Answers:
    3
    Trophy Points:
    43
    #4
    One of the best answers I have seen on this subject.

    Applehost, you are doing your shared customers a huge disservice by allowing unsafe PHP functions that are unneeded for the vast majority of websites.
     
    Ray Baron, Aug 14, 2012 IP
  5. bluebios

    bluebios Greenhorn

    Messages:
    10
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    11
    #5
    Keep SAFE MODE=OFF
     
    bluebios, Dec 9, 2012 IP
  6. RiyazS

    RiyazS Peon

    Messages:
    8
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #6
    You being a reseller really doesn't have a lot that you can do. Better talk to your parent company and have them take steps towards the security. If you have a lot of wordpress / joomla etc websites, then it is most likely sym link vulnerability which is screwing the entire server and all the websites on it.
     
    RiyazS, Dec 12, 2012 IP
  7. Slokix

    Slokix Peon

    Messages:
    24
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    3
    #7
    This is the price of security ! No Shell at all on shared server ... At least you can allow you customer to access shell on VPS or hybrid server.
    On shared server you will compromise all websites of the server.

    Shell is a specific need, if you want it, you pay it !
     
    Slokix, Dec 12, 2012 IP
  8. iceh

    iceh Greenhorn

    Messages:
    14
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    11
    #8
    Most simpe way to do is - Use a PHP script in cron job , Make a script to grep for shells.
     
    iceh, Dec 20, 2012 IP