New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Best way to prevent modification of PHP.ini from hackers ?
Hostripples
Member
in General
We would like to see the different views of each people how we can stop the modification in php.ini that hackers do once the website is Vulnerable ?
Comments
You really want to learn regarding symlink bypass :P Surprised your tag contains hostripples, affected host with hackers?
Hello CentrioHost.. seems you misunderstood the query
symlink bypass can be stop in many ways if you are a good hacker and system admin .. and been a playing both roles from long time i am sure we can stop the users and restrict access to php.ini variables .. which is the real query of hostripples.. hope he/she will be agree with me
by searching on net found one usefull info which will help you to get solve your query hostripples check it http://winlinuxadmins.com/index.php?/topic/1177-creating-custom-php-ini-in-cpanel-suphp-server/
Question is what 'vulnerable' means. What is the scenario of gaining access to Web root?
scenario: like a backdoor php script
I. Are you guys connected?
II. How about cutting down the signature to a reasonable, space-saving one-liner?
I'm sure they ripped centriohost's signature
The first question I would ask would be "How on Earth did it appear on server?"
-- Incoming traffic from compromised IPs/nets should be blocked; suspicious activity (such as posting to URLs not present on server) should result in banning corresponding IPs
-- Web server process UID/GID should not be able to write within Web root. If that is required, no file execution should be allowed within directory where file creation/upload is allowed to. Similarly, no file may be directly included/interpreted (as a script, for example)
-- Web server process UID/GID should not be allowed reading where it isn't supposed to
-- Web server processes should not be able to execute scripts/whatever; if it is absolutely required, they should only be allowed to execute certain files/scripts
-- Intrusion detection system should raise alert/restrict access to servers etc if data is written/changed where it isn't supposed to
-- SELinux/APpArmor/other security facilities should be set up to prevent access to where it isn't allowed
The above are obvious measures that should be in effect under any circumstances, IMNSHO.
Wow... Just noticed...! Whats a freak. First discussed about symlink protection on a thread, then another thread about php.ini protection, just cloning signature styles... What next...!!
oh no someone stole how I styled my signature pls ban he!
teach how to clone ur sig.. :P