Secure your server against PHP Shells

Kw3rLn · Oct 28, 2011

Add this code in php.ini to protect your server agaist PHP shells execution.

Code:

disable_functions = php_uname, getmyuid, getmypid, passthru, leak, listen, diskfreespace, tmpfile, link, ignore_user_abord, shell_exec, dl, set_time_limit, exec, system, highlight_file, source, show_source, fpaththru, virtual, posix_ctermid, posix_getcwd, posix_getegid, posix_geteuid, posix_getgid, posix_getgrgid, posix_getgrnam, posix_getgroups, posix_getlogin, posix_getpgid, posix_getpgrp, posix_getpid, posix, _getppid, posix_getpwnam, posix_getpwuid, posix_getrlimit, posix_getsid, posix_getuid, posix_isatty, posix_kill, posix_mkfifo, posix_setegid, posix_seteuid, posix_setgid, posix_setpgid, posix_setsid, posix_setuid, posix_times, posix_ttyname, posix_uname, proc_open, proc_close, proc_get_status, proc_nice, proc_terminate, phpinfo,system,passthru,shell_exec,escapeshellarg,escapeshellcmd,proc_close,proc_open, 
ini_alter,dl,popen,popen,pcntl_exec,socket_accept,socket_bind,socket_clear_error, 
socket_close,socket_connect 
safe_mode = On 
register_globals = Off 
display_errors = Off 
allow_url_fopen = Off 
allow_url_include = Off 
enable open_basedir(set it to webroot path)

Stay secure always!

nasavsisro · Oct 28, 2011

What IS PHP Sell Is This Like DDoS ?

Kw3rLn · Oct 28, 2011

You can easily upload and install a shell lol. Here is the definition:

PHP Shell is a shell wrapped in a PHP script. It's a tool you can use to execute arbitrary shell-commands or browse the filesystem on your remote webserver. This replaces, to a degree, a normal telnet connection, and to a lesser degree a SSH connection.
You use it for administration and maintenance of your website, which is often much easier to do if you can work directly on the server. For example, you could use PHP Shell to unpack and move big files around. All the normal command line programs like ps, free, du, df, etc can be used.

Tulip · Oct 28, 2011

To be honest that's a ridiculous amount of functions to disable, do you even know what each function does? on that note, you've just added aload for it to disable but the major ones have been left out..

My general list to disable:

disable_functions = "system, show_source, passthru, dl, symlink, exec, shell_exec, allow_url_fopen, popen, pclose, proc_open, proc_close, ini_set, ini_restore"

This wont disable a phpshell but would still keep a server secure as it can be by just disabling functions.. if you know your way around php/other functions related you can disable pretty much anything you want from running IE a php shell.

tut2tut · Oct 28, 2011

can't block using .htaccess file?

nba517 · Oct 28, 2011

quit hard to understand
im a php newbie

bxflow · Oct 28, 2011

nba517 said:
quit hard to understand
im a php newbie

This is if you have a VPS/DEDI server.

Edit your php.ini file and add what he said...

if you dont know what a php.ini file is or where is located at then google it.

Secure your server against PHP Shells

Kw3rLn

Active Member

nasavsisro

Active Member

Kw3rLn

Active Member

Tulip

Member

tut2tut

Active Member

nba517

Banned

bxflow

Active Member