Secure your server against PHP Shells

[Kw3rLn]

Add this code in php.ini to protect your server agaist PHP shells execution.

Code: 

disable_functions = php_uname, getmyuid, getmypid, passthru, leak, listen, diskfreespace, tmpfile, link, ignore_user_abord, shell_exec, dl, set_time_limit, exec, system, highlight_file, source, show_source, fpaththru, virtual, posix_ctermid, posix_getcwd, posix_getegid, posix_geteuid, posix_getgid, posix_getgrgid, posix_getgrnam, posix_getgroups, posix_getlogin, posix_getpgid, posix_getpgrp, posix_getpid, posix, _getppid, posix_getpwnam, posix_getpwuid, posix_getrlimit, posix_getsid, posix_getuid, posix_isatty, posix_kill, posix_mkfifo, posix_setegid, posix_seteuid, posix_setgid, posix_setpgid, posix_setsid, posix_setuid, posix_times, posix_ttyname, posix_uname, proc_open, proc_close, proc_get_status, proc_nice, proc_terminate, phpinfo,system,passthru,shell_exec,escapeshellarg,escapeshellcmd,proc_close,proc_open, 
ini_alter,dl,popen,popen,pcntl_exec,socket_accept,socket_bind,socket_clear_error, 
socket_close,socket_connect 
safe_mode = On 
register_globals = Off 
display_errors = Off 
allow_url_fopen = Off 
allow_url_include = Off 
enable open_basedir(set it to webroot path)

Stay secure always!

Kw3rLn Reviewed by Kw3rLn on 28th Oct 2011. Secure your server against PHP Shells Add this code in php.ini to protect your server agaist PHP shells execution. disable_functions = php_uname, getmyuid, getmypid, passthru, leak, listen, diskfreespace, tmpfile, link, ignore_user_abord, shell_exec, dl, set_time_limit, exec, system, highlight_file, source, show_source, fpaththru, virtual, posix_ctermid, posix_getcwd, posix_getegid, posix_geteuid, posix_getgid, posix_getgrgid, posix_getgrnam, posix_getgroups, posix_getlogin, posix_getpgid, posix_getpgrp, posix_getpid, posix, Rating: 5

[nasavsisro]

What IS PHP Sell Is This Like DDoS ?

[Kw3rLn]

You can easily upload and install a shell lol. Here is the definition:

PHP Shell is a shell wrapped in a PHP script. It's a tool you can use to execute arbitrary shell-commands or browse the filesystem on your remote webserver. This replaces, to a degree, a normal telnet connection, and to a lesser degree a SSH connection.
You use it for administration and maintenance of your website, which is often much easier to do if you can work directly on the server. For example, you could use PHP Shell to unpack and move big files around. All the normal command line programs like ps, free, du, df, etc can be used.

[Tulip]

To be honest that's a ridiculous amount of functions to disable, do you even know what each function does? on that note, you've just added aload for it to disable but the major ones have been left out..

My general list to disable:

disable_functions = "system, show_source, passthru, dl, symlink, exec, shell_exec, allow_url_fopen, popen, pclose, proc_open, proc_close, ini_set, ini_restore"

This wont disable a phpshell but would still keep a server secure as it can be by just disabling functions.. if you know your way around php/other functions related you can disable pretty much anything you want from running IE a php shell.

[tut2tut]

can't block using .htaccess file?

[nba517]

quit hard to understand
im a php newbie

[bxflow]

quit hard to understand
im a php newbie

This is if you have a VPS/DEDI server.

Edit your php.ini file and add what he said...

if you dont know what a php.ini file is or where is located at then google it.