How To Secure from Backdoor Script?
How To Secure from Backdoor Script?
I test the hxxp://code.google.com/p/b374k-shell/ and it goes perfect to read all the data on the server. How to secure the server from the jumping directory caused by backdoor?
Re: How To Secure from Backdoor Script?
what do you mean by all data?
can you browse other users folders?
can you browse other users folders?
Re: How To Secure from Backdoor Script?
jesus christ monkey balls !!! yes it does browse whole server lol lol hahhahaha
https://code.google.com/p/b374k-shell/ give it a try
https://code.google.com/p/b374k-shell/ give it a try
Re: How To Secure from Backdoor Script?
I tested it in cpanel (latest version) the environment is isolated.
old version of cpanel is more vulnerable
but vesta opened all doors widely.
I am shocked. If one of my hosting clients want to f#£k me, my ass is wide open.
old version of cpanel is more vulnerable
but vesta opened all doors widely.
I am shocked. If one of my hosting clients want to f#£k me, my ass is wide open.
Re: How To Secure from Backdoor Script?
Yes, it's like a ghost that overshadow.. I'm also thinking if I was wrong in editing the script and someone can upload this can be bad.cagatay wrote:I tested it in cpanel (latest version) the environment is isolated.
old version of cpanel is more vulnerable
but vesta opened all doors widely.
I am shocked. If one of my hosting clients want to f#£k me, my ass is wide open.
Please vestacp team action as soon as possible!
Re: How To Secure from Backdoor Script?
There is a way. I just download and tested this shell. It's ordinary shell script, this script can't even win to openbasedir and mod_ruid. So, you understand, for security reason better use these apache2 settings. And simple logic one user = one site.
Apache Template - basedir
Nginx - hosting
Example of apache2 config for domain:
Apache Template - basedir
Nginx - hosting
Example of apache2 config for domain:
Code: Select all
<VirtualHost ip:8080>
ServerName mydomain.su
ServerAlias www.mydomain.su mydomain-su.erza.ru
ServerAdmin [email protected]
DocumentRoot /home/mydomain/web/mydomain.su/public_html
ScriptAlias /cgi-bin/ /home/mydomain/web/mydomain.su/cgi-bin/
Alias /vstats/ /home/mydomain/web/mydomain.su/stats/
Alias /error/ /home/mydomain/web/mydomain.su/document_errors/
#SuexecUserGroup mydomain mydomain
CustomLog /var/log/apache2/domains/mydomain.su.bytes bytes
CustomLog /var/log/apache2/domains/mydomain.su.log combined
ErrorLog /var/log/apache2/domains/mydomain.su.error.log
<Directory /home/mydomain/web/mydomain.su/public_html>
AllowOverride All
Options +Includes -Indexes +ExecCGI
php_admin_value open_basedir /home/mydomain/web/mydomain.su/public_html:/home/mydomain/tmp
php_admin_value upload_tmp_dir /home/mydomain/tmp
php_admin_value session.save_path /home/mydomain/tmp
</Directory>
<Directory /home/mydomain/web/mydomain.su/stats>
AllowOverride All
</Directory>
<IfModule mod_ruid2.c>
RMode config
RUidGid mydomain mydomain
RGroups www-data
</IfModule>
<IfModule itk.c>
AssignUserID mydomain mydomain
</IfModule>
Include /home/mydomain/conf/web/apache2.mydomain.su.conf*
</VirtualHost>
Re: How To Secure from Backdoor Script?
I can browse other users' files, not just the user folders created under my account. whole server is open.skurudo wrote:There is a way. I just download and tested this shell. It's ordinary shell script, this script can't even win to openbasedir and mod_ruid. So, you understand, for security reason better use these apache2 settings. And simple logic one user = one site.
Apache Template - basedir
Nginx - hosting
Example of apache2 config for domain:
Code: Select all
<VirtualHost ip:8080> ServerName mydomain.su ServerAlias www.mydomain.su mydomain-su.erza.ru ServerAdmin [email protected] DocumentRoot /home/mydomain/web/mydomain.su/public_html ScriptAlias /cgi-bin/ /home/mydomain/web/mydomain.su/cgi-bin/ Alias /vstats/ /home/mydomain/web/mydomain.su/stats/ Alias /error/ /home/mydomain/web/mydomain.su/document_errors/ #SuexecUserGroup mydomain mydomain CustomLog /var/log/apache2/domains/mydomain.su.bytes bytes CustomLog /var/log/apache2/domains/mydomain.su.log combined ErrorLog /var/log/apache2/domains/mydomain.su.error.log <Directory /home/mydomain/web/mydomain.su/public_html> AllowOverride All Options +Includes -Indexes +ExecCGI php_admin_value open_basedir /home/mydomain/web/mydomain.su/public_html:/home/mydomain/tmp php_admin_value upload_tmp_dir /home/mydomain/tmp php_admin_value session.save_path /home/mydomain/tmp </Directory> <Directory /home/mydomain/web/mydomain.su/stats> AllowOverride All </Directory> <IfModule mod_ruid2.c> RMode config RUidGid mydomain mydomain RGroups www-data </IfModule> <IfModule itk.c> AssignUserID mydomain mydomain </IfModule> Include /home/mydomain/conf/web/apache2.mydomain.su.conf* </VirtualHost>
No response from vesta team...
Re: How To Secure from Backdoor Script?
Wait what? It's not correct open basedir.
Rewrite a bit templates and rebuild web:
http://forum.vestacp.com/viewtopic.php? ... dir#p20079
Rewrite a bit templates and rebuild web:
Code: Select all
php_admin_value open_basedir %docroot%:%home%/%user%/tmp
php_admin_value upload_tmp_dir %home%/%user%/tmp
php_admin_value session.save_path %home%/%user%/tmp
Re: How To Secure from Backdoor Script?
Why not just block some php functions like exec(), system()? http://php.net/manual/en/ini.core.php#i ... -functions
Re: How To Secure from Backdoor Script?
I'm using the default settings VestaCP. What should I change if it is to avoid evil script like this. Please explain more details on each step because I am very beginner.skurudo wrote:There is a way. I just download and tested this shell. It's ordinary shell script, this script can't even win to openbasedir and mod_ruid. So, you understand, for security reason better use these apache2 settings. And simple logic one user = one site.
Apache Template - basedir
Nginx - hosting
Example of apache2 config for domain:
Code: Select all
<VirtualHost ip:8080> ServerName mydomain.su ServerAlias www.mydomain.su mydomain-su.erza.ru ServerAdmin [email protected] DocumentRoot /home/mydomain/web/mydomain.su/public_html ScriptAlias /cgi-bin/ /home/mydomain/web/mydomain.su/cgi-bin/ Alias /vstats/ /home/mydomain/web/mydomain.su/stats/ Alias /error/ /home/mydomain/web/mydomain.su/document_errors/ #SuexecUserGroup mydomain mydomain CustomLog /var/log/apache2/domains/mydomain.su.bytes bytes CustomLog /var/log/apache2/domains/mydomain.su.log combined ErrorLog /var/log/apache2/domains/mydomain.su.error.log <Directory /home/mydomain/web/mydomain.su/public_html> AllowOverride All Options +Includes -Indexes +ExecCGI php_admin_value open_basedir /home/mydomain/web/mydomain.su/public_html:/home/mydomain/tmp php_admin_value upload_tmp_dir /home/mydomain/tmp php_admin_value session.save_path /home/mydomain/tmp </Directory> <Directory /home/mydomain/web/mydomain.su/stats> AllowOverride All </Directory> <IfModule mod_ruid2.c> RMode config RUidGid mydomain mydomain RGroups www-data </IfModule> <IfModule itk.c> AssignUserID mydomain mydomain </IfModule> Include /home/mydomain/conf/web/apache2.mydomain.su.conf* </VirtualHost>