Vesta Control Panel - Forum

Hello, how can I protect the server from the php shell?
The fact is that any user can install the script and view the file of another user.

I think open_basedir should help you to resolve this problem: http://php.net/manual/en/ini.core.php#ini.open-basedir

dreiggy wrote: ↑

Thu Aug 30, 2018 8:32 pm

I think open_basedir should help you to resolve this problem: http://php.net/manual/en/ini.core.php#ini.open-basedir

What about open_basedir in CLI?

Think you should check the sftp chroot module from vesta: http://vestacp.com/features/

First of all no matter you have extra security on server on not but when you are really worried about security then you must first go for vestacp chroot plugin and then go for malware solution.
Solution 1: https://github.com/rfxn/linux-malware-detect
Solution 2: https://revisium.com/aibo/

Install these on your server and add a cron job via vestacp so these tools keep scanning your server time to time. But if i talk about myself i do not rely on softwares i do check the code myself for the file changes and that is the only best solution to beat the hackers as some codes cannot be detected by anti-virus (clamv) or these type of malware detectors. reason is hackers use obfuscate the php shells to decrease the detection so it is better to have a look on server files.

If you are a hosting and you have too many sites and you cannot spend time to check each file then i use another solution.
That is actually a bit awkward but i still do this. which is i have install a windows virtual machine on my system and installed 3 major antivirus Bitdefender / Kaspersky / Eset NOD and 1 malware scanner (Malwarebytes). Download all server backup to that virtual machine and scan it with all these 4 tools. if they come up with clean results there is nothing to worry but if not then find out the file on server and do what ever you like.

ScIT wrote: ↑

Fri Aug 31, 2018 5:31 am

Think you should check the sftp chroot module from vesta: http://vestacp.com/features/

I use sftp chroot module. And all exactly from the account you can see any information on the other

Security is always first and you need to pay attention.

Funny everyone here, in ignorance, says use sftp plugin.

That does nothing for php. It ONLY restricts ssh.

open_basedir is what others suggested, and it is one of the first steps. Next would be to disable dangerous php functions that nearly ALL shared hosting providers disable.

OS? Nginx + Apache? Things needed to know.

I switched to PHP-FPM using the guide on the forum. (It worked perfectly for ubuntu 18.04). It is much more secure as it runs as the user. (NEVER run sites under admin, create a user).

:-)

This is a MUST starting point for any shared hosting...
I use that even for my personal sites, just in case joomla exploit happens, php shell kits fail.

This will hinder some plugins, but... remove the plugin. Never compromise security for an addition to a site, EVER.

You can disable some php functions, read the message from chrisf