Well, the first thing to do would be to figure out what application allowed someone from the Internet to both upload and execute a PHP script – that’s problem #1
Assuming someone else managed to upload and execute c99Shell, what might you do to prevent that? I think open_basedir is only going to do so much for you there, it doesn’t trap every possible function PHP might run.
There’s some Apache modules out there with a goal of making it more secure; mod_security may help there. I’ve also seen some people who like mod_block_worms, though I haven’t tried it.
But there’s a variety of rules you can use with mod_security – some folks even seem to suggest disabling the use of certain PHP functions.
I haven’t done that, but I might recommend Googling on “mod_security c99Shell” for some ideas.
-Eric
i once uploaded that script myself for testing and forgot to remove it
it got indexed and some black hat kids played around with it. However they couldn’t do much
you need to set open_baserdir to stop most kids, + you can do something minimal like:
disable_functions = show_source, system, exec, shell_exec, passthru, popen, proc_open, ini_restore, symlink
and enable_dl off and fopen set to off
there are more settings in the php.ini you can use to make the server a bit safer
Im running in mod_fcgid with suexec and only give trusted users the possibility to change the php.ini
But phpinfo() doesn’t show this plugin, I’ve restarted apache but still nothing…Not sure what I need to be doing to get it to use the new version that I compiled…make, make test, make install…