webshell problem

i have tried https://github.com/b374k/b374k this php shell.
i mean if my customer put it shell to thier website.
then my whole server was exploded.

anyone know how to fix it?

Howdy,

What problem is it that you’ve having exactly?

-Eric

thanks yr reply.
assume my hosting client wanna hack our server.
then he upload that php shell.

he could use terminal etc to hack my server.
i think is it basedir problem and permission.

Howdy,

Ah, being able to browse the filesystem doesn’t mean that the user can hack anything. Any web-based file manager would allow that.

There is some information on all that here in the sections “How can I prevent FTP Users from Browsing the Entire Filesystem” and “How can I prevent other types of users from browsing the entire filesystem”:

https://www.virtualmin.com/documentation/security/faq

That won’t stop users using sftp but permissions should, I hope stop them going where they are not allowed and having access to sensistive info.

Hi,

As a rule of thumb, if you give a parent folder 0700 permission you’ll prevent “non-owners” from reading, writing, or executing in that directory. This is how most filesystems are designed.

Best Regards, Peter Knowles TPN Solutions

Email: pknowles@tpnsolutions.com
Phone: 604-782-9342
Skype: tpnsupport
Website: http://www.tpnsolutions.com


Ask me about my new support plans which include a FREE copy of Virtualmin Pro!!!