Hello, Am 09. Dezember 2003 12:58 schrieb Jose de Paula Eufrásio Junior:
I got a defacing in my domains this weekend. They used and php shell to run some processes in the machine and replace all index.(html|shtml|php). They changed my users password too, and let a process in the /tmp dir running on port 80.
This doesn't sound like thinks that will run in safe mode ;-)
The thing is, if I turn on PHP Safe Mode, webmail and applications stop working (includes and execs).
This could have several reasons - see features.safe-mode.php in php documentation for details. Are there any warning messages inside your scripts (when you view them in a browser) or entries in /var/log/httpd/error.log?
There's some way to secure PHP and don't lose half of it's funcionality?
- use the open_basedir setting to restrict access to a given directory
(i. e. the docroot). This also can be done per directory or per
virtual host (see below)
- set open_basedir and/or safe_mode per directory or per virtual host.
Setup your PHP "secure" and then add to your httpd.conf
gpgkeys: key BAEC7E8407DF65FB not found on keyserver (Or is is just a problem with my keyserver?)
Gruß Christian Boltz [1] Problems may occur with - header() (different syntax when setting HTTP status codes) - PHP Scripts used as "directories", i. e. index.php/param1/param2 (I like this way to pass parameters, but with CGI version it requires additional mod_rewrite rules :-( ) - other functions I didn't have problems with yet ;-) -- [ACPI] Du kannst da Deinen Power-Knopf konfigurieren wie Du willst. Du kannst den auch so konfigurieren, daß der PC anfängt zu singen ... [Ekkard Gerlach in suse-linux]