Skip to main content

disable viewing/exutting 755 perm files

Comments

5 comments

  • cPanelMichael
    Hello :) Restricting any file that utilizes 0755 permissions is not recommended. You can modify the "Directory "/" Options" configuration for Apache via: "WHM Home " Service Configuration " Apache Configuration " Global Configuration" Thank you.
    0
  • arabgenius
    [quote="cPanelMichael, post: 1454851">Hello :) Restricting any file that utilizes 0755 permissions is not recommended. You can modify the "Directory "/" Options" configuration for Apache via: "WHM Home " Service Configuration " Apache Configuration " Global Configuration" Thank you.
    sorry but I am speaking about directory home & /usr/local/apache/htdocs how to set this [COLOR="#FF0000">Options=IncludesNOEXEC,-Indexes,Includes,-MultiViews,SymLinksIfOwnerMatch,-FollowSymLinks or how to disable viewing any 755 perm file inside home
    0
  • quizknows
    ModSecurity, PHP settings, and Apache settings can only do so much. You need to find out HOW the cgi-telnet is getting there. most of the time, it is because of old wordpress plugins or joomla components being exploited. You should keep the apache access logs for your site(s) by enabling the archiving in each cpanel ("Raw Access logs"). When cgi-telnet script(s) appear, you can use the time stamps of the files to see how they were uploaded. Your best defense is making sure all installed web applications get updated on a regular basis, and have strong passwords.
    0
  • arabgenius
    [quote="quizknows, post: 1455072">ModSecurity, PHP settings, and Apache settings can only do so much. You need to find out HOW the cgi-telnet is getting there. most of the time, it is because of old wordpress plugins or joomla components being exploited. You should keep the apache access logs for your site(s) by enabling the archiving in each cpanel ("Raw Access logs"). When cgi-telnet script(s) appear, you can use the time stamps of the files to see how they were uploaded. Your best defense is making sure all installed web applications get updated on a regular basis, and have strong passwords.
    thank you quizknows but your advise is good when we speack about 2-15 website but if you have shared hosting and you have more thant 150 account how do you think you will manage ?
    0
  • quizknows
    I manage many shared servers with that many accounts. I highly recommend using cloudlinux with CageFS and SecureLinks. This way if one site is hacked, they cannot affect your other customers. Customers who are hacked because of their own out-of-date software are responsible for their own cleanup, though I often do clean it up for them as a courtesy. One other thing; the execute permissions of a malicious CGI or PHP script really don't matter - it just has to be readable. PHP itself is the executable. You can "execute" a php file even if it is 444 since PHP itself is being executed and the script [name] itself is just an argument.
    0

Please sign in to leave a comment.