How can i disable cgi shell (security issue!)

musti19

• October 26, 2013 06:36

Hello, i detected today, that one people uploaded a file, withem it is possible to upload, download files and execute commands(shell) How can i disable shell function? (This file is named web.root and executable) Is this a security issue of cpanel ?

• 

  HostingH

  • October 26, 2013 17:38

  Hello, Its not related with Cpanel. First you must change your FTP pass, If you are using any third party application, please upgrade it to latest version. Disable unwanted themes/plugins. Set hard pass for admin panel etc. You can disable php function in php.ini as follows: disable_functions = "apache_child_terminate, apache_setenv, define_syslog_variables, escapeshellarg, escapeshellcmd, eval, exec, fp, fput, ftp_connect, ftp_exec, ftp_get, ftp_login, ftp_nb_fput, ftp_put, ftp_raw, ftp_rawlist, highlight_file, ini_alter, ini_get_all, ini_restore, inject_code, mysql_pconnect, openlog, passthru, php_uname, phpAds_remoteInfo, phpAds_XmlRpc, phpAds_xmlrpcDecode, phpAds_xmlrpcEncode, popen, posix_getpwuid, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, posix_setuid, posix_uname, proc_close, proc_get_status, proc_nice, proc_open, proc_terminate, shell_exec, syslog, system, xmlrpc_entity_decode" Plz try it.

  0
• 

  cPanelMichael

  • October 28, 2013 03:32

  [quote="musti19, post: 1491032">that one people uploaded a file, withem it is possible to upload, download files and execute commands(shell)
  Could you elaborate a little more on how the file was uploaded? Was it through FTP, File Manager, or through a PHP script? Thank you.

  0

Please sign in to leave a comment.