Restricting PHP file names
Hi all,
Lately I've been having some security issues with a software I am using, I believe the software might have some type of exploit that allows files to be uploaded to it's root directory. I don't want to say the name of the software at this point until that vendor has fully checked into it, but as a temporary solution I thought it might be possible to restrict file names of PHP files that are allowed to run under my cpanel account. Is this possible?
i.e. if the attacker does upload a file called "shell.php", they won't be able to run it if it doesn't match a file name in the list of allows PHP files
-
Hello :) It might be possible, but I don't really think it would be an effective way of mitigating an attack. Instead, you should ensure Mod_Security is installed with a robust ruleset, and ensure overall security is increased by reviewing any warnings in the "Security Advisor" option within WHM. If it's an exploit within a script, check with the developer to see if a patch is available until a new release is pushed out. Thank you. 0 -
A good modsecurity rule set will help. You can deny a specific file name with a very basic modsecurity rule: SecRule REQUEST_URI "shell\.php" "id:2923545,deny" You could make additional rules; each needs a unique number after id: 0 -
I am having the developer/vendor check into it, but I want to continue using the software so I don't have any downtime. I thought about making rules that would block certain file names, but all they would have to do is rename the file, which is why I wanted to block all except the permitted file names. Is there any other ideas for this temporary fix? I currently do have mod_security installed for other things, but I don't know how to write many rules. 0 -
You could do it but it would be a pretty ugly rule. Better to properly investigate the point of entry at this point. 0
Please sign in to leave a comment.
Comments
4 comments