Skip to main content
We are aware of an issue after updating to cPanel versions 11.110.0.65, 11.126.0.21, or 11.128.0.11, some cPanel plugins or features are no longer functioning properly including WP Toolkit. Please see the following article for more information and updates:
Update to latest cPanel 110, 126, or 128 versions removes "addonfeatures" directory.

PHP.Shell-38 Found

yatinthakur
Hello While daily server scan I found some files with result : PHP.Shell-38 found . When I tested those file found its very risky. How can I prevent user for accessing/uploading these types for files I found that by setting shell_exec in php.ini will stop access those file. but as I am having suphp on server, users can override rule by creating own php.ini in their account. There mus be some way to block it but how ?

Comments

6 comments

Date Votes
  • PlotHost
    [quote="yatinthakur, post: 1740161"> How can I prevent user for accessing/uploading these types for files
    By using something like [url=http://www.configserver.com/cp/cxs.html]ConfigServer eXploit Scanner (cxs) [quote="yatinthakur, post: 1740161"> I found that by setting shell_exec in php.ini will stop access those file. but as I am having suphp on server, users can override rule by creating own php.ini in their account. There mus be some way to block it but how ?
    Read here
    0
  • cPanelMichael
    Hello :) Yes, as mentioned in the previous post, the following thread provides information on how to restrict users from modifying the php.ini file when suPHP is enabled: Methods to increase security with suPHP Thank you.
    0
  • quizknows
    These files are generally uploaded through old CMS software and/or out-dated CMS plugins. On the domain you found the file on, make sure you update all software (i.e. wordpress, joomla), themes, components, and plugins. Also change the administrator password for the CMS. You can do all sorts of things to secure your server, but if your customer installs a vulnerable CMS plugin, there is very little you can do to stop it from being hacked, aside from a very good ModSecurity rule set.
    0
  • 24x7server
    Hello, if you are getting this file in the LMD ( Linux Malware Detect ) scan report, then I will suggest you enable " MODSECURITY2 UPLOAD SCANNING " with the LMD and mod_sec. Please check it at
    0
  • yatinthakur
    [quote="24x7server, post: 1741241">Hello, if you are getting this file in the LMD ( Linux Malware Detect ) scan report, then I will suggest you enable " MODSECURITY2 UPLOAD SCANNING " with the LMD and mod_sec. Please check it at
    0
  • 24x7server
    Hi Dear, It's nice to hear that your issue has been fixed. :)
    0

Please sign in to leave a comment.

Didn't find what you were looking for?

New post