Results 1 to 2 of 2
Hi, A while back I got infected with a nasty scripts on my site. I found a file, dir.php, that looked suspicious and it turned out it was somewhat of ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 04-30-2012 #1
- Join Date
- Apr 2012
Apache: prevent users from browsing the server
A while back I got infected with a nasty scripts on my site.
I found a file, dir.php, that looked suspicious and it turned out it was somewhat of a multitool for exploring the system.
The thing that bothered me the most was that the "hacker" could browse my entire webserver, read /etc/passwd and lots of other stuff.
Here is a link to a .zip of the script: omg.nu/dir.zip
My anti-virus gave me a warning about a PHP backdoor just to let you know!
However, I'm wondering how do I protect myself against this?
Can I chroot every vhost so they can only read their documentroot?
What do big webhosters do to prevent users from using this scripts like this and steal information on the servers?
Thanks for any info on this!
- 05-15-2012 #2
- Join Date
- May 2012
We can run Root-kit hunters on daily basis which scans for suspicious files or scripts running which can be automated through cron to send the scan reports and also applying some rules configuration files of the webserver will help in securing the server