PHP > Disable Sockets / Outgoing Connections

Hi,

I run a shared server (hosting), and someone seems do be trying to create a XSS "attack" on a webite, then blame it on me. My solution is to disable all sockets, (outbound connections), but how do I do this?

Should I disable the functions seperatly in PHP.ini? Also, I've turned allow_url_fopen to Off.

Jay
LVL 4
Jay-ShahjAsked:
Who is Participating?
 
ravenplCommented:
> Yes, exactly. Can I drop outgoing :80 packets, would this be advisable?
That You can do with firewall. What more, You can disable locally spawned connections by user ie. apache.

iptables -I OUTPUT -p tcp --dport 80 -m owner --uid-owner apache -m state --state NEW -j REJECT
but You may omit: -m owner --uid-owner apache
0
 
ravenplCommented:
> Should I disable the functions seperatly in PHP.ini
I guess so. there is
disable_functions =
configuration variable

But then, there are cgi scripts...
0
 
Jay-ShahjAuthor Commented:
Yes, exactly. Can I drop outgoing :80 packets, would this be advisable?

Jay
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
Jay-ShahjAuthor Commented:
User: apache?

ATM its running as nobody, how can I assign it to apache?

"but You may omit: -m owner --uid-owner apache"
 > sorry?

Jay
0
 
ravenplCommented:
If it's run as nobody, use nobody user.
It's quite common to run apache web server as apache or httpd user.
0
 
Jay-ShahjAuthor Commented:
Any chance you could quickly tell me the command to add a user, so I can change it in httpd.conf?

Thanks!

Jay
0
 
ravenplCommented:
> Any chance you could quickly tell me the command to add a user, so I can change it in httpd.conf?
It's fine to run apache as nobody

useradd apache # should create group called apache as well
0
 
Jay-ShahjAuthor Commented:
I've added the IP Tables rule, and now every site on apache is 403 Forbidden.

How do i delete it?

Jay
0
 
Jay-ShahjAuthor Commented:
My bad, apache wouldn't run with the user as apache, altered ip tables to nobody.

Thanks a million!

A++

Jay
0
 
ravenplCommented:
> How do i delete it?
instead of
iptables -I
iptables -A
use
iptables -D

But tell me, is the rule working for You or not?
0
 
Jay-ShahjAuthor Commented:
Yes, working perfectly.

-D delete worked, then I pasted it using "nobody" rather than apache.

You RULE!

Jay
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.