• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1308
  • Last Modified:

PHP > Disable Sockets / Outgoing Connections

Hi,

I run a shared server (hosting), and someone seems do be trying to create a XSS "attack" on a webite, then blame it on me. My solution is to disable all sockets, (outbound connections), but how do I do this?

Should I disable the functions seperatly in PHP.ini? Also, I've turned allow_url_fopen to Off.

Jay
0
Jay-Shahj
Asked:
Jay-Shahj
  • 6
  • 5
1 Solution
 
ravenplCommented:
> Should I disable the functions seperatly in PHP.ini
I guess so. there is
disable_functions =
configuration variable

But then, there are cgi scripts...
0
 
Jay-ShahjAuthor Commented:
Yes, exactly. Can I drop outgoing :80 packets, would this be advisable?

Jay
0
 
ravenplCommented:
> Yes, exactly. Can I drop outgoing :80 packets, would this be advisable?
That You can do with firewall. What more, You can disable locally spawned connections by user ie. apache.

iptables -I OUTPUT -p tcp --dport 80 -m owner --uid-owner apache -m state --state NEW -j REJECT
but You may omit: -m owner --uid-owner apache
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
Jay-ShahjAuthor Commented:
User: apache?

ATM its running as nobody, how can I assign it to apache?

"but You may omit: -m owner --uid-owner apache"
 > sorry?

Jay
0
 
ravenplCommented:
If it's run as nobody, use nobody user.
It's quite common to run apache web server as apache or httpd user.
0
 
Jay-ShahjAuthor Commented:
Any chance you could quickly tell me the command to add a user, so I can change it in httpd.conf?

Thanks!

Jay
0
 
ravenplCommented:
> Any chance you could quickly tell me the command to add a user, so I can change it in httpd.conf?
It's fine to run apache as nobody

useradd apache # should create group called apache as well
0
 
Jay-ShahjAuthor Commented:
I've added the IP Tables rule, and now every site on apache is 403 Forbidden.

How do i delete it?

Jay
0
 
Jay-ShahjAuthor Commented:
My bad, apache wouldn't run with the user as apache, altered ip tables to nobody.

Thanks a million!

A++

Jay
0
 
ravenplCommented:
> How do i delete it?
instead of
iptables -I
iptables -A
use
iptables -D

But tell me, is the rule working for You or not?
0
 
Jay-ShahjAuthor Commented:
Yes, working perfectly.

-D delete worked, then I pasted it using "nobody" rather than apache.

You RULE!

Jay
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 6
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now