Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


prevent shells

Posted on 2008-06-16
Medium Priority
Last Modified: 2010-08-05
i have a Linux server with cpanel and whm on apache server
i need a  way  in a programing shell script  to prevent the execution of the most common php shell pages like r75 and ch99

i need shell pages not to be executed even if its uploaded
not just depend on the file names but depend also on the file content
i have copies of all the common shells in case the programmer need to have a look on them to know what he is going to disable

i know there are way in mod security and i know the root kit hunter but actually am looking for  a way by programing shell script that prevent the execution of the most common php shell page.

Question by:NT-lover
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
  • 2
  • +4
LVL 40

Expert Comment

ID: 21799438
How the files are uploaded?

You may revoke execute permission from those files.

Author Comment

ID: 21800898

actually am looking for solution in scripting shell when hackers they success to uploaded to my server

Author Comment

ID: 21800963

this question  just for EXPERTS   i need shell pages not to be executed even if its uploaded

by  find solution also by  programing script shell  that prevent   php shell pages like r75 and ch99 not just depend on the file names but depend also on the file content,


Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!


Author Comment

ID: 21808188



thank you for replay but actually my question  was very cleared  

(i need way by  programing shell  that prevent shell pages not to be executed even if its uploaded)

and the comment of  My dear . omarfarid:

(You may revoke execute permission from those files).

and you can see am not talking about permission my question  was very clear   as i mention i need way that prevent shell pages not to be  EXECUTED EVEN IF ITS UPLOADED by  (Shell language) not by  permission or way in permission and i mention also EVEN IF ITS UPLOADED

so am not here disrespected anyone and if my dear omarfarid see my words is disrespected for him am apology's for him

  but  i need the experts people that can handle the questions serious and help me and help any one have the same question so the matter is not related to disrespected to anyone i need just  experts and they read the complete question before they post any comment or solution so am not here disrespected anyone

So this my first question if am not welcome here and  am not find here help from experts so please tell dear PenguinMod: to cancel my membership and cancel this question

 thank your for time and your support.


LVL 40

Expert Comment

ID: 21809739
Dear PenguinMod:

Thank you for monitoring the questions and comments made.

Dear NT-lover:

I would like to clarify something. As EE Experts, our goal is to help in answering questions posted.

When I read your question, it was not clear to me how the shell pages are uploaded since hosting providers do allow their customers to upload their pages etc. The first thing came to my mind was if this is the case then revoking the permissions of these pages might give you what you want.

Author Comment

ID: 21809917
Dear omarfarid

First of all, thank you for your replay  and actually i appreciate your help As EE Experts

Second point dear omarfarid

 you should know  there are many exploits that can any hacker upload any php shell such as symlink function , RFI . XSS .. and this example for RFI


so here am not talk about permissions  actually i talk about

How i can stop any php shell after uploaded to my server (and am looking to find solution by shell scripting language ) i hope my question it well be clear know.

Best Regards
LVL 12

Accepted Solution

nexusnation earned 400 total points
ID: 21809969

I am no expert,  but if you set the file modes/permissions using the Chmod UNIX/Linux command to something that does not allow execution, the file by definition cannot be executed. Provided you consider Chmod a "programming shell script," this will work perfectly to prevent the script from being able to execute.


Author Comment

ID: 21810078

it well not help me any solution by modes/permissions because i see many tools that hackers  used it to break the permissions  easily  also if  i prevent   php shell by using idea that related to  permission ? what about perl shell , cgi  shell , telnet shell in addition there are private exploit in php that can break the  file permissions my friend face it before 4 month

so it well not help me  but really thank you for your help and really i appreciate it.

LVL 12

Expert Comment

ID: 21810185

If you're that unnecessarily paranoid about security, you're never going to agree to any solution provided, so there's not much more I can do to help.

File permissions are *not* PHP-based.  They are server-based (in this case Linux).  You can't simply break them using PHP, nor do you set them using php.  Chmod IS a shell command.  This is *exactly* what you're looking for; there's not much else.  After that, you're simply confusing terminology as well as technologies.

There are only two ways to prevent execution of code to your expectation of security:
 - Set appropriate file permissions on the server.
 - Don't upload it to begin with.

That's it.
LVL 16

Assisted Solution

by:Hanno P.S.
Hanno P.S. earned 400 total points
ID: 21811238
a file on a unix system that does not have execute permissions cannot be executed -- that's what the execute permissionis for
This is fundamentally different to any kind of Windows OS as there is no
such mechanism known. Any file with matching extension in it's bare name
(e.g. *.exe) can get executed right away.

The only way to "execute" fileson a Unix-based system which don't have
the execute permission is by letting them get interpreted by some other
executable program. Most commonly, you use some shell (executable) to
interpret a shell script.

Assume you have the file /path-to/file/abc.sh wich is not executable.
You cannot execute it with the command
But it can get interpreted by a shell with the command
  /usr/bin/my-shell  /path-to/file/abc.sh
LVL 51

Assisted Solution

ahoffmann earned 400 total points
ID: 21817106
> .. there are many exploits that can any hacker upload any php shell ..
how about simply disabling uploads
Or do I miss something in the description?
LVL 19

Assisted Solution

by:Gabriel Orozco
Gabriel Orozco earned 400 total points
ID: 22162909
hey I like the comment from ahoffmann :-)

there are a lot of ways you can harden your system

a) upload your files to a partition that has the "noexec" parameter. it is simple: no program will be started from a mount point that has the "noexec" turned on. that is usual for /tmp and /var/tmp

b) only allow php to execute a defined extension, like .php
c) restrict your upload script to NOT ACCEPT anything with extension .php
d) execute file scanners as rootkit hunter.
e) you can write crontab. every minute it launchs a find command for executables. changes them to not exec:
* * * * * /sbin/find /upload/directory -type f -perm +x -exec /sbin/chmod a-x {} \;

also files should not be owned by the same user your web server is running with, so they are not modificable.

these are the first that come into my mind. YMMV
LVL 11

Assisted Solution

gothicbloody earned 400 total points
ID: 22206133
Hi ,
Install mod_security with rules web server firewall , and also try to install suPHP to run script under the same users , and also check folder permissions
LVL 19

Expert Comment

by:Gabriel Orozco
ID: 22208753
mod_security can be costly when the site has many hundred of users. other thant that, it is a great way to secure your system
LVL 19

Expert Comment

by:Gabriel Orozco
ID: 23111055
I got an alert about this question being closed.

Before it is closed, I want to comment a way PHP scripts can be stoped:

use PHP as cgi-bin, not as a module for apache.

then disallow uploads to the cgi-bin directory (very easy is you simply set directory permissions).

that way, even if a php script can be uploaded to the system, it would not be executed unless such script is in the cgi-bin directory, which is not writable.

that is exactly what was asked. how to prevent an uploaded php script to be executed.

NT-lover: can you reply back if this is your answer pls?

Featured Post

Tech or Treat! - Giveaway

Submit an article about your scariest tech experience—and the solution—and you’ll be automatically entered to win one of 4 fantastic tech gadgets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Utilizing an array to gracefully append to a list of EmailAddresses
Active Directory replication delay is the cause to many problems.  Here is a super easy script to force Active Directory replication to all sites with by using an elevated PowerShell command prompt, and a tool to verify your changes.
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question