prevent shells

i have a Linux server with cpanel and whm on apache server
i need a  way  in a programing shell script  to prevent the execution of the most common php shell pages like r75 and ch99

i need shell pages not to be executed even if its uploaded
not just depend on the file names but depend also on the file content
i have copies of all the common shells in case the programmer need to have a look on them to know what he is going to disable

i know there are way in mod security and i know the root kit hunter but actually am looking for  a way by programing shell script that prevent the execution of the most common php shell page.

Who is Participating?
nexusnationConnect With a Mentor Commented:

I am no expert,  but if you set the file modes/permissions using the Chmod UNIX/Linux command to something that does not allow execution, the file by definition cannot be executed. Provided you consider Chmod a "programming shell script," this will work perfectly to prevent the script from being able to execute.
How the files are uploaded?

You may revoke execute permission from those files.
NT-loverAuthor Commented:

actually am looking for solution in scripting shell when hackers they success to uploaded to my server
We Need Your Input!

WatchGuard is currently running a beta program for our new macOS Host Sensor for our Threat Detection and Response service. We're looking for more macOS users to help provide insight and feedback to help us make the product even better. Please sign up for our beta program today!

NT-loverAuthor Commented:

this question  just for EXPERTS   i need shell pages not to be executed even if its uploaded

by  find solution also by  programing script shell  that prevent   php shell pages like r75 and ch99 not just depend on the file names but depend also on the file content,


NT-loverAuthor Commented:



thank you for replay but actually my question  was very cleared  

(i need way by  programing shell  that prevent shell pages not to be executed even if its uploaded)

and the comment of  My dear . omarfarid:

(You may revoke execute permission from those files).

and you can see am not talking about permission my question  was very clear   as i mention i need way that prevent shell pages not to be  EXECUTED EVEN IF ITS UPLOADED by  (Shell language) not by  permission or way in permission and i mention also EVEN IF ITS UPLOADED

so am not here disrespected anyone and if my dear omarfarid see my words is disrespected for him am apology's for him

  but  i need the experts people that can handle the questions serious and help me and help any one have the same question so the matter is not related to disrespected to anyone i need just  experts and they read the complete question before they post any comment or solution so am not here disrespected anyone

So this my first question if am not welcome here and  am not find here help from experts so please tell dear PenguinMod: to cancel my membership and cancel this question

 thank your for time and your support.


Dear PenguinMod:

Thank you for monitoring the questions and comments made.

Dear NT-lover:

I would like to clarify something. As EE Experts, our goal is to help in answering questions posted.

When I read your question, it was not clear to me how the shell pages are uploaded since hosting providers do allow their customers to upload their pages etc. The first thing came to my mind was if this is the case then revoking the permissions of these pages might give you what you want.
NT-loverAuthor Commented:
Dear omarfarid

First of all, thank you for your replay  and actually i appreciate your help As EE Experts

Second point dear omarfarid

 you should know  there are many exploits that can any hacker upload any php shell such as symlink function , RFI . XSS .. and this example for RFI


so here am not talk about permissions  actually i talk about

How i can stop any php shell after uploaded to my server (and am looking to find solution by shell scripting language ) i hope my question it well be clear know.

Best Regards
NT-loverAuthor Commented:

it well not help me any solution by modes/permissions because i see many tools that hackers  used it to break the permissions  easily  also if  i prevent   php shell by using idea that related to  permission ? what about perl shell , cgi  shell , telnet shell in addition there are private exploit in php that can break the  file permissions my friend face it before 4 month

so it well not help me  but really thank you for your help and really i appreciate it.


If you're that unnecessarily paranoid about security, you're never going to agree to any solution provided, so there's not much more I can do to help.

File permissions are *not* PHP-based.  They are server-based (in this case Linux).  You can't simply break them using PHP, nor do you set them using php.  Chmod IS a shell command.  This is *exactly* what you're looking for; there's not much else.  After that, you're simply confusing terminology as well as technologies.

There are only two ways to prevent execution of code to your expectation of security:
 - Set appropriate file permissions on the server.
 - Don't upload it to begin with.

That's it.
Hanno P.S.Connect With a Mentor IT Consultant and Infrastructure ArchitectCommented:
a file on a unix system that does not have execute permissions cannot be executed -- that's what the execute permissionis for
This is fundamentally different to any kind of Windows OS as there is no
such mechanism known. Any file with matching extension in it's bare name
(e.g. *.exe) can get executed right away.

The only way to "execute" fileson a Unix-based system which don't have
the execute permission is by letting them get interpreted by some other
executable program. Most commonly, you use some shell (executable) to
interpret a shell script.

Assume you have the file /path-to/file/ wich is not executable.
You cannot execute it with the command
But it can get interpreted by a shell with the command
  /usr/bin/my-shell  /path-to/file/
ahoffmannConnect With a Mentor Commented:
> .. there are many exploits that can any hacker upload any php shell ..
how about simply disabling uploads
Or do I miss something in the description?
Gabriel OrozcoConnect With a Mentor Solution ArchitectCommented:
hey I like the comment from ahoffmann :-)

there are a lot of ways you can harden your system

a) upload your files to a partition that has the "noexec" parameter. it is simple: no program will be started from a mount point that has the "noexec" turned on. that is usual for /tmp and /var/tmp

b) only allow php to execute a defined extension, like .php
c) restrict your upload script to NOT ACCEPT anything with extension .php
d) execute file scanners as rootkit hunter.
e) you can write crontab. every minute it launchs a find command for executables. changes them to not exec:
* * * * * /sbin/find /upload/directory -type f -perm +x -exec /sbin/chmod a-x {} \;

also files should not be owned by the same user your web server is running with, so they are not modificable.

these are the first that come into my mind. YMMV
gothicbloodyConnect With a Mentor Commented:
Hi ,
Install mod_security with rules web server firewall , and also try to install suPHP to run script under the same users , and also check folder permissions
Gabriel OrozcoSolution ArchitectCommented:
mod_security can be costly when the site has many hundred of users. other thant that, it is a great way to secure your system
Gabriel OrozcoSolution ArchitectCommented:
I got an alert about this question being closed.

Before it is closed, I want to comment a way PHP scripts can be stoped:

use PHP as cgi-bin, not as a module for apache.

then disallow uploads to the cgi-bin directory (very easy is you simply set directory permissions).

that way, even if a php script can be uploaded to the system, it would not be executed unless such script is in the cgi-bin directory, which is not writable.

that is exactly what was asked. how to prevent an uploaded php script to be executed.

NT-lover: can you reply back if this is your answer pls?
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.