Jump to content

Shell code


regdude

Recommended Posts

Hi!

I recently got a shell code on my Lighttpd web server that uses many virtaul hosts.

The php shell code was on one of these virtual hosts, but it had access on all other virtaul hosts and linux files.

How could I disallow access out of the folder (like in FTP, you can't see previous directories)?

Link to comment
Share on other sites

Well, the problem is that a PHP shell can get to the actual root of the system which also includes access to all other virtual hosts on this web server.

I need to disallow access from one virtual host to another. Safe-mode does this, but that makes problems to available intergrated PHP functions.

Can I use open_basedir with virtual hosts? I got this setting wrong and as a result I had a 404 error everywhere.

Maybe .htaccess in the root of virtual host could do the trick?

Link to comment
Share on other sites

This is lighttpd :P

 

Ok, but I ran in to a problem anyway, the virtual host syntax differs.

This is how it looks it lighttpd:

$HTTP["host"] == "x" {
server.document-root = "/var/www/x/htdocs"
server.errorlog = "/var/log/lighttpd/x/error.log"
accesslog.filename = "/var/log/lighttpd/x/access.log"
server.error-handler-404 = "/error.php"
}

 

Also, .htaccess with:

php_value open_basedir "/var/www/music.ngames.lv/htdocs"

doesn't work, the shell still has access out of the virtual host.

Link to comment
Share on other sites

This is lighttpd

 

Sorry, Ive not used it.

 

Also, .htaccess with:

Code: [select]

php_value open_basedir "/var/www/music.ngames.lv/htdocs"

doesn't work, the shell still has access out of the virtual host.

 

That is becasue it is not valid within a .htaccess file.

Link to comment
Share on other sites

Honestly,

 

  If you are using PHP on a server, I suggest using suPHP / suExec.  And if you want to go really paranoid about it, use it under a chroot jail as mentioned.

 

suPHP Information:

 

www.suphp.org/

http://www.markgrenham.com/articles/howto_lighttpd_and_suphp

http://www.itc.virginia.edu/server/web/php/suphp.html

http://howtoforge.com/install-suphp-on-various-linux-distributions-for-use-with-ispconfig-2.2.20-and-above

 

Chroot Information:

 

What is a Chroot?

http://www.rootprompt.org/article.php3?article=10883

http://www.cyberciti.biz/tips/ultimate-lighttpd-webserver-security.html

 

If you are anything like me, when researching how to do something, no single how-to or About is going to suffice.  Thats why I am just linking to several different sites.

 

 

Essentially, suPHP forces php to run as a particular user and ONLY that user (this can be done per-vhost so ONLY the user owning that vhost can access the php files for that site). 

 

Added protection would be implementing a chroot jail. Implementing a chroot jail for your web server will isolate the service to a particular location on the filesystem.  The service may be able to access files below its spot on the file system but will typically not be able to get above its location.  (ex. if you hate lighttpd chrooted to /vhosts/mydomain.tld, it will be able to access /vhosts/mydomain.tld/www-data/images but it will not be able to access /vhosts/myotherdomain.tld).

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.