Jump to content

Recommended Posts

I would like to thank you for reading this, I know it is not your job but It is greatly appreciated.

 

My name is Cirium, and I am posting this topic because I need help with PHP security.

 

-----------------------------

 

For a while back I have had the consistent problem of a hacker uploading shells and other files to my VPS server.

This hacker has DDoSed the server, uploaded shells, and managed to find a way around my Control Panel security that was in place.

 

I have managed to solve two of my three problems.

 

The DDoSing, and the part of the shell uploading.

 

The hacker was using shells to retrieve information from the VPS and he uploaded the files to /var/www/html (Centos 5.6)

 

I have changed the permissions for the html folder making them 0500 stopping the hacker from uploading shells to the vps.

 

I run a small business on the vps, that allows users to upload CounterStrike maps and gfx to /home/theirfolder through apache. Everytime I try and change the permissions for /home to try stopping the hacker from uploading files, the users and clients cant upload anything either. Pretty much ruining the whole idea of having the control panel.

 

The control panel works by using the exec command from php. Allowing authorized users to stop and start their CounterStrike server.

 

I have installed mod_security, phpsecinfo, and lots of other hacker prevention tools. I have tried for months to stop this and cannot succeed.

 

The hacker continues to upload files to /home and I cant do anything about it.

Please help me, I have no idea what to do.

Link to comment
https://forums.phpfreaks.com/topic/254142-php-security/
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.