Cirium Posted December 31, 2011 Share Posted December 31, 2011 I would like to thank you for reading this, I know it is not your job but It is greatly appreciated. My name is Cirium, and I am posting this topic because I need help with PHP security. ----------------------------- For a while back I have had the consistent problem of a hacker uploading shells and other files to my VPS server. This hacker has DDoSed the server, uploaded shells, and managed to find a way around my Control Panel security that was in place. I have managed to solve two of my three problems. The DDoSing, and the part of the shell uploading. The hacker was using shells to retrieve information from the VPS and he uploaded the files to /var/www/html (Centos 5.6) I have changed the permissions for the html folder making them 0500 stopping the hacker from uploading shells to the vps. I run a small business on the vps, that allows users to upload CounterStrike maps and gfx to /home/theirfolder through apache. Everytime I try and change the permissions for /home to try stopping the hacker from uploading files, the users and clients cant upload anything either. Pretty much ruining the whole idea of having the control panel. The control panel works by using the exec command from php. Allowing authorized users to stop and start their CounterStrike server. I have installed mod_security, phpsecinfo, and lots of other hacker prevention tools. I have tried for months to stop this and cannot succeed. The hacker continues to upload files to /home and I cant do anything about it. Please help me, I have no idea what to do. Quote Link to comment https://forums.phpfreaks.com/topic/254142-php-security/ Share on other sites More sharing options...
Cirium Posted January 1, 2012 Author Share Posted January 1, 2012 Solved. Quote Link to comment https://forums.phpfreaks.com/topic/254142-php-security/#findComment-1302969 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.