Fed0t Posted October 20, 2011 Report Share Posted October 20, 2011 Adaugati aceste lucruri in fisierul php.ini ,sa va protejati server-ul de executarea de shelluri php.disable_functions = php_uname, getmyuid, getmypid, passthru, leak, listen, diskfreespace, tmpfile, link, ignore_user_abord, shell_exec, dl, set_time_limit, exec, system, highlight_file, source, show_source, fpaththru, virtual, posix_ctermid, posix_getcwd, posix_getegid, posix_geteuid, posix_getgid, posix_getgrgid, posix_getgrnam, posix_getgroups, posix_getlogin, posix_getpgid, posix_getpgrp, posix_getpid, posix, _getppid, posix_getpwnam, posix_getpwuid, posix_getrlimit, posix_getsid, posix_getuid, posix_isatty, posix_kill, posix_mkfifo, posix_setegid, posix_seteuid, posix_setgid, posix_setpgid, posix_setsid, posix_setuid, posix_times, posix_ttyname, posix_uname, proc_open, proc_close, proc_get_status, proc_nice, proc_terminate, phpinfo,system,passthru,shell_exec,escapeshellarg,escapeshellcmd,proc_close,proc_open,ini_alter,dl,popen,popen,pcntl_exec,socket_accept,socket_bind,socket_clear_error,socket_close,socket_connectsafe_mode = Onregister_globals = Offdisplay_errors = Offallow_url_fopen = Offallow_url_include = Offenable open_basedir(set it to webroot path)Schimbati permsiunea fisierlui Php.ini astfel incat doar adminul poate modifica fisierul! 1 Quote Link to comment Share on other sites More sharing options...
XandZero Posted October 20, 2011 Report Share Posted October 20, 2011 ... pff si acuma toti "nobii " o sa aibe securizat .. mai bine il stergeai Quote Link to comment Share on other sites More sharing options...
bcman Posted October 20, 2011 Report Share Posted October 20, 2011 (edited) @XandZeroDe ce? Eu consider ca a facut un lucru bun, astfel, chiar si cei "mai putin initiati" vor avea site-ul cat de cat securizat. Sau tu esti mare 1337 si vrei sa "spargi" site-uri facut de asa zisii "nobi", profitand de faptul ca ei nu stiu sa il securizeze? Edited October 20, 2011 by bcman Quote Link to comment Share on other sites More sharing options...
pyth0n3 Posted October 20, 2011 Report Share Posted October 20, 2011 You can help protect yourself by taking a few simple precautions on third party hosting. Quote Link to comment Share on other sites More sharing options...
Fed0t Posted October 20, 2011 Author Report Share Posted October 20, 2011 sa va protejati server-ul de executarea de shelluri phpasta nu inseamna ca e serverul securizat, nu? Quote Link to comment Share on other sites More sharing options...
Mr.Proper Posted October 20, 2011 Report Share Posted October 20, 2011 ... pff si acuma toti "nobii " o sa aibe securizat .. mai bine il stergeaiEl a impartit ceva pe RST, tu ce ai impartit? Mai bine taceai.Daca dezactivezi unele functii dupa aia sunt sanse mari ca unele scripturi sa nu functioneze corect.Oricum ai facut bine ca ai postat. Quote Link to comment Share on other sites More sharing options...
synkron Posted November 29, 2011 Report Share Posted November 29, 2011 unde e php.ini asta de exemplu la un forum? Quote Link to comment Share on other sites More sharing options...
l34k Posted November 29, 2011 Report Share Posted November 29, 2011 unde e php.ini asta de exemplu la un forum?In /etc.[The message you have entered is too short. Please lengthen your message to at least 10 characters] Quote Link to comment Share on other sites More sharing options...
aelius Posted November 29, 2011 Report Share Posted November 29, 2011 @Fed0t:ignore_user_abord -> asta da ignore la userul ... de la bordul vaporului ? (e abort)shell_exec -> este pusa de doua ori.exec -> lipseste Quote Link to comment Share on other sites More sharing options...
wildchild Posted November 30, 2011 Report Share Posted November 30, 2011 benny are dreptate. e ca si cum ai vrea sa ai protejat la maxim serverul si sa inchizi toate porturile. Quote Link to comment Share on other sites More sharing options...
pyth0n3 Posted November 30, 2011 Report Share Posted November 30, 2011 Sa readuc aminte pentru care probabil nu stie , shell-urile nu trebuie neap?rat sa fie in PHPDepinde si de tipul de baza de date care vine folosit. Quote Link to comment Share on other sites More sharing options...