Fed0t Posted October 20, 2011 Report Posted October 20, 2011 Adaugati aceste lucruri in fisierul php.ini ,sa va protejati server-ul de executarea de shelluri php.disable_functions = php_uname, getmyuid, getmypid, passthru, leak, listen, diskfreespace, tmpfile, link, ignore_user_abord, shell_exec, dl, set_time_limit, exec, system, highlight_file, source, show_source, fpaththru, virtual, posix_ctermid, posix_getcwd, posix_getegid, posix_geteuid, posix_getgid, posix_getgrgid, posix_getgrnam, posix_getgroups, posix_getlogin, posix_getpgid, posix_getpgrp, posix_getpid, posix, _getppid, posix_getpwnam, posix_getpwuid, posix_getrlimit, posix_getsid, posix_getuid, posix_isatty, posix_kill, posix_mkfifo, posix_setegid, posix_seteuid, posix_setgid, posix_setpgid, posix_setsid, posix_setuid, posix_times, posix_ttyname, posix_uname, proc_open, proc_close, proc_get_status, proc_nice, proc_terminate, phpinfo,system,passthru,shell_exec,escapeshellarg,escapeshellcmd,proc_close,proc_open,ini_alter,dl,popen,popen,pcntl_exec,socket_accept,socket_bind,socket_clear_error,socket_close,socket_connectsafe_mode = Onregister_globals = Offdisplay_errors = Offallow_url_fopen = Offallow_url_include = Offenable open_basedir(set it to webroot path)Schimbati permsiunea fisierlui Php.ini astfel incat doar adminul poate modifica fisierul! 1 Quote
XandZero Posted October 20, 2011 Report Posted October 20, 2011 ... pff si acuma toti "nobii " o sa aibe securizat .. mai bine il stergeai Quote
bcman Posted October 20, 2011 Report Posted October 20, 2011 (edited) @XandZeroDe ce? Eu consider ca a facut un lucru bun, astfel, chiar si cei "mai putin initiati" vor avea site-ul cat de cat securizat. Sau tu esti mare 1337 si vrei sa "spargi" site-uri facut de asa zisii "nobi", profitand de faptul ca ei nu stiu sa il securizeze? Edited October 20, 2011 by bcman Quote
pyth0n3 Posted October 20, 2011 Report Posted October 20, 2011 You can help protect yourself by taking a few simple precautions on third party hosting. Quote
Fed0t Posted October 20, 2011 Author Report Posted October 20, 2011 sa va protejati server-ul de executarea de shelluri phpasta nu inseamna ca e serverul securizat, nu? Quote
Mr.Proper Posted October 20, 2011 Report Posted October 20, 2011 ... pff si acuma toti "nobii " o sa aibe securizat .. mai bine il stergeaiEl a impartit ceva pe RST, tu ce ai impartit? Mai bine taceai.Daca dezactivezi unele functii dupa aia sunt sanse mari ca unele scripturi sa nu functioneze corect.Oricum ai facut bine ca ai postat. Quote
synkron Posted November 29, 2011 Report Posted November 29, 2011 unde e php.ini asta de exemplu la un forum? Quote
l34k Posted November 29, 2011 Report Posted November 29, 2011 unde e php.ini asta de exemplu la un forum?In /etc.[The message you have entered is too short. Please lengthen your message to at least 10 characters] Quote
aelius Posted November 29, 2011 Report Posted November 29, 2011 @Fed0t:ignore_user_abord -> asta da ignore la userul ... de la bordul vaporului ? (e abort)shell_exec -> este pusa de doua ori.exec -> lipseste Quote
wildchild Posted November 30, 2011 Report Posted November 30, 2011 benny are dreptate. e ca si cum ai vrea sa ai protejat la maxim serverul si sa inchizi toate porturile. Quote
pyth0n3 Posted November 30, 2011 Report Posted November 30, 2011 Sa readuc aminte pentru care probabil nu stie , shell-urile nu trebuie neap?rat sa fie in PHPDepinde si de tipul de baza de date care vine folosit. Quote
