Questions? Start a Support Ticket
User Registration
Customer Login

Knowledgebase

Portal Home > Knowledgebase > Articles Database > how to prevent *nobody* to move in server ?


how to prevent *nobody* to move in server ?




Posted by boxer, 06-13-2009, 04:45 PM
Hello folks ! i have my own box for my forum .. now i shared my box with friend's , but in reall they a freak friend's , just to be in safe brother, am looking to know what function i can disable in php.ini or any problem/tool to prevent anybody / attacker * nobody* permission to move in the server via his shell script.. as we know some attacker's use them own php-shell to hack site's * shared hosting *, so they can move to any account after they know the user account name * /etc/passwd * .. so as i say before is there any good functions to prevent these attacker to move in the server ? so i can disable it .. or install any good tool * else modsecurity * in the system to prevent them *nobody* of that ?? Thanks in advice . boxer
Posted by waveweb, 06-13-2009, 09:42 PM
Hi, you will need to enable suphp to avoid the nobody regarding the php.ini, there are so many settings you can change.
Posted by jphilipson, 06-13-2009, 10:46 PM
suPHP would be the best option to prevent. You could also set your "friend's" account to use php safe_mode from his Apache virtual host, that would prevent him from doing anything bad.
Posted by Lightwave, 06-13-2009, 10:56 PM
suPHP would be the sheep option for those who don't know how to change the Apache MPM to something more appropriate. Regardless.. suhosin might be something to consider.
Posted by boxer, 06-14-2009, 02:06 AM
mmmmmmm thanks in advice guys, but let me tell u that the server is fresh .. so i can change the sys as i can make a chroot/jail for user/ssh Account ? is that a good idea .. chroot/jail account with sushosin ? and please folks could u explane how to play in php.ini so if you could share your's php.ini ?
Posted by Chomer, 06-15-2009, 09:10 AM
boxer, Well you can chroot/jail users as addionational security measurement. (Yes its a good idea) You can use the forum's search function or google with "hardened php.ini" files. But u must understand that any file you will see might be not for you to use. They could be hardened/limited so much maybe it would be not usefull for you. So look for the optimal hardened php.ini files..
Posted by ServerManagement, 06-15-2009, 12:35 PM
You can add as much security as you want but as you add more security, you increase the chance of inteferring with your scripts. Hardening php.ini, modsecurity, etc., are all great for security but we see many common scripts that don't work with all of this. So be careful and do them one at a time, so if there is a problem, you can isolate which one is blocking it.
Posted by boxer, 06-15-2009, 08:12 PM
so chroot/jail system i think is the best idea for the *nobody* permission as we didn't play with the hardend/php.ini file on the sys !? isn't right


Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
Help! I'm drowning in choices for managed server companies (Views: 695)
Annyone has used Certifiedmail.com or Postx?? (Views: 742)
mod_ext_filter vs. mod_filter (Views: 692)
Advertising (Views: 716)
Updating New IP on OpenVPN (Views: 732)


Language:

Our Services

Client Menu

Legal

Terms of Service | Privacy Policy | Refund Policy | Affiliates
Copyright © 2015 DC International LLC in partnership with Bragin IT Solutions Inc. - All Rights Reserved.