0

What is the best way to prevent from uploading c99shell,r57shell and another php sheller? i want when an attacker upload a shell the sheller don't show for him.
I use mod_security ver 1.x
Thanks in advance

alysa
  • 11
  • 1
  • 1
    You fix your application so that 1) the attacker can't upload malicious content or 2) once it's uploaded it can't be executed in any manner. – EEAA Jul 09 '13 at 20:45
  • Ok, if the attacker get the password of joomla with trojan, and upload a shell from the joomla panel, so is there any fault in joomla application? – alysa Jul 09 '13 at 20:50
  • 1
    If that happens, you have far larger problems to solve. – EEAA Jul 09 '13 at 21:07

2 Answers2

1

Install a tool such as maldet to scan uploaded files, and the entire system on a regular basis. It's designed specifically to catch malicious software in shared web hosting environments.

Michael Hampton
  • 237,123
  • 42
  • 477
  • 940
0

from link

First, add the following lines to your php.ini file. Check with your hosting provider to find out if and how you can edit your php.ini file.

allow_url_fopen = off
allow_url_include = off
disable_functions = "apache_child_terminate, apache_setenv, define_syslog_variables, escapeshellarg, escapeshellcmd, eval, exec, fp, fput, ftp_connect, ftp_exec, ftp_get, ftp_login, ftp_nb_fput, ftp_put, ftp_raw, ftp_rawlist, highlight_file, ini_alter, ini_get_all, ini_restore, inject_code, mysql_pconnect, openlog, passthru, php_uname, phpAds_remoteInfo, phpAds_XmlRpc, phpAds_xmlrpcDecode, phpAds_xmlrpcEncode, popen, posix_getpwuid, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, posix_setuid, posix_uname, proc_close, proc_get_status, proc_nice, proc_open, proc_terminate, shell_exec, syslog, system, xmlrpc_entity_decode"
zortacon
  • 119
  • 5