Replying to Bogdan Webb's reply recommending sohusin:
This appears to be exactly what I needed, thanks! The stock ports PHP
install already has the suhosin patch, but the extension is a godsend!
Not only does it log everything, but it let's you manage php functions on
a per virtual host
try php's safe_mode but it is likely to keep the hackers off, indeed they
can get in and snatch some data but they would be kept out of a shell's
reach... but sometimes safe_mode is not enough... try considering Suhosin
but the addon not the patch... and define the
suhosin.executor.func.blacklist
Bogdan Webb wrote:
try php's safe_mode but it is likely to keep the hackers off, indeed they
can get in and snatch some data but they would be kept out of a shell's
reach... but sometimes safe_mode is not enough... try considering Suhosin
but the addon not the patch... and define the
(please reply-all; I am not sub'd and sorry for the top posting):
I have safe_mode off due to popular demand. So many customer apps demand
that it be kept off. In fact, here is a post from one of the Zen people
on the Zen-cart forum. In light of this exploit, this might be a little
Indeed it's pretty tricky with safe_mode, like for certain i know that a
version of a popular r57 shell had safe_mode bypass - i was stunned to check
the shell myself on my server... and i was thinking that safe_mode is
enough... (+ i was using the suhoshin patch *witch in fact does nothing
Whoever speculated that my server may have been compromised was on to
something (see bottom). The good news is, it does appear to be contained
to the www unpriveleged user (with no shell). The bad news is, they can
still cause a lot of trouble. I found the compromised customer site and