nokiaxv2

and decided to give it a shot. I'm still waiting on my registrar to update my nameservers with the new ip address so my domain will point to my dedicated server. While I was waiting, i decided to take advantage and copied over a few accounts and tested out this whole issue with co-server account users being able to access files of fellow accounts on a shared server.

The guy created a php file that had some of the content of a config.php file or something similar with database login info in it. On that same reseller account, I created the two fake user accounts and one account (victim) got "file.php" and the other("hacker") got "cat.php" The cat.php file basically contained code to access /home/username(victim)/file.php and echo the content.

Well I moved those accounts over to my dedicated server and had the same problems. I'm guessing because it wasn't a perl script, suexec didn't bother it. I read up and a lot of people talked about phpsuexec or suphp. I noticed that I could rebuild apache with PHPsuexec support. So with my fingers crossed, ssh terminal, and an email window open and addressed to support, I initiated the rebuild. It took about 5 minutes or so, but now, I guess the server is "secured" in that aspect. Here's what happens now: http://66.194.239.122/~yoshidom/cat.php as opposed to: http://66.194.41.98/~yoshidom/cat.php

My only concern with this solution is that phpsuexec is binary...which means resources can get gobbled up like cookies with the cookie monster. I plan to keep a close eye out on server performance and see whats up.

__________________
-( NokiaX )-


http://www.eclipse-business.com
Saprus
Dedicated

This made me "LoL"
"Unleashedgamers (5:39:21 AM): where you a script kiddie?"

nokiaxv2

I...man....this phpsuexec...*sigh*

I kinda wish I hadn't fooled with it. Yet atleat. It definately does its job, preventing people from doing things they shouldn't or don't need to be doing. Maybe I should have had it installed before I transferred all my accounts over or afterwards. Some things happened and I wasn't sure if it was cause of phpsuexec or the transfer process or my users. I resolved the problems though. Its pretty easy to install software, modules, and other of the like pretty easily with WHM. You should becareful though when activating these things. They can sometimes break stuff I'm guessing. I've been warned twice now about it, although nothing bad has happened. But anyway, just clicked a few links and phpsuexc was compiled into apache and apache recomiled for me. Just don't know how to get rid of it! If you're pretty savvy with linux, or have the patience to sit down and read up on issues here and there, you'll be fine. I wouldn't want to implement this if you have a lot of clients unless you've researched it pretty well and you know what to do when a problem occurs. I spent the ENTIRE day and some of the new day working out problems that were related or werent with phpsuexec. Its really not as bad as it seems though, although I can't access http://domainname.com/bandwidth/ Probably cause its not in my home directory

Anyway, the server is great and the support is pretty good too. I love the live response of things. Keep it up Surpass, and my review of you at the start of next month will be pretty good. Not that you've been bad anyway.

Anyway, those of you that are interested, research the PHPsuexec and its purpose. Also, I heard something called suPHP, which probably is better and a lot easier? I didn't read abou it. Backup your system if you can, incase you want to just "go back" to before. Implement everything and "get' er done." I can try and give SOME help on the matter, but we'd both probably end up browsing forums and searching google.com/linux

__________________
-( NokiaX )-


http://www.eclipse-business.com
Saprus
Dedicated

This made me "LoL"
"Unleashedgamers (5:39:21 AM): where you a script kiddie?"

shakh

Hello all, I would like to revive this thread, as it relates to my security question:

PHPSuExec versus suPHP, the former is deprecated and the latter is everyone's choice moving forward.
Does any one recommend suPHP or have any better recommendations?

Coincidentally enough, I ran into an article by Kayla (The Nobody Who Became Somebody) on this topic - half a year later, I wonder what she has to say now...

I thought I would post on Surmunity before I contact support. Security is something we should share ;-)

Shalom,
Daniel Shakhmundes

Kayla

Thanks for reviving this thread actually, it's a good one.

That article was in April and really I think the same thing now. I know that everyone says that phpsuexec is not updated anymore - but it simply does its job I think. The last time suPHP had a new release was back in 2006- I don't see how it's much different from phpsuexec in regards to updating. But I think in another year or so, we may look into using it instead because really who wants to use anything that no longer has a team?

__________________

shakh

It was my pleasure, Kayla. ;-)

Maybe phpsuexec will become active again - a new team or a revival of the old one? suPHP doesn't sound that appealing either, if it hasn't been updated since 2006.

I think I read that one of the benefits of suPHP was that it could be enabled/configured per account, whereas phpsuexec is one-size-fits-all covering all accounts (no exceptions!) with the same config/options.

My dedicated server seems to be running securely with CSF/LFD guarding it, but I am still worried about PHP exploitation/abuse...

Keeping my part of the network safe,
D Shak

Dan

<3 CSF/LFD on servers. Very helpful!

And Removed loves installing them for me

__________________
D4nz Net - Surpass Help Desk - NES Forever
Use the thanks button. It works!
AIM: dansorl

removed

Dan, you'll be happy to know that the Surmunity server now has CSF+LFD installed. Courtesy of yours truly.

__________________
Unofficial IRC Channel: #surpass EFNet
Unofficial = No official support. Support requests can be submitted to our helpdesk.

Kayla

Gosh, I love that.

__________________

shakh

Hey, if it wasn't for y'all, I would be paying at least double for the same capacity with less service/support. I am sure there are a lot of people who couldn't even get by without you. I have a lot of clients who count on me too, and thanks to you I am providing some of the most competitive internet services in my region. Earlier this year, I took over another local business with one of my clients who did hosting, and 1 to 2 months ago I took over that client (who was using RackForce). The transitions were predominantly related to security problems in both cases.

It seems to me that PHPSuExec is still a better option over suPHP, because of software compatibility and support. I haven't tried suPHP or know anyone using it, which is another detraction of suPHP.

Shak