Sponsor:

Server and Web Integrator
Link:
Kloxo-MR logo
6.5.0 or 7.0.0
Click for "How to install"
Donation/Sponsorship:
Kloxo-MR is open-source.
Donate and or Sponsorship always welcome.
Click to:
Click Here
Please login or register. 2017-11-07, 21:20:52

Author Topic: Block 0x00 PHP shell backdoor  (Read 1669 times)

0 Members and 1 Guest are viewing this topic.

Offline Spacedust

  • Super Grand Master
  • ****
  • Posts: 3,944
  • Karma: +1/-0
    • View Profile
Block 0x00 PHP shell backdoor
« on: 2015-09-19, 12:19:57 »
It's always uploaded somehow and clamd or maldet does not detect it !

We have to block css_.php

« Last Edit: 2015-09-19, 12:56:36 by Spacedust »

Offline MRatWork

  • Administrator
  • The Elite
  • *****
  • Posts: 15,381
  • Karma: +112/-9
  • Gender: Male
    • View Profile
    • MRatWork Forum
Re: Block 0x00 PHP shell backdoor
« Reply #1 on: 2015-09-19, 14:02:57 »
Try add assert and eval in php's disable_functions.
..:: MRatWork (Mustafa Ramadhan Projects) ::..
-- Server/Web-integrator - Web Hosting (Kloxo-MR READY!) --

Offline Spacedust

  • Super Grand Master
  • ****
  • Posts: 3,944
  • Karma: +1/-0
    • View Profile
Re: Block 0x00 PHP shell backdoor
« Reply #2 on: 2015-09-28, 11:39:21 »
Try add assert and eval in php's disable_functions.

I need eval for my scripts ;)

Offline MRatWork

  • Administrator
  • The Elite
  • *****
  • Posts: 15,381
  • Karma: +112/-9
  • Gender: Male
    • View Profile
    • MRatWork Forum
Re: Block 0x00 PHP shell backdoor
« Reply #3 on: 2015-09-28, 12:36:09 »
Try add assert (no eval).
..:: MRatWork (Mustafa Ramadhan Projects) ::..
-- Server/Web-integrator - Web Hosting (Kloxo-MR READY!) --

Offline Spacedust

  • Super Grand Master
  • ****
  • Posts: 3,944
  • Karma: +1/-0
    • View Profile
Re: Block 0x00 PHP shell backdoor
« Reply #4 on: 2015-09-28, 15:39:55 »
I've added this - especially getcwd stopped this backdoor:

Quote
php_admin_value[disable_functions] = apache_note,apache_setenv,chgrp,closelog,debugger_off,debugger_on,define_sys,define_syslog_variables,diskfreespace,dl,escapeshellarg,escapeshellcmd,getmypid,getmyuid,getcwd,getperms,ini_restore,leak,listen,openlog,passthru,pclose,pcntl_alarm,pcntl_exec,pcntl_fork,pcntl_setpriority,pcntl_signal,pcntl_signal_dispatch,pcntl_sigprocmask,pcntl_sigtimedwait,pcntl_strerror,pcntl_wait,pcntl_waitpid,pcntl_wstopsig,pcntl_wtermsig,php_uname,popen,posix,posix_ctermid,posix_getcwd,posix_getegid,posix_geteuid,posix_getgid,posix_getgrgid,posix_getgrnam,posix_getgroups,posix_getlogin,posix_getpgid,posix_getpgrp,posix_getpid,posix_getpwnam,posix_getpwuid,posix_getrlimit,posix_getsid,posix_getuid,posix_isatty,posix_kill,posix_mkfifo,posix_setegid,posix_seteuid,posix_setgid,posix_setpgid,posix_setsid,posix_setuid,posix_times,posix_ttyname,posix_uname,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,shell_exec,show_source,syslog,url_exec,_getppid

 


Top 10 Social Networking:    Facebook    Twitter    LinkedIn    Pinterest    Google Plus    Tumblr    Instagram    VK    Flickr    Vine

Page created in 0.039 seconds with 17 queries.

web stats analysis
 
Mirror created by MasterkinG32.CoM