Hacked website

Discussion in 'Server Operation' started by Tomislav Aurednik, Apr 8, 2020.

  1. Hi,
    Let me explain a situation : client1 has 10 websites, so the folders for web server are
    /var/www/clients/client1/web1 (owner web1:client1)
    ...
    /var/www/clients/client1/web10 (owner web1:client10)
    One of this websites was hacked and hacker uploaded a PHP file manager, result was of course full access to all websites of this client (and most of server in read-only mode). By default folders have flags 755 and files 644. I tried different combinations (750, 640...), but always ended in website malfunction. What do you recommend in order to prevent scenario, that one hacked website allows access to all other sites of same client ? Is this possible to prevent "on system level" ?

    Regads,
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    1) Choose a good PHP mode, I recommend using PHP-FPM.
    2) Take care that suexec is enabled in the websites.
    3) Disable all exec like functions for PHP-FPM. You can find lists on the internet which functions you have to put in the disabled_functions option in php.ini for php-fpm.
    4) the PHP open_basedir should be set correctly already, so in case you did not alter it, it will restrict access to the web directory of the current site.

    Then try again to see if that helped.
     

Share This Page