hello peoples, i have a question about the webserver security. in my global php.ini i have disabled the following functions: dl,passthru,proc_open,proc_close,shell_exec,system,popen,mail,exec i have test with the exec in php to Change or view other Websites on /var/www. so with this setup, the webserver is secure. but my mainproblem is; i need imagemagick for typo3 installations, imagemagick needs php exec. but if i allow exec, i can change Show each web, ... change files, view files, ... safemode is in php 5.3 deprecated and in 5.4 removed... no the question: how i can secure my webserver so that no other customer (in example that the customer Need imagemagick) can change or infect the other webs via exec command? please help. thanks many greets
If you use php mode php-fcgi or php-fpm together with suexec, then all php scripts in a website are run under the web user of this site. All external programs like imagemagick that you run with exec, are run under the website user too then. As each website has its own user (web1, web2, web3 etc.) and each client has its own group, a php user from one site of client a will not be able to read files of other sites of other clients when the files are not world readable. For example: If you set the database connections details in a file, lets call it config.php in web1 to "chmod 750", then a user of web 2 will not be able to read its content with exec if both sites use suexec.
hello till, thank you. but i have another question: i have deleted all files from a Webspace (on this Server where all!! is disabled (System exec, shellexec, passthur...) but a few days later, i have a few files in the root of this Webspace with "infected trojan"... now the main question: how works that? the Password was changed 3 times (ssh Password) no ftp or ssh Access is active for this web... what i can do that i find out from where this files come? malted detect this files as trojan.... thanks
Which user owns the files? Were there really no files in the "web" folder of the site before the trokjan files were added? post the output of: ls -la /var/www/domain.tld/
hello till, root@server:/var/www# ls -lsa /var/www/domain.com 0 lrwxrwxrwx 1 root root 31 28. Jun 11:40 /var/www/domain.com -> /var/www/clients/client6/web11/
im sorry: root@thor:/var/www# ls -la domain.com/ insgesamt 124 drwxr-xr-x 9 root root 4096 28. Jun 11:40 . drwxr-xr-x 5 root root 4096 28. Jun 11:53 .. drwxr-xr-x 2 web11 client6 4096 28. Jun 11:40 cgi-bin drwxr-xr-x 2 root root 4096 11. Okt 09:16 log drwx--x--- 2 web11 client6 4096 28. Jun 11:40 private drwxr-xr-x 2 root root 4096 9. Jul 11:49 ssl drwxrwxrwx 2 web11 client6 90112 10. Okt 16:40 tmp drwx--x--- 20 web11 client6 4096 10. Okt 23:05 web drwx--x--- 2 web11 client6 4096 28. Jun 11:40 webdav
The permissions of the web directory are ok, only the user web1 and the root user can put files there. - Which owner did the infected files had that you found in the web folder? - was the web folder really empty (no php or cgi files inside) before the trojan files were added?
thanks till, i have found the Problem. a ssh user with to much privileges had Access to the Server! now i have changed all Passwords. many greets
