Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5

stop shell acces

#1
hello

i seen some hackers use shell script or backdoor to hack sites as it displays all info about database and can access filemanager.


is there any special code to stop shell script from getting uploaded in site?
#2
they can upload shell script because vulnerable of the site.
dont worry if your site is clean, not have some bugs.

use themes and plugins from trusted developer.
strip all input form. and don't allow visitor uploading to your site
ytdl.xyz youtube downloader
[-] The following 1 user Likes ogah's post:
  • medicinatic
#3
Yes, when it comes to scripting, always use trusted sources, if you don't know if they are trustworthy, google them, I am sure you'll find if anything is bad about them.

If you are good at programming, always check the source code, you'll understand if there is backdoors or bad code.
#4
Always update your script to the newest one, and dont use theme or plugins from untrusted source
#5
(01-02-2015, 09:56 PM)medicinatic Wrote: If you are good at programming, always check the source code, you'll understand if there is backdoors or bad code.

This is only feasible if the script is small. If you use blog or forum software the amount of code to go through and understand is usually too much for most people.
#6
It is important to check the database user permissions and the webserver user permissions.

You should reduce their permissions to the minimum possible.
#7
verify the current shell access of every user by issuing

cat /etc/passwd

The last column of the ouput is the current shell

Change it to /bin/false.

If your users require shell access you may use a chroot or maybe cloud linux
  




Users browsing this thread:
1 Guest(s)

stop shell acces457