stop shell acces

rave

New member
hello

i seen some hackers use shell script or backdoor to hack sites as it displays all info about database and can access filemanager.


is there any special code to stop shell script from getting uploaded in site?
 

ogah

New member
they can upload shell script because vulnerable of the site.
dont worry if your site is clean, not have some bugs.

use themes and plugins from trusted developer.
strip all input form. and don't allow visitor uploading to your site
 

medicinatic

New member
Yes, when it comes to scripting, always use trusted sources, if you don't know if they are trustworthy, google them, I am sure you'll find if anything is bad about them.

If you are good at programming, always check the source code, you'll understand if there is backdoors or bad code.
 

Peter

Member
medicinatic said:
If you are good at programming, always check the source code, you'll understand if there is backdoors or bad code.

This is only feasible if the script is small. If you use blog or forum software the amount of code to go through and understand is usually too much for most people.
 

_Hoh_

New member
It is important to check the database user permissions and the webserver user permissions.

You should reduce their permissions to the minimum possible.
 

amontes

New member
verify the current shell access of every user by issuing

cat /etc/passwd

The last column of the ouput is the current shell

Change it to /bin/false.

If your users require shell access you may use a chroot or maybe cloud linux