Hi,
I have been hosting my own site (http://drhack.net) for quite a while. But now I want to start a small hosting company.
With
shared hosting come security issues. What I have been trying to get
around is protecting the server against PHP Shells (like c99 and r57
etc.)
I read in numerous forums to disable php functions like exec(), fopen and numerous more.
BUT
this does not solve my problem. If i plant a c99 shell on my server, I
can still see the 3 drive letters and a directory listings DO open up.
Removing IUSR (under which PHP fastCGI is running i guess) from the
permissions solves the problem of READING/WRITING content, but still
directory listings for drives shows up.
I managed to get my hands on a .dll extension of "suhosin"
(Hardened PHP Project). It does show up in phpinfo() indicating that it
is working BUT I have not been able to cripple the c99 and r57 shells
with it. Any suggestions ?
Any suggestions and solutions??
Regards,
Fadi