No announcement yet.

PHP Shell Help:

  • Filter
  • Time
  • Show
Clear All
new posts

  • PHP Shell Help:

    Greetings, my website has recently been hacked using a malicious shell most of them are genrally written in php i don't actually know what php functions to disable to allow me security of the defacement of my websites using such shell scripts. anyone help?

  • #2


    You can disable following php functions in php.ini :

    disable_functions = "shell_exec, system, passthru, exec, popen, proc_close, proc_get_status, proc_nice, proc_open, proc_terminate, highlight_file , ini_get_all, ini_alter, ini_restore, escapeshellcmd, define_syslog_variables, ftp_exec, posix_uname, posix_getpwuid, apache_child_terminate, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, escapeshellarg, posix_uname, syslog, openlog, define_syslog_variables, apache_setenv, ftp_connect, ftp_login, ftp_get, inject_code, ftp_put, ftp_nb_fput, ftp_raw, ftp_rawlist, mysql_pconnect".

    Then restart apache / httpd service.

    Best Regards,

    Last edited by Sebastian; 16-07-09, 11:23 AM.
    Virtuozzo VPS Hosting || Cloud Hosting


    • #3
      Will this stop me running Shoucast on my server?
      Last edited by JasonWaterfield; 17-07-09, 04:21 PM.


      • #4

        We are not sure exactly which php functions are utilized by the Shoutcast server. We can re-enable php functions later if required enabled for Shoutcast functioning.
        Best Regards,
        System Administrator


        • #5
          oki many thanks wat doe system() and exec() do if someone upload shell would this do anythinguseful?


          • #6
            Hi Jason

            The system function in PHP takes a string argument with the command to execute. It executes the given command and store result or output to any output stream

            The exec function in PHP store output generated by the program to the output stream, in an array.

            These functions can be use to exploit the system using shell script and should be disable
            as far as server security is concern


            • #7
              In this attack the hacker create a SQL Injection. In this attack, a user is able to execute SQL queries in your website's database. This attack is usually performed by entering text into a form field which causes a subsequent SQL query, generated from the PHP form processing code, to execute part of the content of the form field as though it were SQL. To avoid this the best way is check for PHP vulnerabilities. To check whether your web site & applications are vulnerable to PHP hack attacks is by using a Web Vulnerability Scanner. A Web Vulnerability Scanner crawls your entire website and automatically checks for vulnerabilities to PHP attacks.