Category Archives: Tips N Trick

Prevent user from creating custom php.ini on suphp servers

October 28, 2011   delaros   No comments   Views: 29

Edit:

/usr/local/apache/conf/php.conf

Then add the following line:

suPHP_Config /usr/local/lib/php.ini

Don’t forget to change the location to your php.ini configuration, as it may be different on your server than the example above and restart Apache.

Read More

.htaccess on suPHP servers

April 01, 2011   delaros   9 Comments   Views: 31

What should my .htaccess file look like if my account is on a suPHP server?
You should remove the lines that begin with “php_value” and “php_flag”. You will need to move these files to a file named php.ini and upload php.ini into your public_html directory. Then, add the following line into the .htaccess file in your public_html:

suPHP_ConfigPath /home/username/public_html

where “username” is your cPanel username. You will need to remove php_value and php_flag from ALL .htaccess files you may have. However, you only need to add the suPHP_ConfigPath line in the .htaccess file in your public_html directory only.

Please note that you will need to change the format of your php_value and php_flag lines into the php.ini format. (Refer to the FAQ entry on how your php.ini file should be formatted).

Read More

How to mass chmod file and folder ?

June 16, 2010   delaros   1 Comment   Views: 219

Mass chmod folder :

find /home/*/public_html -type d -exec chmod 755 {} \;

Mass chmod file :

find /home/*/public_html -type f -exec chmod 644 {} \;

Tested with freebsd server and working 100% :D

Read More

Find r57 and c99 Shells Hidden Inside PHP and TXT Files

June 16, 2010   delaros   7 Comments   Views: 326

When malicious intruders compromise a web server, there’s an excellent chance a famous Russian PHP script, r57shell, will follow. The r57shell PHP script gives the intruder a number of capabilities, including, but not limited to: downloading files, uploading files, creating backdoors, setting up a spam relay, forging email, bouncing a connection to decrease the risk of being caught, and even taking control of SQL databases. All these functions become readily available through an easy to use web interface, but now you can fight back.

A Turkish member on a forum I participate in released this nifty little bash command, but first, make sure you execute updatedb so find has an up to date image to search:

find /var/www/ -name "*".php -type f -print0 | xargs -0 grep r57 | uniq -c | sort -u | cut -d":" -f1 | awk '{print "rm -rf " $2}' | uniq

You can also search regular text (.txt) files:

Read More
« Older posts
Newer posts »

  • Bisnis Online 2012 rekomendasi Admin

    Download panduan singkat menghasilkan ratusan dollar DISINI.