Sponsor:
Server and Web Integrator
Link:
6.5.0
or
7.0.0
Click for "How to install"
Donation/Sponsorship:
Kloxo-MR
is open-source.
Donate and or Sponsorship always welcome.
Click to:
Donate...
MRatWork
Forum
Please
login
or
register
.
2024-06-26, 08:48:43
Home
Help
Search
Calendar
Login
Register
MRatWork Forum by Mustafa Ramadhan
»
Sawo Project - Kloxo-MR Discussions
»
Kloxo-MR Technical Helps
»
how to secure kloxo-mr?
« previous
next »
Print
Pages: [
1
]
Go Down
Author
Topic: how to secure kloxo-mr? (Read 2805 times)
0 Members and 1 Guest are viewing this topic.
medo.mine1
Junior Member
Posts: 47
Karma: +0/-0
how to secure kloxo-mr?
«
on:
2015-11-04, 16:18:55 »
Hello
Today all of my wensites hosted on the kloxo-mr server got hacked !
The hacker uploaded a shell on a website and then he got access to all folders inside /home/ !
Could you please help me securing my kloxo installation?
I am currently re installing kloxo on a new server then I'll move all websites to it.
Thanks in advance
Logged
medo.mine1
Junior Member
Posts: 47
Karma: +0/-0
Re: how to secure kloxo-mr?
«
Reply #1 on:
2015-11-04, 16:25:22 »
how to disable the custom php.ini files created by the client?
I want to force the server to use the php.in default file only.
I set disabled_functions and they can enable it by adding a custom php.ini file
Logged
MRatWork
Administrator
The Elite
Posts: 15,807
Karma: +119/-11
Gender:
Re: how to secure kloxo-mr?
«
Reply #2 on:
2015-11-04, 16:55:00 »
In 'default' setting, impossible shell access via php because function like shell_exec, system and exec already disable. Possible using perl where you need disable cgi for this purpose.
Logged
..::
MRatWork
(Mustafa Ramadhan Projects) ::..
-- Server/Web-integrator -
Web Hosting
(Kloxo-MR READY!) --
medo.mine1
Junior Member
Posts: 47
Karma: +0/-0
Re: how to secure kloxo-mr?
«
Reply #3 on:
2015-11-04, 17:07:51 »
could you please tell me how to disable perl on kloxo the right way?
Thanks a lot for helping me all the time you're so kind
Logged
MRatWork
Administrator
The Elite
Posts: 15,807
Karma: +119/-11
Gender:
Re: how to secure kloxo-mr?
«
Reply #4 on:
2015-11-04, 17:32:25 »
Inform here 'sh /script/sysinfo'.
Logged
..::
MRatWork
(Mustafa Ramadhan Projects) ::..
-- Server/Web-integrator -
Web Hosting
(Kloxo-MR READY!) --
medo.mine1
Junior Member
Posts: 47
Karma: +0/-0
Re: how to secure kloxo-mr?
«
Reply #5 on:
2015-11-04, 17:50:15 »
A. Kloxo-MR: 7.0.0.b-2015103001
- Web: hiawatha-9.15.0-f.6.mr.el6.x86_64
- PHP: php54s-5.4.45-1.ius.el6 (cgi mode)
B. Plateform:
- OS: CentOS release 6.7 (Final) x86_64
- Hostname: server.w.com
C. Services:
1. MySQL: MariaDB-server-10.0.22-1.el6.x86_64
2. PHP:
- Branch: php54-cli-5.4.45-1.ius.el6.x86_64
- Multiple:
* php52m-5.2.17-102.mr.el6
* php53m-5.3.29-1.ius.el6
* php54m-5.4.45-1.ius.el6
* php55m-5.5.30-1.ius.el6
* php56m-5.6.14-1.ius.el6
- Used: php54m
3. Httpd: httpd-2.2.31-1.mr.el6.x86_64
- PHP Type: php-fpm_event
4. Lighttpd: --uninstalled--
5. Hiawatha: --unused--
6. Nginx: --uninstalled--
7. Cache: --uninstalled--
8. Dns: bind-9.9.7-1.mr.el6.x86_64
9. Qmail: qmail-toaster-1.03-1.3.55.mr.el6.x86_64
- with: courier-imap-toaster-4.1.2-1.3.18.mr.el6.x86_64
D. Memory:
total used free shared buffers cached
Mem: 1024 426 598 8 0 265
-/+ buffers/cache: 160 351
Swap: 1024 88 936
E. Disk Space:
Filesystem Size Used Avail Use% Mounted on
/dev/simfs 100G 2.1G 98G 3% /
Logged
MRatWork
Administrator
The Elite
Posts: 15,807
Karma: +119/-11
Gender:
Re: how to secure kloxo-mr?
«
Reply #6 on:
2015-11-04, 17:54:19 »
1. Copy /opt/configs/apache/tpl/domains.conf.tpl to custom.domans.conf.tpl
2. Change 'ScriptAlias /cgi-bin/' to '#ScriptAlias /cgi-bin/' and 'SetHandler cgi-script' to '#SetHandler cgi-script' in custom.domans.conf.tpl
3. Run 'sh /script/fixweb; sh /script/restart-web -y'
Logged
..::
MRatWork
(Mustafa Ramadhan Projects) ::..
-- Server/Web-integrator -
Web Hosting
(Kloxo-MR READY!) --
medo.mine1
Junior Member
Posts: 47
Karma: +0/-0
Re: how to secure kloxo-mr?
«
Reply #7 on:
2015-11-04, 20:18:47 »
Thanks a lot
How to make kloxo more secure ?
Please suggest me anything to prevent him from hacking the new server if you have time .
Kind Regards
Logged
MRatWork
Administrator
The Elite
Posts: 15,807
Karma: +119/-11
Gender:
Re: how to secure kloxo-mr?
«
Reply #8 on:
2015-11-04, 20:50:49 »
Kloxo and Kloxo-MR are different 'product'. Kloxo-MR more features and secure compare to Kloxo (aka Kloxo Official).
No need additional packages/applications for Kloxo-MR to make secure except you are 'paranoid' person.
Logged
..::
MRatWork
(Mustafa Ramadhan Projects) ::..
-- Server/Web-integrator -
Web Hosting
(Kloxo-MR READY!) --
Print
Pages: [
1
]
Go Up
« previous
next »
MRatWork Forum by Mustafa Ramadhan
»
Sawo Project - Kloxo-MR Discussions
»
Kloxo-MR Technical Helps
»
how to secure kloxo-mr?
MRatWork Affiliates:
BIGRAF(R) Inc.
House of LMAR
EFARgrafix
Design By SMFSimple.com
SMF 2.0.15
|
SMF © 2017
,
Simple Machines
Page created in 0.043 seconds with 21 queries.