Author Topic: how to secure kloxo-mr? (Read 2805 times)

medo.mine1 · « **on:** 2015-11-04, 16:18:55 »

Hello

Today all of my wensites hosted on the kloxo-mr server got hacked !
The hacker uploaded a shell on a website and then he got access to all folders inside /home/ !
Could you please help me securing my kloxo installation?
I am currently re installing kloxo on a new server then I'll move all websites to it.
Thanks in advance

medo.mine1 · « **Reply #1 on:** 2015-11-04, 16:25:22 »

how to disable the custom php.ini files created by the client?
I want to force the server to use the php.in default file only.
I set disabled_functions and they can enable it by adding a custom php.ini file

MRatWork · « **Reply #2 on:** 2015-11-04, 16:55:00 »

In 'default' setting, impossible shell access via php because function like shell_exec, system and exec already disable. Possible using perl where you need disable cgi for this purpose.

medo.mine1 · « **Reply #3 on:** 2015-11-04, 17:07:51 »

could you please tell me how to disable perl on kloxo the right way?
Thanks a lot for helping me all the time you're so kind

MRatWork · « **Reply #4 on:** 2015-11-04, 17:32:25 »

Inform here 'sh /script/sysinfo'.

medo.mine1 · « **Reply #5 on:** 2015-11-04, 17:50:15 »

A. Kloxo-MR: 7.0.0.b-2015103001
- Web: hiawatha-9.15.0-f.6.mr.el6.x86_64
- PHP: php54s-5.4.45-1.ius.el6 (cgi mode)
B. Plateform:
- OS: CentOS release 6.7 (Final) x86_64
- Hostname: server.w.com
C. Services:
1. MySQL: MariaDB-server-10.0.22-1.el6.x86_64
2. PHP:
- Branch: php54-cli-5.4.45-1.ius.el6.x86_64
- Multiple:
* php52m-5.2.17-102.mr.el6
* php53m-5.3.29-1.ius.el6
* php54m-5.4.45-1.ius.el6
* php55m-5.5.30-1.ius.el6
* php56m-5.6.14-1.ius.el6
- Used: php54m
3. Httpd: httpd-2.2.31-1.mr.el6.x86_64
- PHP Type: php-fpm_event
4. Lighttpd: --uninstalled--
5. Hiawatha: --unused--
6. Nginx: --uninstalled--
7. Cache: --uninstalled--
8. Dns: bind-9.9.7-1.mr.el6.x86_64
9. Qmail: qmail-toaster-1.03-1.3.55.mr.el6.x86_64
- with: courier-imap-toaster-4.1.2-1.3.18.mr.el6.x86_64
D. Memory:
total used free shared buffers cached
Mem: 1024 426 598 8 0 265
-/+ buffers/cache: 160 351
Swap: 1024 88 936
E. Disk Space:
Filesystem Size Used Avail Use% Mounted on
/dev/simfs 100G 2.1G 98G 3% /

MRatWork · « **Reply #6 on:** 2015-11-04, 17:54:19 »

1. Copy /opt/configs/apache/tpl/domains.conf.tpl to custom.domans.conf.tpl
2. Change 'ScriptAlias /cgi-bin/' to '#ScriptAlias /cgi-bin/' and 'SetHandler cgi-script' to '#SetHandler cgi-script' in custom.domans.conf.tpl
3. Run 'sh /script/fixweb; sh /script/restart-web -y'

medo.mine1 · « **Reply #7 on:** 2015-11-04, 20:18:47 »

Thanks a lot

How to make kloxo more secure ?

Please suggest me anything to prevent him from hacking the new server if you have time .
Kind Regards

MRatWork · « **Reply #8 on:** 2015-11-04, 20:50:49 »

Kloxo and Kloxo-MR are different 'product'. Kloxo-MR more features and secure compare to Kloxo (aka Kloxo Official).

No need additional packages/applications for Kloxo-MR to make secure except you are 'paranoid' person.

Author Topic: how to secure kloxo-mr? (Read 2805 times)

medo.mine1

how to secure kloxo-mr?

medo.mine1

Re: how to secure kloxo-mr?

MRatWork

Re: how to secure kloxo-mr?

medo.mine1

Re: how to secure kloxo-mr?

MRatWork

Re: how to secure kloxo-mr?

medo.mine1

Re: how to secure kloxo-mr?

MRatWork

Re: how to secure kloxo-mr?

medo.mine1

Re: how to secure kloxo-mr?

MRatWork

Re: how to secure kloxo-mr?