HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Server Operation (http://www.howtoforge.com/forums/forumdisplay.php?f=5)
-   -   Bug or my bad? (http://www.howtoforge.com/forums/showthread.php?t=60489)

almere 8th February 2013 16:14

Bug or my bad?
 
Hi there.

I just found , not really pretty thing at my server.

On one of my sites i runned :
PHP Code:

<?php

exec
('find /var/www/clients/ -iname "*" | xargs grep "<?" -sl'$files3);
print_r($files3); die();

And i got ALL files of ALL users with "<?" in it. I don't think, it's normally.

Is it my fault , did i something wrong?

Please, help!

till 8th February 2013 23:29

Thats normal and not related to ispconfig, so i moved it to the server administration forum. On hosting servers were you want to prevent that, disable functions like exec, passthru, popend ans some others in the php.ini files for php cgi, php fpm and apache (but not in the cli php). You will find detailed tutorials when you google for instructions to harden php. And ensure that you use php mode fcgi, fpm or cgi and enable suexec.

almere 10th February 2013 18:57

Thank you.

cli is for ispconfig only, i guess?


All times are GMT +2. The time now is 12:04.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.