#1  
Old 20th September 2006, 17:47
TheRudy TheRudy is offline
Senior Member
 
Join Date: Dec 2005
Posts: 215
Thanks: 1
Thanked 7 Times in 5 Posts
Default limited programs for users

Erm didn't find the right words for topic..

anyway, since most of the big php portal scripts have loads of security holes i am in a process to limit them even more. Most of the hacks happen using wget or similar programs that can download scripts with bad bad code from net to server. So i'm chmod-ing these programs to 700 aka only root can run them.

So far my list is:
wget
gcc
cc
make
scp

Anything else that we could add to this list?
Reply With Quote
Sponsored Links
  #2  
Old 21st September 2006, 17:42
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,722 Times in 2,563 Posts
Default

Might also be a good idea to chroot your users: http://www.howtoforge.com/chrooted_ssh_howto_debian

mod_security is also interesting: http://www.howtoforge.com/apache_mod_security
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 22nd September 2006, 11:34
TheRudy TheRudy is offline
Senior Member
 
Join Date: Dec 2005
Posts: 215
Thanks: 1
Thanked 7 Times in 5 Posts
Default

SSH is not allowed only for my IP.
mod_security already running..

Was just thinking that programs that are able to download files are not needed for users cause this way most of the auto scripts hack portals and stuff.. extra security if you will..

Any more ideas about programs that can download files from internet and are not important to users?
Reply With Quote
  #4  
Old 23rd September 2006, 15:32
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,722 Times in 2,563 Posts
 
Default

Quote:
Originally Posted by TheRudy
Any more ideas about programs that can download files from internet and are not important to users?
Command-line FTP clients, then maybe svn, rsync, ...
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Support for other Webmail programs (HORDE) pontifex Feature Requests 14 1st December 2005 16:57


All times are GMT +2. The time now is 06:42.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.