Bug or my bad?

Discussion in 'Server Operation' started by almere, Feb 8, 2013.

  1. almere

    almere ISPConfig Developer ISPConfig Developer

    Hi there.

    I just found , not really pretty thing at my server.

    On one of my sites i runned :
    PHP:
    <?php

    exec
    ('find /var/www/clients/ -iname "*" | xargs grep "<?" -sl'$files3);
    print_r($files3); die();
    And i got ALL files of ALL users with "<?" in it. I don't think, it's normally.

    Is it my fault , did i something wrong?

    Please, help!
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Thats normal and not related to ispconfig, so i moved it to the server administration forum. On hosting servers were you want to prevent that, disable functions like exec, passthru, popend ans some others in the php.ini files for php cgi, php fpm and apache (but not in the cli php). You will find detailed tutorials when you google for instructions to harden php. And ensure that you use php mode fcgi, fpm or cgi and enable suexec.
     
  3. almere

    almere ISPConfig Developer ISPConfig Developer

    Thank you.

    cli is for ispconfig only, i guess?
     

Share This Page