Disable List User php Shell (cpanel)

Discussion in 'Masalah Teknik dan Keamanan' started by Wien Dk, 10 May 2011.

Thread Status:
Not open for further replies.
  1. Wien Dk

    Wien Dk Apprentice 1.0

    Messages:
    205
    Likes Received:
    0
    Trophy Points:
    16
    Para master2,
    ni newbie mau tanya, cara disable php shell agar tidak bisa melihat list user cpanel kita gmn ya? :confused:

    dan mengmankan /etc/passwd

    please help ya para master..

    suwun..
     
  2. tokohosting

    tokohosting Expert 1.0

    Messages:
    619
    Likes Received:
    8
    Trophy Points:
    18
    di bagian php.inin nya cari disable_function = "" isi dengan shell_exec, exec, system, dll... tapi ada konsekuensi disable itu, salah satu nya softaculous / fantastico mungkin tidak jalan karena ada yang disable fungsinya
     
  3. Wien Dk

    Wien Dk Apprentice 1.0

    Messages:
    205
    Likes Received:
    0
    Trophy Points:
    16
    kalau sudah di disable,
    "exec,passthru,shell_exec,system,proc_open,popen,curl_multi_exec,parse_ini_file,show_source,phpinfo,allow_url_fopen"
    masih bisa list user karena apa ya?
     
  4. vishualhost

    vishualhost Expert 2.0

    Messages:
    813
    Likes Received:
    81
    Trophy Points:
    28
    coba buat php.ini file di public_html lalu di test klo udah disable di disabled function td apakah di phpinfo masih muncul list disabled functionnya ?
     
  5. vishualhost

    vishualhost Expert 2.0

    Messages:
    813
    Likes Received:
    81
    Trophy Points:
    28
    jalan kok karena cpanel ini beda make php.ini nya dengan php.ini yg dipake buat apache .
    atau bisa juga make internal php loader dengan build /scripts/makecpphp
     
  6. PusatHosting

    PusatHosting Hosting Guru Web Hosting

    Messages:
    3,336
    Likes Received:
    326
    Trophy Points:
    83
    ini shellnya pakai apa? phpshell orb kah? dan shellnya di enkrip ato tidak kalau tidak di enkrip cek saja fungsi yang dipakai untuk tampilkan usernya trus masukin di disable_functions
     
  7. Wien Dk

    Wien Dk Apprentice 1.0

    Messages:
    205
    Likes Received:
    0
    Trophy Points:
    16
    Dibagian manakah ya mas?

    script nya terenkripsi pake r57, klo c99 mah gak fungsi klo pake suhosin
     
  8. PusatHosting

    PusatHosting Hosting Guru Web Hosting

    Messages:
    3,336
    Likes Received:
    326
    Trophy Points:
    83
    coba disable fungsi ini posix_getpwuid
     
  9. Wien Dk

    Wien Dk Apprentice 1.0

    Messages:
    205
    Likes Received:
    0
    Trophy Points:
    16
    Masih bisa :'(
     
  10. Wien Dk

    Wien Dk Apprentice 1.0

    Messages:
    205
    Likes Received:
    0
    Trophy Points:
    16
    Ok sip ternyata bisa mencegah list user dgn safe_mode : on

    Thx
     
Loading...
Thread Status:
Not open for further replies.

Share This Page

Loading...