All Questions
219
questions
0
votes
0
answers
38
views
Secure location of PHP files used in LAMP stack
I'm setting up a LAMP stack on Ubuntu 20.04, and had this recent discussion with a colleague about the fact that it's better to not keep the PHP scripts of all of your stack (classes, API Controllers ...
- 187
0
votes
1
answer
32
views
Using old web application with outdated PHP version behind .htaccess folder protection
I probably need a web server with an outdated PHP Version (7.2.34) for an older HTML/PHP/MySQL based web application. Since it's for a manageable closed user group, I exceptionally considered using a ...
-1
votes
1
answer
1k
views
How do you protect (PHP) source code from the web host?
So, you just created the next killer app, possibly in PHP. You have done everything to keep hackers out. There is no way they can steal the code! Except for someone from the web hosting company, of ...
1
vote
1
answer
45
views
Php Server Side Security
I try to code new application. User's uploading their php script and all scripts stored in 1 folder like that;
Some folder
Another System Folder
Projects Folder
project 1
index.php
project 2
...
0
votes
1
answer
575
views
Why do hosts disable PHP's fpassthru()?
I've been working on a PHP application that uses the fpassthru built-in function, which reads contents from a stream or file pointer, and outputs them to the output buffer. It's very similar to the ...
- 11
0
votes
0
answers
152
views
Can I redirect one specific url in Nginx for WordPress?
I want to redirect one specific url in Nginx to 'not found' or 'hidden'
url: /wp-admin/load-scripts.php?c=1&load[]=jquery-effects-blind
reason: https://hackerone.com/reports/925425
my codes in ...
- 1
1
vote
3
answers
2k
views
What information in phpinfo is sensitive?
I was told that phpinfo contains sensitive data so you should delete it in production environment. But this afternoon I took a good look at it and found nothing interesting.
So here's my question. ...
- 25
0
votes
1
answer
2k
views
Laravel Mailtrap SMTP Crack
I have an older Laravel 5.7 project handed to me. Laravel's current version is 8. I don't know if these details are relevant to my problem, but I'm adding them anyway. I have a test server running off ...
0
votes
1
answer
2k
views
Original php mysql extension for php56
First a note: Yes, I'm well aware this extension in deprecated and has a ton of security flaws, I'm duplicating a clients active server in docker for recovery and migration (after client's server was ...
- 109
0
votes
1
answer
427
views
Restarting Apache with PHP
How would I go about restarting Apache with a PHP script while keeping correct security measures on a production server? This is because restarting Apache requires the use of sudo or root privileges, ...
- 95
0
votes
1
answer
133
views
How to detect how an intruder is gaining access to my server? [duplicate]
I previous asked this question on StackOverflow. I was recommended here for help. There are some more details on that question.
Someone has somehow gained unauthorized access to my website. They have ...
- 171
0
votes
1
answer
256
views
How to prevent Apache2 malware execute
Is there any way to prevent to execute some unwanted malware in Apache2.
One of our clients Wordpress website is hacked and there was a files like /wp-content/uploads/2020/05/U27I0x
Those files ...
- 101
0
votes
1
answer
41
views
Is there some mechanisms in PHP to assign "less trust" to scripts in a given dir?
I've attempted to ask this (in different ways) many times without ever getting a clear, real answer, nor even seem to be understood at all.
This has been a continuous worry and problem for me for ...
- 1
0
votes
1
answer
35
views
PHP logging every write on the disk
I have server with mod_php and several sites.
Seems some of the sites is hacked, because random index.php appeared on other sites as well.
For performance issues, I can not / do not want to switch ...
- 826
0
votes
0
answers
564
views
security - deny all direct php request from nginx
After some (failed it seems, can't be sure since if someone actually got access can erase the trails) hack attempts during last few days over one of my servers I decided to tighten the security a bit.
...
- 793
1
vote
1
answer
249
views
Security Related to Send-Only Postfix Server
New Ubuntu admin here, trying to enable the PHP mail() function on my server. I have it working, but am wondering if my setup is secure...
My [full] mail solution is as follows:
1) For incoming mail ...
- 11
0
votes
1
answer
78
views
Proper rights and owner for web executable file saving/reading sensitive information
I have app wrote in php that saves and reads sensitive information into file /sensitive/sensitive.txt. File that is saving and reading sensitive information is user.php. The whole app is in a separate ...
0
votes
1
answer
1k
views
Which apache/httpd (root or www-data) user, who load /etc/php.ini when webserver startup?
I want to secure my php ini access right.
We know that apache/httpd master process, is owned by root. Then it spawn new child process in www-data user.
If /etc/php.ini loaded by apache as root user, ...
- 11
1
vote
1
answer
2k
views
Disable PHP stack traces in Apache logs?
I've run across an in-house PHP application which occasionally crashes during user authentication and dumps a stacktrace into /var/log/apache2/. Problem is it logs the username and pass in cleartext.
...
- 3,732
2
votes
1
answer
442
views
How to prevent PHP on a virtualhost/website from writing to another virtualhost's/website's directory on the same Apache server?
I want to prevent virtualhost #1 from writing or reading to virtualhost #2 without losing writing access to the www-data at all (because the applications need to write to the directory).
My current ...
- 123
0
votes
0
answers
35
views
Security Scan causing weird logs
So some time ago, I coded a website(PHP) and wanted to check for common web security vulnerability. I used Nessus and Burp Suite to scan for vulnerabilities in my website. The scan result showed no ...
- 101
0
votes
1
answer
174
views
Hostname based traffic routing to ips and ports
Need to figure out a safe setup that allows me to control traffic based on hostnames.
For example at the moment I am dealing with a small list of people on a small machine. Every one of this persons ...
- 1
1
vote
1
answer
529
views
Why should I disable PHP's ini_set() on a server?
I'm starting to manage a VPS, and I have read that I should disable the ini_set() function. but I couldn't find a proper explanation on why I should do this. Any good well-explained reason?
- 121
0
votes
3
answers
10k
views
Apache www permissions for php script
I have a php script which run a private social network.
It's running on a Ubuntu 16.04.03 with an mariadb and apache 2 and php7 config.
I have created a new folder in /var/www/myscript and copied ...
- 1
0
votes
1
answer
133
views
Is it a security risk to run a local node server next to public web api?
I am currently running a public web api that runs on PHP. I was thinking of adding a local node server with which the PHP can interact. It would allow me to do stuff like passing off long running ...
1
vote
0
answers
23
views
Secure access to pre authorized individuals only on application server
I am building a PHP application and would like to lock the backend (even login page) to only be accessible to preauthorized people - even further be able to link activities to the authorized ...
- 177
-1
votes
2
answers
57
views
Is it a bad practice to send a link that shows direct IP adress to contact a server? [PHP]
I don't have much server security experience, so just looking for an answer (I've searched and have gotten mixed results).
I have a server that stores a bunch of data with MySQL. I want to create an ...
0
votes
1
answer
1k
views
Php functions are disabled, but somehow they can be executed
I had one problem on my server today and I discovered malicious code which is used to gain access to my system for attacker.
I have downloaded that php script, but what was weird is that I saw ...
- 161
0
votes
3
answers
1k
views
Config.php file has Mysql password in plain text, is this wise?
Title basically says it all, the default config.php file created when installing the CRM product/frontend (SugarCRM) that my client purchased has the MySQL db user's password stored in it in plain ...
1
vote
2
answers
2k
views
Maldet with ClamAV missing PHP base64_decode() & eval() hacks
I've installed Linux Malware Detect and ClamAV in my CentOS 7 server and seems it's all ok as it hits on the EICAR malware test files and does scheduled scans without issues.
The problem comes when I ...
- 125
0
votes
0
answers
182
views
Store and read private key securely
i'm wondering what would be the best way to store private key in web server and read it from web apps?
So far the action taken is the directory of private key will deny all access from browser, and ...
- 111
1
vote
2
answers
681
views
How to disable suhosin only for a certain directory
I need suhosin disabled for my moodle directory, would putting a .htaccess file disable it only for that directory or would that disable it for the whole site?
- 129
0
votes
1
answer
104
views
Php - Suhosin is blocking moodle installation
I'm having problems to install moodle onto my server because of suhosin, and when i look at the suhosin logs there's stuff like this:
Aug 8 19:23:55 dynavio suhosin[22877]: ALERT - script tried to ...
- 129
0
votes
1
answer
2k
views
LAMP/Apache2: How to set webhook API PHP file as public but outside of project root directory?
I have an AWS EC2 LAMP server (using Apache 2.0 and mod_php5) with a basic directory structure like this:
var
|-- www
| `-- api_folder (NOT public)
| | |-- sensitive files (NOT ...
- 123
1
vote
0
answers
36
views
Someone Uploaded PHP Backdoor to Wordpress Site [duplicate]
I have enough security that I was alerted to a PHP backdoor that was uploaded to a WordPress site hosted on one of my servers. It was removed within minutes of being uploaded so no damage was done. No ...
- 11
0
votes
0
answers
366
views
Site unreachable due to attack - xmlrpc.php
Today our server was not reachable. It was returning a 502.
We are running Nginx 1.10 on Ubuntu 14.04. We also use PHP7 (only, no PHP5).
In the logs, we got the same error from the same client (2 ...
- 2,006
1
vote
1
answer
74
views
Secure AD Access
I was just trying to access and Active Directory-Server via php (ldap) to be able to use Windows credentials for a Website Login. I did this using xampp on my standard Windows connecting to a Windows ...
0
votes
0
answers
14
views
How did my non-CMS based website get hacked? I have a file called mails.php which contains a preg_replace statement [duplicate]
I have a series of websites in my server, all of which share the same set of PHP files. They're not based in any CMS (no Wordpress, no Joomla, etc.). All of them contain my own "CMS" so to speak. I've ...
- 101
0
votes
2
answers
922
views
Requests made to a website with a different domain/url in log files, hacking attempt?
in one of my websites I am logging all url requests made to the server. I log that data for stats purpose to improve the website.
The logs look like
http://example.com/search 2016-01-12 23:03:...
- 125
2
votes
1
answer
755
views
How to avoid PHP Filesman Backdoor
We have a server and use it as a shared-server for our clients. Most of the clients use Wordpress and we have a classic LAMP environment set for it. We give SFTP access to each client (with chrooted ...
- 21
1
vote
5
answers
2k
views
Webserver exposes client real IP address in OpenVPN network
One of our corporate websites run on Linux server, built with Apache2 and PHP5.
Several web pages can only be accessed from OpenVPN subnet (addresses 10.8.0.1/24). To check each request, php script ...
- 93
0
votes
1
answer
171
views
Finding the security hole that causes creating of /tmp/susu1
We discovered binaries /tmp/susu1 and /tmp/susu2 and executed by the webserver user.
In the logs we have the following entries:
[24/Sep/2015:06:09:34 +0200] "GET /cgi-sys/entropysearch.cgi HTTP/1.0" ...
- 706
2
votes
1
answer
635
views
How to setup safe PHP and SFTP
My current setup includes nginx and php5-fpm. This question is about a host which contains a Wordpress site. The host has its own fpm pool with user:group, let's call it wordpress:wordpress. Nginx ...
- 21
0
votes
1
answer
496
views
Store OpenLDAP connection on a php session with cookies [closed]
Só I have a ldap server that should be managed via php, I can modify anything in Apache,OpenLDAP or php. But as this site already covered I can't store a LDAP connection in a _SESSION variable on php.....
- 103
0
votes
0
answers
2k
views
Suspicious SELinux Audit Log Entries PHP-FPM Write Denied - How to investigate?
I found a few /var/log/audit/audit.log entries which have me a little bit concerned. SEAlert explains them as such:
SELinux is preventing /usr/sbin/php-fpm from write access on the directory ...
- 3,941
1
vote
1
answer
44
views
Webserver | IIS | Configuring to not run certain files
I currently have a webserver running Windows Server 2012 which is running IIS as its webserver and using PHP.
Lets assume the a user is able to upload a trojan onto my server, either through a ...
- 11
1
vote
1
answer
477
views
Block/Prevent Adminer - Apache [duplicate]
I found out that if someone was able to hack any FTP account on my server and upload Adminer they could alter the database. I tried Google'ing a way to block or prevent Adminer from working, but got ...
- 39
2
votes
1
answer
1k
views
Which "try_files" nginx directive is best for the zero-day exploit?
So far I have been using the following in the php location of my nginx config files
try_files $uri $uri/ /index.php?$query_string;
However, I just saw in the Wordpress Codex guide that for the zero-...
- 363
-1
votes
1
answer
200
views
Is it a ok wordpress file or is hack, look at this code [duplicate]
I was facing a hack
My website is not hosted on a server but shared hosting, If server is hacked I cannot do anything.
My Question is not about how to safeguard the server, but is the below code is ...
0
votes
4
answers
5k
views
Permissions set to 555. How can another user modify the files? [duplicate]
I run an Ubuntu 12.04 x64 VPS with Vesta, and a site in PHP. It has been hacked several times with injected code that looks like this:
<?php $KoDgalxVvsZfidVcEOTJDeMX='ba'.'se6'.'4_deco'.'de';eval(...
- 11