Prevent Symlink.

Portal Home > Knowledgebase > Articles Database > Prevent Symlink.

Posted by HostFriendly, 04-06-2012, 05:39 AM
Hi. I have a dedicated server. Linux+cPanel installed About a month i have received an email from an hacker reporting that the server is symlinkable. Hacker simply uploads a shell to one of the account. Then the shell aucomatically creates a "sym" directory on the public_html. Inside the "sym" directory, there is htaccess file. The rules in htaccess are as follows So by writing a username, they can access the files of any account. forexample, they upload shell to d0main.com then, by using this link they can read the configuration file of of tempos123.com d0main.com//sym/root/home/tempos/public_html/configuration.php I have bought a lisence for 2 famous server administration services. Inspite of trying their best, they could not fix the issue yet. Any idea about what to do about this ?
Posted by ishan, 04-06-2012, 06:07 AM
Please see - http://forums.cpanel.net/f185/how-pr...rs-202242.html
Posted by ArturasLIX, 04-06-2012, 09:08 AM
I suggest to add to disable_functions in php.ini
Posted by Patrick, 04-06-2012, 09:12 AM
Doesn't stop the symlink attack. You need to patch Apache using the patch posted on the cPanel forum linked above.
Posted by HostFriendly, 04-06-2012, 09:18 AM
Thanks. I am reading it. Many solutions offered. But i dont know which one is the best. Have anyone used the patch by StevenC his post : forums.cpanel.net/f185/how-prevent-creating-symbolic-links-non-root-users-202242-p4.html#post996441 I think hackers can easly enable those functions by using htaccess and/or php.ini to the public_html. Am i right ?
Posted by ishan, 04-06-2012, 09:20 AM
StevenC and Mitio's solutions work.
Posted by HostFriendly, 04-06-2012, 09:35 AM
Hmm. Nice. Your helps are quite valuable.. Any recommend about which one to use among those 2 patchs ? Does not matter ? Regards.
Posted by ishan, 04-06-2012, 09:37 AM
We used StevenC's method as its just copy paste. Mitio's method will give you a nice shiny checkbox in EasyApache to select while recompiling apache. Both work well, its your preference whether you want a GUI or not.
Posted by HostFriendly, 04-06-2012, 09:53 AM
Great. One more question if possible. Before starting this thread, we contacted cPanel for solution. They told the only solution is to use CageFS We installed CloudLinux and as well CageFS. But not helped. What do you think about this ? Any experience about CageFS? Regards.
Posted by ishan, 04-06-2012, 09:55 AM
As you are using CloudLinux , see - http://www.cloudlinux.com/blog/clnew...for-apache.php http://www.cloudlinux.com/blog/clnew...al-aliases.php
Posted by HostFriendly, 04-06-2012, 10:12 AM
So if i use cloud linux, do i still need to use those patch or clound linux will complately does what those patchs do? I will try securelinks and update if i could be successfull. Regards.