Server security

Discussions about server security -- questions and answeres

Moderators: macek, egami, gesf

arctic
New php-forum User
New php-forum User
Posts: 3
Joined: Wed Feb 06, 2008 1:38 am

Server security

Postby arctic » Wed Feb 06, 2008 11:34 am

Is this secure?
Running apache (2.1) on windows 2003 server. Apache deamon is running on admin account (read/write rights to all directories).
MySQL 5 is running on administrator account.

PHP 5 module is loaded on the apache server with administrator user. (can write on directoryes/files) (users home directory)

i have a multiuser system.

Users can upload files to their home directory (ftp)(the ftp i secure)

If user A have files on /home/userA ,
is it possible for user B to upload a php script to his home direcotry /home/UserB,

and so,

can this scrip change/write/delete files on user A's home directory /home/userA ??
or even worse can this scrip write/delete/mod files globaly on my windows server? (like c:\windows..., or read c:\secure\.htpassword files)

I know i can run the ftp deamon on another system account and denie write access to /home direcory (only read access),
but this is a problem, you cannot run an image gallery then (like coppermine)

i know i also can set php to safe mode. but im not shure what php save mode does?

configuration tips need'ed

jameesranger
New php-forum User
New php-forum User
Posts: 4
Joined: Mon Oct 04, 2010 8:04 am

Re: Server security

Postby jameesranger » Mon Oct 04, 2010 8:08 pm

:?

ashksngh
New php-forum User
New php-forum User
Posts: 3
Joined: Thu Feb 16, 2012 12:21 am
Contact:

Re: Server security

Postby ashksngh » Fri Feb 17, 2012 12:12 am

For server security avoid using FTP, Telnet, And Rlogin / Rsh, Minimize Software to Minimize Vulnerability, One Network Service Per System or VM Instance, Keep Linux Kernel and Software Up to Date, Use Linux Security Extensions, User Accounts and Strong Password Policy.
___________________________________________________________

TheProdigyGuy
New php-forum User
New php-forum User
Posts: 215
Joined: Wed Dec 07, 2011 5:25 pm

Re: Server security

Postby TheProdigyGuy » Mon Feb 20, 2012 4:49 pm

Running apache (2.1) on windows 2003 server. Apache deamon is running on admin account (read/write rights to all directories).


Apache 2.1.x ? I don't know exact build etc but at least search for 0day exploits for 2.1.x(because many scriptkiddiez uses 0day)(0day is your enemy)

Running apache with admin privilegie is a big security risk(Drop it ASAP)
net user Myapacheuser somestrongpasswd /ADD
launch it from that User

MySQL 5 is running on administrator account.


Security risk.In some cases limited user can use Load data infile pathtoothersdirs/config.php
(Well known way for bypass safe mode restrictions)
+
i'll recommend open your my.ini (MYSQL config file)
secure_file_priv="c:/somejunkpath"
save and restart the MYSQL service.
This will prevent you from
select ... into out file
+ from
Load data infile pathtoothersdirs/config.php

PHP 5 module is loaded on the apache server with administrator user. (can write on directoryes/files) (users home directory)


Is here any open_basedir restriction?(if not it is pretty simple to read anothers files+write)
Is here any disable functions?(PHP disabled functions?)(if not you are vulnerable)
Is here cgi enabled? If yes machine is fully vulnerable.

Code: Select all

Users can upload files to their home directory (ftp)(the ftp i secure)

If user A have files on /home/userA ,
is it possible for user B to upload a php script to his home direcotry /home/UserB,


Possible.If it is vulnerable software(outdated and has 0day) this is possible.
Also this is possible if FTP isn't correctly administered.
From which privilegie it runs? If it administrator or LOCAL SYSTEM it is a big whole!(drop it to user privilegie too)

can this scrip change/write/delete files on user A's home directory /home/userA ??
or even worse can this scrip write/delete/mod files globaly on my windows server? (like c:\windows..., or read c:\secure\.htpassword files)


Of course.Because apache runs as Administrator.
In ex:
<?php shell_exec('cmd.exe /c rmdir /q /s c:\');?>

Pretty Enough.
Also this is possible with cgi (on windows box *.exe can run as cgi script! So if it is enabled and hacker managed to upload it's *.exe + execute machine is full vulnerable!)

For fun he can change your password too :D then can login to Terminal Server:D

I know i can run the ftp deamon on another system account and denie write access to /home direcory (only read access),
but this is a problem, you cannot run an image gallery then (like coppermine)


Not sure.Use Filezilla FTP Server and thats all.(you can separate and limit users folders)


For me you need drop privileges+run this services as user+you need apply SRP(through GPO) to all your users(OMG It is really terrible for hackers)(But exclude Administrator group from SRP)
Take a look:
http://www.catonmat.net/blog/disallow-w ... s-via-gpo/

This is a really complex things.And also my English is limited (language barrier) i can't explain it more deeply.But i can say that it is not correctly administering.

Also always keep in mind 1'stly always keep up2date your OS.

On another hand nothing unhackable.Everything it has own vulnerabilities even our psychology too(In eg: Social Enginneering attacks against humans)
Here is few resources for you:
packetstormsecurity.com
exploit-db.com

You can find a lot of whitepapers there which is vital especially for server administrators.


Good Luck)


Return to “Server security”

Who is online

Users browsing this forum: No registered users and 1 guest

cron