How to make inaccessible folders of other sites on the hosting if one is hacked?

cepreu292015-02-01 22:12:52

Malware

cepreu29, 2015-02-01 22:12:52

Once, some Indian-language hacker hacked a site on Joomla 2.5 and not only threw the virus into the folder with Joomla, but also hacked all the other sites on the hosting. I understand that he flooded the shell. how can you deny him access, leaving him to be torn apart only by Jumla 2.5?
Site on virtual hosting.

Answer the question

In order to leave comments, you need to log in

6 answer(s)

Alexander Yudaev, 2015-02-01
@Alex_mc

read about this PHP open_basedir Protection.
stops the user from going beyond his folder. There is a shell that can get around this.

Yuri Shikanov, 2015-02-01
@dizballanze

Now it's not. In general, you need to launch each site from a separate user and set up adequate file access rights (so that users of other sites cannot read / write in directories other than their own) - this will greatly complicate the villain's life)

Vlad Zhivotnev, 2015-02-02
@inkvizitor68sl

You need to use basedir in php.
But it's not about shared hosting, if the admins haven't set it up, then they don't give a shit about the clients, to put it mildly.

Yuri Kan, 2015-02-01
@yurikan

Nothing, only if you try to cut the shell

Vladimir, 2015-02-02
@MechanID

Hotsing must be on Cloudlinux, each site is a separate acc. then they will be isolated from each other.

MrGroovy, 2020-12-16
@MrGroovy

Once, some Indian-language hacker hacked a site on Joomla 2.5 and not only threw the virus into the folder with Joomla, but also hacked all the other sites

site on joomla 2.5

Популярные CMS, такие как Wordpress, Joomla и 1С-Битрикс очень часто подвергаются атаке. В основном эксплуатируются известные уязвимости.
Например для Joomla 2.5 CVE-2018-17856 com_joomlaupdate позволяет выполнять произвольный код. Конфигурация ACL по умолчанию позволяет пользователям уровня "администратора" получать доступ к com_joomlaupdate и запускать выполнение кода. Возможно именно таким способом взломали сервер.
Самый эффективный способ запустить Joomla в контейнере, например в Docker, тем самым ограничив выполнение любых программ, вирусов или команд областью контейнера.
Информацию можете посмотреть на официальном сайте Docker.com там найдете более подробное описание по запуску и настройке.

оставив ему на растерзание только джумлу 2.5

But why give the site to be torn to pieces if you can eliminate vulnerabilities and leave the hacker with nothing?
It is best to check the site with a scanner for vulnerabilities (XSS, SQL injection, access rights errors), this is the minimum in order to be at least superficially sure. And it’s better to make a more or less full-fledged scan of the site using online security auditors. Of those that have a trial, I can advise:
https://metascan.ru - demo check
https: //pentest-tools.com - separate checks by category;
https://detectify.com - 14 days trial.