i have tried https://github.com/b374k/b374k this php shell.
i mean if my customer put it shell to thier website.
then my whole server was exploded.
anyone know how to fix it?
What problem is it that you've having exactly?
thanks yr reply.
assume my hosting client wanna hack our server.
then he upload that php shell.
he could use terminal etc to hack my server.
i think is it basedir problem and permission.
Ah, being able to browse the filesystem doesn't mean that the user can hack anything. Any web-based file manager would allow that.
There is some information on all that here in the sections "How can I prevent FTP Users from Browsing the Entire Filesystem" and "How can I prevent other types of users from browsing the entire filesystem":
That won't stop users using sftp but permissions should, I hope stop them going where they are not allowed and having access to sensistive info.
Chaos Reigns Within, Reflect, Repent and Reboot, Order Shall Return.
As a rule of thumb, if you give a parent folder 0700 permission you'll prevent "non-owners" from reading, writing, or executing in that directory. This is how most filesystems are designed.
Best Regards,Peter KnowlesTPN SolutionsEmail: firstname.lastname@example.orgPhone: 604-782-9342Skype: tpnsupportWebsite: http://www.tpnsolutions.com
Ask me about my new support plans which include a FREE copy of Virtualmin Pro!!!
Best Regards,Peter Knowles | TPN SolutionsEmail: email@example.com | Skype: tpnassist