Someone hacked a users account on my server. They uploaded a PHP file using the file manager, called imagegd.php. The person managed to steal a few things whilst using it. Upon checking it myself, the file was a ssh hack and could view the main directory and such. Does anyone have any idea on how I can stop this happening again?

Thanks

define "hacked". Did he guess or break a weak password? Did they share it with someone they shouldnt have? etc etc because i doubt it is DA's fault.

Also if its a SSH hack then the most likely used root, so you need to do some serious security beefing for SSH. If you let clients have SSH, dont.

Hi, thanks for the reply.

The user DID have SSH access but I took it away. The point of this topic is that the user didn't use an SSH client, but rather a PHP script.

The point i'm trying to make is that using this PHP script, anyone on the server can view and access every folder.

its a known local php vulnerability

I have solved the problem by adding the exec & system function to disabled functions in my php.ini file. This should stop anymore PHP attacks like this.

Could you kindly post exactly what changes to the php.in file you made?

Hi, look for the line with disabled_functions and add exec, system like this:

disabled_functions = exec, system

make sure it's commented out.

Yes you can do smth like this, but what when users got scripts using such functions... ?

The vulnerability described here is well known to be apache bug. But it can't be easily solved by a patch or smth...
I hope apache developers workin' on it (...)