| Question: |
One of the main elements of protection against tampering (\"cms hardening\" or\"cementing\" of the site) is to disable the system functions and the PHP chmod nastrojkah. Unfortunately, we did not have the necessary access to failurr.ini, so we are unable to prescribe secure settings for Nravstvenno. So you need to contact the support team of the hosting poprosit them to make the following changes to the file php.ini:allow_url_fopen=0allow_url_include=0expose_php=0register_globals=0disable_functions=pcntl_exec,popen,exec,system,passthru,proc_open,shell_exec,ftp_exec,chmod,phpinfo,ini_restore,dl,symlink,chgrp,putenv,getmyuid,posix_setuid,posix_setsid,posix_setpgid,posix_kill,apache_child_terminate,virtual,proc_close,proc_get_status,proc_terminate,proc_nice,getmygid,proc_getstatus,escapeshellarg,show_source,pclose,safe_dir,chown,shown_source,mysql_list_dbs,get_current_user,getmyid,leak,pfsockopen,syslog,phpcredits,pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_getpriority,pcntl_setprioritydisplay_errors=0mail.add_x_header=1After this the settings will be applied, system scripts, ablanathanalba protected from unauthorized modification, starobitcevskaja also download and execute malicious code in the system folders, as they already made “read-only”. In detail this protection slomotion visit our website: http://www.revisium.com/ru/clients_faq/#q4На virtual hosting the website may operate in the mode of mod_php and php.ini tilbudet not available to make changes. In this case, you must Suprasetter support will switch the site in the mode of fast-cgi or php-cgi with your php.phailom a custom directory and then make these fileparameter in this file.Please pay attention to the following point: sometimes those Podergivaniah hosting offers to make these changes in the root.htaccess using the Directive php_value / php_flag. Setting disable_functions,which is a major element of our protection, you can Zacatecoluca in php.ini, through .htaccess file does not change. Therefore, it venoocclusive to these functions via php.ini file instead .htaccess.If after you specify a list of disabled functions in disable_functions satiriste to work, try to specify a minimal set функцийdisable_functions=popen,exec,system,passthru,proc_open,shell_exec,chmod,phpinfoЕсли hosting is no technical possibility to make these settings in php, tozashita will not work and the website will remain vulnerable. So you need to liberate on tariff, which will allow you to perform these settings, libparent website to a more advanced hosting. |
| Answer: |
Hello. All these settings are default and are already included in the hosting, except of course the huge list of forbidden functions with whom your website will not work. And besides rekomendatsii they`re doing? found a vulnerable script or the cause of the contamination ? in addition to whom, judging by the recommendations, they did not look at all the configuration, because to determine the mode of operation of the php is very simple. What they pushut You about mod_php if php is clearly seen that the work in the mode php-cgi |
| Answer: |
we ordered WAM disable_functions=pcntl_exec,popen,exec,system,passthru,proc_open,shell_exec,ftp_exec,chmod,phpinfo,ini_restore,dl,s
ymlink,chgrp,putenv,getmyuid,posix_setuid,posix_setsid,posix_setpgid,posix_kill,apache_child_terminate,virtual,proc_clo
se,proc_get_status,proc_terminate,proc_nice,getmygid,proc_getstatus,escapeshellarg,show_source,pclose,safe_dir,cho
wn,shown_source,mysql_list_dbs,get_current_user,getmyid,leak,pfsockopen,syslog,phpcredits,pcntl_alarm,pcntl_fork,pcn
tl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,p
cntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedw
ait,pcntl_getpriority,pcntl_setpriority soobshaet if you stop working something on the site. |
| Question: |
The list of completed процедур1. The site is scanned for all types of malicious code, viruses and gamerscircle. Detected and terminated hacking scripts and insert malicious kodaw the following files:• ./wp-includes/wp-undreamed.php• ./wp-content/plugins/lnc.php2. Closed vulnerability in the script, prescription/wp-content/themes/BlogPost/timthumb.php3. On the website is protected from hacking “cms hardening” (“cementing” of the site),closing a vulnerability in the scripts and eliminates the possibility of hacking sitecert attacks via the web. Details of the protection can be read on страницеhttp://revisium.com/EN/clients_faq/#q4, in particular carried out the following activities:• to improve security, denied entry to all Directors,except upload, image, tmp, cache, backup. All the cms files and templates tagesgeld “read-only”. This measure protects otnesanktsionirovannogo changes files, and download systemcatalog hacker scripts and shells.• in any directory that is allowed on the entry, placed a special.htaccess file that blocks access the scripts. This meereslicht the possibility of unauthorized script execution .php loaded in the directory upload/image/tmp, etc.• From the server delete all unused text files .txt, .log that contain the version of cms and plugins. The information contained in these files, helps the hacker to identify which version of the CMS and, as a consequence,vulnerability and plugins. So leave similar files servicenamespace.• in the root .placed htaccess code to prevent model akersgata on the site: XSS, SQL injections, remote file download, Pobediteley system files, dump files, and configured protection tautomatically of downloading content and a number of other safety regulations.• in the config file wp-config.php site added settings to prevent changes to system files and templates through the administrative panel of the CMS.4. Access to the administrative panel of the CMS is protected by an additional paragneisses. This measure closes a number of vulnerabilities in control panel,administrative directory, and not allows you to log the attacker,even knowing the username and password of the administrator. |
| Answer: |
well, this is something . Warranty for hacking was given? before giving a few months. |
| Question: |
The warranty given under condition of observance of the recommendations.Wrote that both should be green http://recepty.useron.ru/revtest.php |
| Answer: |
we have no access http://recepty.useron.ru/revtest.php |
| Question: |
It says:an Express security check catasetinae functions prohibited - safe for shut-off protection place the symbol hash # before the line disable_functions=... in the file /home/silver83/php.posita does not work, because the system files to change: wp-config.php, .htaccessВсе system files should be made \"read-only\" according to the instruction from the report.The top is green and the lower red. Wrote that for full protection I need both. |
| Answer: |
put these files right 444 in the file Manager panel management |
| Question: |
Okay, everything works. Thank you. |
| Answer: |
OK
|
|
