• Howdy! Welcome to our community of more than 130.000 members devoted to web hosting. This is a great place to get special offers from web hosts and post your own requests or ads. To start posting sign up here. Cheers! /Peo, FreeWebSpace.net
managed wordpress hosting

[HELP] phpinfo() and fopen() cause remote shell attacks?

E

Exaa

New Member
Hey all.

I need some help here. :confused4
So, I've got paid hosting and all, it's only the 3rd or 4th day since I've got this plan from this guy.

First day I got the package, I realised that phpinfo() (PHP function) was disabled. I got this guy on MSN (Live Messenger) and he said this:
because of security reasons it disabled. bcoz ppl see the php info and create a shell accordingly and shell the server
Click to expand...
I wasn't too sure about shells and stuff, so I just let the thing rest.

Next day, I came on-line and realised that my site had been down for ~5% of the time. I threw him an email, and one of his "staff" replied:
Hello ###,
We really apologies for that... I want to tell you that there is some problem in the backup feature of this server on which you are hosted!
We have submitted a ticket to the cpaenl support to look at this problem.

The problem is, when the backup feature starts its work then the server load is so high that it cause failure of apache for some time...

I hope you understand that how much improtant is to run the backup of all account on the server!

We are looking into this problem and let you know when this problem is resolved.
Regards,
Barty
Click to expand...
I didn't know much about cPanel and Linux stuff, so again, I let it rest.

However, today, I realised that there was a total of 3h downtime. I got the guy on MSN again, and he said it was because fopen() is disabled, and the tracking monitors (Site Uptime and Host-Tracker) used this fopen() function to track the site's uptime.

His reason therefore, was that the site was up all along, and it's the trackers that were playing tricks on me. Here's our MSN conversation (just only) for those who are interested. Note: Our names, and some data which I deem unfit to be publicised :p have been removed to protect the privacy of both parties.
ME says:
Hey
HIM-------- says:
hi
ME says:
some one from your company said "Yes we have already looked into this... On the server on which your account was hosted ! there were a reseller account in which Rapid leech was installed! We have now terminated that account and now the server is doing good!"
ME says:
but i still got 3 h of downtime
ME says:
http://host-tracker.com/site-availability-stats/####
ME says:
http://www.siteuptime.com/statistics.php?Id=#####&&UserId=#####
HIM-------- says:
when
ME says:
and all these are AFTER that email.
HIM-------- says:
?
HIM-------- says:
no the sever was not down
ME says:
yes it was
ME says:
02:00 PM - 02:47 AM Failed
03:16 AM - 03:16 AM Ok
03:47 AM - 04:16 AM Failed
04:46 AM - 03:15 PM Ok
HIM-------- says:
i got many complaints of that
HIM-------- says:
are u famalier of php
ME says:
QUITE
ME says:
why?
HIM-------- says:
there is something like fopen() which the tracking system use to check the website uptime
HIM-------- says:
we have removed the fopen() from our system
ME says:
why
HIM-------- says:
because of secirity reasons
ME says:
i may need fopen() sometimes
ME says:
Wordpress uses it
HIM-------- says:
we are getting remote shell attacks
HIM-------- says:
through fopen()
HIM-------- says:
thats
ME says:
yeah but.
HIM-------- says:
y
HIM-------- says:
we have also removed our status script too
ME says:
why don't i see other hosts disabling fopen and phpinfo and what not
HIM-------- says:
i really dont know
ME says:
many scripts use fopen
HIM-------- says:
have u ever fell urself that ur server is down
HIM-------- says:
?
ME says:
fopen is NOT disabled
ME says:
look at this: http://www.#######.com/test.php
ME says:
the source is

<?PHP
$handle = fopen("forums/install/lock", "r");
?>
ME says:
no error. means it works fine.
HIM-------- sent 7/9/2008 4:45 PM:
let me check
Click to expand...
He's not back yet. And I really did create that file, and it worked fine. I've even installed WordPress, and everything worked fine, including the theme-editor, which makes use of fopen(). For those who are interested, please PM me for the file URL (Wait. Can I receive PMs?). Anyway,

Is this guy lying to me? Can phpinfo() and fopen() really cause remote shell attacks? Do site trackers use fopen() to track a site's uptime?

More info:
For Host-Tracker, I chose "method:head";
For Site Uptime, I chose "service:http";

TIA for anyone who renders help for this poor soul :p
 
If you want my advice, find a host that secures their server without the need of disabling those functions - and a host with better tech support. This guy doesn't want to be helpful.
phpinfo() could be used to find security holes in the PHP setup.

And fopen() is for connecting from your server to other servers or a local resource. Its understandable if its disabled because it's known to be abused... but thats on free hosts, not paid!
The uptime stat is true and not effected if fopen() is disabled or not.

However, today, I realised that there was a total of 3h downtime. I got the guy on MSN again, and he said it was because fopen() is disabled, and the tracking monitors (Site Uptime and Host-Tracker) used this fopen() function to track the site's uptime.
Click to expand...
He's either lying (RUN, FAST!)... or he knows nothing about fopen() and he has disabled it anyway.
 
The fact their backup script is overloading the server is just complete lazyness to set it up properly! Seriously, get a new host. The hosttracker thing is complete bollocks. they don't need you to install anything on your site, you just signup and you're done!
 
You must log in or register to reply here.
Back
Top