[IrPr]

Quote:

Originally Posted by IrPr

mod_security defects some malicious scripts but there is a lot of CGI/PHP shells which mod_security couldnt detect, r57 phpshell for example

to secure your shared hosting you have to secure php in parallel of webserver/mod_security

all php shells are based on some malicious functions such as exec, system, passthru, shell, shell_exe, ... which should be disabled for security reasons, so all phpshells would be killed on your server

open_basedir is one of most important options should be set for each VHost which will jail php functions into VH's documentroot, so functions such as fopen, readdir and another file functions would be restricted just to the same VH and not available to another VHs

safe_mode and suhosin are another tricks to increase php security

Just want to mention that its very hard to escalate nobody prvileges to root using PHP, indeed most of local privilege escalation to root need suitable shell environment such as bash/bin, so you should disable shell access too

i suggest you install http://www.configserver.com/cp/csf.html firewall which is a powerfull firewall compatible with mod_security audits with a lot of security measures
after you installed CSF go and Check your server security, it will tell you your security score and how to increase your server security to highest level