[grniyce]

Quote:

Originally Posted by DraCoola

They still can run on XSS way?
On my server, I have put all of those php disable_function, except php_uname, and I try my self for some of shell scripts can not execute any important command to hack to another account.

I added the commands, and rebuilt apache with modsecurity, suhosin, php 5.2.9, ea accelerator, zend optimizer, and then I added the suhosin suggestion above to php.ini and added the includes line to httpd.conf for mod security at the bottom. I also have ClamAv installed.

I then built matching php, and I reinstalled LSWS most recent with the chroot on and set it to /usr/local/lsws

Now I went to the scripts site and had to turn off my pc antivirus, and then I downloaded a handful of the scripts there, uploaded them thru ftp to a mock domain on my server, and relabled them like c99.php, r57.php etc etc. I accessed each one of them just like regular pages, and they let me navigate my server. It is my understanding that these scripts should have been stopped by ClamAV, as well as ModSecurity and CSF, but none of them have. ALL of the php.ini functions suggested above have been disabled also, and devshm has been remounted also. I'm totally confused. This isn't working.... (

However, when I go to view modsecurity log in CSF here is what I get:



So, I am assuming I need to redefine somewhere in the server where the log should be found? How can I setup LSWS and WHM and CSF to all collaborate with the modsecurity log?