Select Page

PHP Security Blogs

How to fix ‘MySQL Remote Root Code Execution’ / ‘Privilege Escalation’ (zero day ) vulnerability – CVE-2016-6662

How to fix ‘MySQL Remote Root Code Execution’ / ‘Privilege Escalation’ (zero day ) vulnerability – CVE-2016-6662

On Sep 12th, Dawid Golunski announced CVE-2016-6662 aka MySQL Remote Root Code Execution / Privilege Escalation (0 day) vulnerability.

CVE-2016-6662 is reported as a critical exploit which can allow local and remote attackers to execute arbitrary code with root privileges in a vulnerable MySQL server. (more…)

How to fix HTTPoxy vulnerability in cPanel, Plesk or other Linux / Windows servers

How to fix HTTPoxy vulnerability in cPanel, Plesk or other Linux / Windows servers

On 18th July, our security team was alerted to a series of vulnerabilities called HTTPoxy. It allows attackers to steal data from CGI enabled web servers.

As of this writing, patches only available for Litespeed, but we’ve identified ways to mitigate this vulnerability in Apache, Nginx, IIS and other web servers and proxies.

[ Update 21st July – cPanel released patches for Apache. Click here to know more ]


Anti malware security for web hosting servers – Securing Apache in cPanel, Plesk or DirectAdmin to avoid website blacklist

In a previous post we gave an overview on how Bobcares help desk support services has been able to prevent website blacklisting in popular website reputation lists. But that’s not all. Even PC anti-virus suites can block websites if malicious code is found in them.

Search engines and PC anti-virus like Google, Bing, Norton Safe Web or McAfee SiteAdvisor blacklists a website if malware is detected in them. Most websites are infected with malware due to insecure web apps, login details disclosure or insecure web server configuration.


How to prevent website blacklist in Google, Bing or McAfee SiteAdvisor

This site may harm your computer
The website ahead contains malware
Malware detected on

Are these some of the errors your shared hosting customers usually complain about? Are you concerned about your server security?

You are not alone. Google alone blacklists 10,000 websites daily for malware infection. In a shared hosting environment containing varied web applications with varying levels of security, malware infection is quite easy to happen. Even just one website with an outdated web application can cause that website to be blacklisted. (more…)

PHP-CGI “severe” vulnerability CVE-2012-1823

On May 3rd, a PHP-CGI vulnerability termed as “severe” by CloudLinux was published in US CERT web site.

The vulnerability causes any server running PHP as CGI to allow source code disclosure and arbitrary command execution using the account’s privileges. The quote from US CERT web site is below:

When PHP is used in a CGI-based setup (such as Apache’s mod_cgid), the php-cgi receives a processed query string parameter as command line arguments which allows command-line switches, such as -s, -d or -c to be passed to the php-cgi binary, which can be exploited to disclose source code and obtain arbitrary code execution.

While the primary vulnerability was reported for PHP-CGI executions, the CloudLinux note cautioned that this could be applicable to suPHP and mod_fcgid as well. But a post in suPHP mailing list says it is not affected by this vulnerability.

Response from Parallels

Parallels reacted with a 3 point resolution to this issue, as described in their KB entry on CVE-2012-1823.Important points are quoted below:


PHP permission : For PHP files under suPHP – solved

While discussing PHP permissions in the last blog, we concluded that SuPHP servers ideally needed PHP file permissions of just 600.

Out of many means to set the permission/ownership, the quickest is to set the permissions, using a script. You may set this script as a cron that runs daily or weekly, to take care of the the permissions. The script is now written for a server that has cPanel installed. Slight modifications to it, would make it work with other control panels, or even on servers that do not have any control panels.

The script also allows certain accounts to have custom PHP permissions, so that any custom application that needs specific permissions can be run, and such accounts would not be affected by the script.


Hire Bobcares Linux Server Administrators
Get super reliable servers and delighted customers

See how we do it!



Disable PHP open_basedir protection in cPanel/WHM

PHP open_basedir directive is used to limit the files that can be opened by PHP to a specific directory-tree. What does that mean? With the open_basedir directive, you can tell the PHP scripts on a domain, which folders they have access to. Once specified, the PHP scripts will not be able to access files outside those folders.



Better process tracking using suPHP

The article explains suPHP and setting up suPHP on cPanel servers.

Constant Phishing/Spamming complaints can get extremely tiresome, and tracking down the source of the problem is not always easy. It wont be long before your IP addresses are listed on popular RBLs and your customers start complaining about mail delivery problems. To nip these problems in the bud, we have to look for better ways to track down the source of these problems. One way of better tracking processes on a cPanel server is switching to suPHP.


Secure Your PHP Scripts

Secure Your PHP Scripts

PHP security is very important, as insecure php code can trigger in intrusion to your server. This article explains few such vulnerabilities, so that you can avoid them in your scripts. I will also explain methods to tweak PHP config files(php.ini) for maximum security.