Today I was hacked by a group of hackers who used the http://ip/~username access to gain control of my server.
I’ve been using mod_ruid2 for one month and now someone came and used this exploit to bypass mod_ruid2 and open_basedir.
My solution was to comment out
ScriptAliasMatch ^/~([^/]+)/+cgi-bin/+(.*) /home/$1/public_html/cgi-bin/$2
AliasMatch ^/~([^/]+)(/.*)* /home/$1/public_html$2
in the ips.conf file in /etc/httpd/conf/ and restore my backups.
What can I do to re-enable this function without re-enabling the vulnerability ?
(Basically open_basedir and mod_ruid2 are ignored because they are not set and can’t be easily set)