Mod_ruid2 – open_basedir exploit solution ?

Mod_ruid2 – open_basedir exploit solution ?

Hello,
Today I was hacked by a group of hackers who used the http://ip/~username access to gain control of my server.

I’ve been using mod_ruid2 for one month and now someone came and used this exploit to bypass mod_ruid2 and open_basedir.

My solution was to comment out

Code:

ScriptAliasMatch ^/~([^/]+)/+cgi-bin/+(.*) /home/$1/public_html/cgi-bin/$2


and

Code:

AliasMatch ^/~([^/]+)(/.*)* /home/$1/public_html$2


in the ips.conf file in /etc/httpd/conf/ and restore my backups.

What can I do to re-enable this function without re-enabling the vulnerability ?
(Basically open_basedir and mod_ruid2 are ignored because they are not set and can’t be easily set)

Comments are closed.