PHPShell can cause damage
I tried to upload a PHPShell script to one of our servers and I realized that it can be used easily even though with the server secured well.
With the phpshell.php sent to a site and ran it will give you shell as nobody. There you can run cat httpd.conf or passwd and see all the users.
Then you can cat a file with mysql user/pass and damage a specific site.
We run cPanel, enabled open_basedir protection but I dont find any way to get this fixed.
I ran mod_security, ruled it with many filters, we did lots of changes to the server to secure it well.
What can I do ?
