Safe_mode and dl() function
Posted: Mon Apr 11, 2005 1:15 pm
Hi
We had a problem last Friday when we were hacked.
Someone found an account pasword and uploaded three files, one of them was a php that used the dl() to load a library loaded by the hacker, that changed the apache and every site resolved to a spyware page.
We disabled the dl function at the php.ini and solve the problem, but when we compiled our apache, and after, when we find the problem, we knew that safe_mode should deactivate dl function, but in our case, that didn't happened.
As we understand at php.net function list, at dl function you can find this info: "If the functionality of loading modules is not available (see Note) or has been disabled (either by turning it off enable_dl or by enabling safe mode in php.ini) an E_ERROR is emitted and execution is stopped"
Our box has a cpanel/whm and we have everithing updated.
(RH 9, Apache 1.3.33, php 4.3.10)
So we have fixed the problem, but want to know if anyone knows why dl function load that library when we have safe_mode enable?.
Thanks in advance
We had a problem last Friday when we were hacked.
Someone found an account pasword and uploaded three files, one of them was a php that used the dl() to load a library loaded by the hacker, that changed the apache and every site resolved to a spyware page.
We disabled the dl function at the php.ini and solve the problem, but when we compiled our apache, and after, when we find the problem, we knew that safe_mode should deactivate dl function, but in our case, that didn't happened.
As we understand at php.net function list, at dl function you can find this info: "If the functionality of loading modules is not available (see Note) or has been disabled (either by turning it off enable_dl or by enabling safe mode in php.ini) an E_ERROR is emitted and execution is stopped"
Our box has a cpanel/whm and we have everithing updated.
(RH 9, Apache 1.3.33, php 4.3.10)
So we have fixed the problem, but want to know if anyone knows why dl function load that library when we have safe_mode enable?.
Thanks in advance