Possible attack on Keyhelp panels

Post by **Tobi** » Wed 20. May 2026, 09:50

superjogi wrote: ↑Tue 19. May 2026, 23:10 You are hotlinking the virus.

Reposting the whole shit does not make it better

superjogi · Post by **superjogi** » Wed 20. May 2026, 19:59

Kernelupdate ist das einzige was wirklich hilft:

sudo apt update
sudo apt dist-upgrade
reboot

24unix · Post by **24unix** » Wed 20. May 2026, 20:03

superjogi wrote: ↑Wed 20. May 2026, 19:59 Kernelupdate ist das einzige was wirklich hilft:

sudo apt update
sudo apt dist-upgrade
reboot

Ernsthaft? reboot geht ohne sudo?

Ich nutze normales Debian mir einem intaktem root-Account.

Post by **Alexander** » Thu 21. May 2026, 10:45

omexlu wrote: ↑Thu 14. May 2026, 18:40 Also, I'm wondering why such dangerous commands aren't blocked by default under customers?

They are blocked by default. This is the current list of disable_functions, as you can see, exec, system, passthru, ... are part of it.

KeyHelp disable_functions wrote:apache_child_terminate, apache_note, apache_setenv, curl_multi_exec, define_syslog_variables, dl, exec, link, opcache_get_status, openlog, passthru, pcntl_exec, pcntl_fork, pcntl_setpriority, popen, posix_getpwuid, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, proc_close, proc_get_status, proc_nice, proc_open, proc_terminate, shell_exec, stream_socket_sendto, symlink, syslog, system

omexlu · Post by **omexlu** » Thu 21. May 2026, 16:39

Alexander wrote: ↑Thu 21. May 2026, 10:45
omexlu wrote: ↑Thu 14. May 2026, 18:40 Also, I'm wondering why such dangerous commands aren't blocked by default under customers?
They are blocked by default. This is the current list of disable_functions, as you can see, exec, system, passthru, ... are part of it.

KeyHelp disable_functions wrote:apache_child_terminate, apache_note, apache_setenv, curl_multi_exec, define_syslog_variables, dl, exec, link, opcache_get_status, openlog, passthru, pcntl_exec, pcntl_fork, pcntl_setpriority, popen, posix_getpwuid, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, proc_close, proc_get_status, proc_nice, proc_open, proc_terminate, shell_exec, stream_socket_sendto, symlink, syslog, system

For me it wasn't under Ubuntu 24, also in the demo they aren't.

Post by **Alexander** » Thu 21. May 2026, 16:46

For me it wasn't under Ubuntu 24, also in the demo they aren't.

Of course they are, and this is since the beginning of KeyHelp.

Demo -> User administration -> Add client -> Tab PHP -> disable_functions -> There they are.

Note: They are not part of the "Unlimited" account template.
The demo client uses the "Unlimited" account template. Account templates can be modified via "Configuration -> Account templates".
Assigning the "Unlimited" template to an account does more or less that, what the name implies

.

omexlu · Post by **omexlu** » Thu 21. May 2026, 20:03

That was the problem, and it’s the same for many others who use their server for personal purposes.

We're using the Unlimited Template, which is why it isn’t being inserted, thx for letting know.
I've already tweaked the template over the past few days—it's now applied everywhere—BUT it's still a bit risky this way.

If you add a user without a template, it’s there—you might want to point that out.

Possible attack on Keyhelp panels

Re: Possible attack on Keyhelp panels

Re: Possible attack on Keyhelp panels

Re: Possible attack on Keyhelp panels

Re: Possible attack on Keyhelp panels

Re: Possible attack on Keyhelp panels

Re: Possible attack on Keyhelp panels

Re: Possible attack on Keyhelp panels