I would like to thank you for reading this, I know it is not your job but It is greatly appreciated.
My name is Cirium, and I am posting this topic because I need help with PHP security.
For a while back I have had the consistent problem of a hacker uploading shells and other files to my VPS server.
This hacker has DDoSed the server, uploaded shells, and managed to find a way around my Control Panel security that was in place.
I have managed to solve two of my three problems.
The DDoSing, and the part of the shell uploading.
The hacker was using shells to retrieve information from the VPS and he uploaded the files to /var/www/html (Centos 5.6)
I have changed the permissions for the html folder making them 0500 stopping the hacker from uploading shells to the vps.
I run a small business on the vps, that allows users to upload CounterStrike maps and gfx to /home/theirfolder through apache. Everytime I try and change the permissions for /home to try stopping the hacker from uploading files, the users and clients cant upload anything either. Pretty much ruining the whole idea of having the control panel.
The control panel works by using the exec command from php. Allowing authorized users to stop and start their CounterStrike server.
I have installed mod_security, phpsecinfo, and lots of other hacker prevention tools. I have tried for months to stop this and cannot succeed.
If you would like to take a look at my control panel, the link is
Please help me, I have no idea what to do.