The fact is that a lot of the webhosting services do not give you shell access to your www-account.
And if an option like that exists it often comes with an extra charge or in the more expensive packages.
But there exist ways to go around this problem and in this article I’ll be presenting you with one very good option that is free.
Facts
One thing that I do not get is why you don’t get shell access to every web account you buy; I guess they are afraid that it’ll be used in harmful ways by some evil persons.
In other words this tells us how insecure they feel and how well they know about security in the first place, sometimes you wonder if the admins at your web hotel are just a bunch of monkey from your local zoo.
Anyway back to the topic, these days all we get is mostly access to your account thru FTP only which doesn’t leave you with many options.
Let’s say you want to backup your files or get the whole path to the dir you’re in, well then you have a small problem that unfortunately most of the times take time from you that you could be spending on other things.
PHPsh was created so that webmasters and administrators could access the shell instead of wasting time with FTP and instead be able to interact with the server via the shell.
But remember that it is not as entirely as the regular shells on your Linux machine instead you can say that PHPsh is a primitive version of Bash Shell thanks to the function popen().
The function basically opens up the program creating a protocol to it and then returns the output to the file similar like to the function fopen().
It also has some nice features like command history, just like the one in the real shell when hitting the up arrow on your keyboard.
But remember that PHPsh is not an interactive shell as the regular ones which means that you cannot have active sessions going on with it and with that I mean using applications as editors like vi.
And that putting this on your server without any security could be very unwise and dangerous if it got into the wrong hands!
Installing the script
The “installation” of the script is very easy and I wouldn’t call it an installation as it only means some editing and copying the file to the chosen dir on your server.
The latest version of the script can be downloaded here http://www.psychogenic.com/en/products/PHPsh/phpsh-latest.tar.bz2
Now let’s get it going and unpack and upload the content to your server, I chose to have it in my root folder that is /phpsh.php.
The first thing that we need to modify is a line in the code.
Localize it and change it to your own IP address, otherwise you will not be able to access the file.
You can also create a list of IP addresses that are allowed to access the file if you need that option.
Now you just need to access the phpsh.php file from your webbrowser and if you did the above operation correctly you should see the PHPsh interface!
The Interface
- [1] The result of the last performed command
- [2] The command input
- [3] Command history, by hitting TAB then navigating with the arrow buttons you can select commands you already have used instead of retyping them
- [4] The content of the directory that you are currently in
- [5] Change the special chars like <,>,& etc. Basically HTML escaping so they don’t get interpreted by the HTML parser
Now in my case the shell doesn’t work well in point [1] I do not get the results back after I enter a command.
In the case of ls –al I should see a list of the files along with the permissions date and size but in my case this isn’t shown.
I’m guessing that my webhost has locked this down or simply turned the popen() function off.
Another thing is that last time I used this there was an option where you could upload a file to your server thru the PHPsh interface I don’t know if they’ve deleted this option or if it’s just my server that is messed up.
However I suspect that this was taken away for security reasons as you could easily upload yourown version of phpsh.php with the disabledcommands turned on.
The use of this
So what is this useful for you might ask if you still don’t know after reading this, well I use this on my other servers to make backups of the system.
Instead of downloading each and every file and database back to my computer I simply compress them into a file via a command then download only the compressed file back to the computer or backup server.
It can also be used to get information about directories and files that you need when coding something that in some cases can be hard to get.
However a lot of commands are blocked for security reasons so that no harm is done to the server.
If you want to add or delete a command from the disabled commands list you simply open up the phpsh.php file and look for this line.
Another nice thing is that you can create aliases for you commands, have a complex command that is long be preformed by simply entering doit or something similar.
Don’t forget about the Security
Remember that the file is accessible by anyone with a web browser so do not get any silly ideas that just because it only let’s you in with the correct IP that people cannot access the file.
With a nice little query you could get a nice list with servers that have that file on, so remember to take the needed measures to prevent any harm to be done.
Rename the file, delete it after you’re done the file can be uploaded in a second when you need it again, protected it with password use SSL connections.
If you don’t want this to work at all on your server just disable the function, and all the similar functions so that shell connections will not work thru php.
This is done in your php.ini file.
There are many ways just use your head and you’ll figure out a solution that works with you.
Leave a Reply