How to remove Revisium from a website?
- Any supported OS
- Any supported panel
Revisium is a PHP file named lor_o.php, which performs the function of the WAF. By default, the name of the directory in which this file (and additional configuration files) are located is lor_protect.
Find and remove references to a file.
The lor_o.php file is connected via the auto_prepend_file PHP directive. The steps for removing are provided below:
1. The easiest deletion option is to search the user's directory for the contents of the files:
# grep -Ril 'lor_o.php' /path/to/user/account/directory/
2. After that, delete all lines mentioning lor_o.php from the .user.ini, .htaccess, and php.ini files. (Also, the inserts may be in the configuration php.ini file located outside the user's directory, such as /opt/php72/etc/php.ini) as described following:
- In the .htaccess file, the insertion will look like this:
php_value auto_prepend_file /var/www/www-root/data/www/lor_protect/lor_o.php
- In the .user.ini or php.ini files:
auto_prepend_file = '/var/www/www-root/data/www/lor_protect/lor_o.php'
After removing the inserts in the .ini files it may be necessary to restart the webserver or php-fpm, and after the restart, the lor_protect directory can be removed. At this point, it's done!
There are cases where WAF is connected directly to PHP files through a string.
However, such cases were only on shared hosting.
Instead of Revisium, it is worth paying attention to Imunify360, which provides comprehensive protection for the entire server and sites on it.