Dismiss Notice
Welcome to Our Community
Wanting to join the rest of our members? Feel free to sign up today.

securing php against harnful functions

Discussion in 'General Marketing' started by stealthhosts, Aug 6, 2005.

  1. stealthhosts

    stealthhosts New Member Webmaster

    This article is provided free by
    Stealth IT Solutions Limited
    It is free for non-distribution only.
    Due to the nature of this data it may
    not be edited, no data may be removed
    including this text.
    With thanks to admin0

    Hardening PHP for dangerous functions:

    First of all, locate your php.ini

    If you don't know where you php.ini is, it's easy.
    simply upload this file in your www folder

    name the file something say info.php
    and call the file as http://domain.com/info.php

    a page will load, and at the top part, something like this line will be shown i.e on the 6th row

    The following is from my CPanel server:
    | Configuration File (php.ini) Path:     /usr/local/lib/php.ini |
    The following is from my Plesk server:
    | Configuration File (php.ini) Path:     /etc/php.ini  |
    In SSH:
        cp /usr/local/lib/php.ini /usr/local/lib/php.ini.orig
    edit the file (the php.ini file) :
    disable_functions = phpinfo ,system, include, chown, chmod, exec, passthru, mail, readfile , dir , read, readdir
    which will disable the mentioned commands and any other command that you want to disable as mentioned in that line.

    You can disable any command such way.

    Using CPanel ?

    login to your WHM
    Click Tweak Security [server setup group]
    Click php open_basedir tweak
    and select Enable php open_basedir Protection

    Click Update Apache [software group]
    select PHP suEXEC Support

    and build your apache. You will be pretty safe with phpsuexec and open_base_dir restriction for php.

Featured Resources (View All)

Share This Page