shawnho
15-08-2004, 16:11
Hardening PHP for dangerous functions:
First of all, locate your php.ini
If you don't know where you php.ini is, it's easy.
simply upload this file in your www folder
<?
phpinfo();
?>
Name the file something say info.php
and call the file as http://domain.com/info.php
a page will load, and at the top part, something like this line will be shown i.e on the 6th row
The following is from my CPanel server:
------------------------------------------------------------------
| Configuration File (php.ini) Path: /usr/local/lib/php.ini |
------------------------------------------------------------------
The following is from my Plesk server:
--------------------------------------------------------
| Configuration File (php.ini) Path: /etc/php.ini |
--------------------------------------------------------
cp /usr/local/lib/php.ini /usr/local/lib/php.ini.orig
edit the file (the php.ini file)
disable_functions = phpinfo ,system, include, chown, chmod, exec, passthru, mail, readfile , dir , read, readdir
which will disable the mentioned commands and any other command that you want to disable as mentioned in that line.
You can disable any command such way.
Using CPanel ?
Login to your WHM
Click Tweak Security [server setup group]
Click php open_basedir tweak
and select Enable php open_basedir Protection
again,
Click Update Apache [software group]
select PHP suEXEC Support
and build your apache. You will be pretty safe with phpsuexec and open_base_dir restriction for php.
__________________________________________________ _______________
Courtesy of admin0 (http://admin0.info)
First of all, locate your php.ini
If you don't know where you php.ini is, it's easy.
simply upload this file in your www folder
<?
phpinfo();
?>
Name the file something say info.php
and call the file as http://domain.com/info.php
a page will load, and at the top part, something like this line will be shown i.e on the 6th row
The following is from my CPanel server:
------------------------------------------------------------------
| Configuration File (php.ini) Path: /usr/local/lib/php.ini |
------------------------------------------------------------------
The following is from my Plesk server:
--------------------------------------------------------
| Configuration File (php.ini) Path: /etc/php.ini |
--------------------------------------------------------
cp /usr/local/lib/php.ini /usr/local/lib/php.ini.orig
edit the file (the php.ini file)
disable_functions = phpinfo ,system, include, chown, chmod, exec, passthru, mail, readfile , dir , read, readdir
which will disable the mentioned commands and any other command that you want to disable as mentioned in that line.
You can disable any command such way.
Using CPanel ?
Login to your WHM
Click Tweak Security [server setup group]
Click php open_basedir tweak
and select Enable php open_basedir Protection
again,
Click Update Apache [software group]
select PHP suEXEC Support
and build your apache. You will be pretty safe with phpsuexec and open_base_dir restriction for php.
__________________________________________________ _______________
Courtesy of admin0 (http://admin0.info)