I have installed suhosin but it did not did protect the server against php vulnerabilities.
You can still see and edit files from /etc.
I have disabled these functions in php:
Quote:
|
exec,popen,pclose,ini_set,php_eval,safe_dir,zend,g lob,root,chdir,ftok,posix_access,egy_perl,symlink, set_time_limit,ini_restore, shell_exec, passthru, error_log, ini_alter, dl, openlog, syslog, readlink, symlink, link, leak, popen, escapeshellcmd,proc_close, proc_get_status, proc_nice, proc_open, proc_terminate, escapeshellarg, pcntl_exec, exec, passthru, popen, wscript, curl_exec,apache_child_terminate, apache_setenv, define_syslog_variables, escapeshellarg, escapeshellcmd, eval, exec, fp, fput, ftp_connect, ftp_exec, ftp_get, ftp_login, ftp_nb_fput, ftp_put, ftp_raw, ftp_rawlist, highlight_file, ini_alter, ini_get_all, ini_restore, inject_code, mysql_pconnect, openlog, passthru, php_uname, phpAds_remoteInfo, phpAds_XmlRpc, phpAds_xmlrpcDecode, phpAds_xmlrpcEncode, popen, posix_getpwuid, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, posix_setuid, posix_uname, proc_close, proc_get_status, proc_nice, proc_open, proc_terminate, shell_exec, syslog, system, xmlrpc_entity_decode,realpath
|
Also it seems that php can include files from /etc.... and other dirs.
Why? phpsuexec and suphp are enabled. Also open basedir from cpanel security is enabled.
Why and how can I prevent that?
|