Over the past few years I have always adapted a pretty common approach in security on cPanel servers. I've been lucky enough not to have any issues in this time, however with recent changes I have a few queries regarding PHP security in particular.
At the moment I look after a couple of cPanel servers running PHP as standard Suexec with several unsafe functions added into the Disable_Functions variable of PHP such as exec and shell, which are pretty essential right? This is not ideal as some scripts still need certain functions, which can pose a security risk.
I'm looking to go over the security of these boxes and from looking SuPHP and Suhosin Hardened PHP is now available in the new EasyApache3.
How do you "Harden" or secure PHP on your boxes? I've noticed that a growing number of clients are coming over from other hosts who seem to be running default installs, at least they have not disabled any potentially dangerous functions.
Perhaps what I am doing is still fine however with recent developments I am sure there may be better ways of securing PHP?
Thanks for any info.