disable_upload_functions

**aracrew** · 03-09-2007 08:16 AM

how it can to disable_upload_functions as a shell and many files can be a way to attack your server from any scripts for uploading a txt or any kaind of tayps it the way to disable from the server

any idea about that

i made this to make sure that we can make it in safe :

Code:

pico /usr/local/lib/php.ini

thin

search for upload u well found this kaind

Code:

file_uploads = On

down of it add this

Code:

 disable_upload_functions=(add what u need to disable )

any idea about that can be safe your server from the root

**prof** · 03-09-2007 09:24 AM

you can't add this value disable_upload_functions to php.ini couze itsn't listed on php compiler on the server .

best regards

**aracrew** · 03-09-2007 10:05 AM

but i try and i get some good working with some way but i need to know the best thin that can give a agreements to upload what i need to be upload in the server

**NogomHost** · 03-09-2007 01:08 PM

Is evaluated the work of this? And you succeeded. Please sent us a link to our experiment

**aracrew** · 03-09-2007 02:16 PM

ok what did hapin that it has been disable the txt upload only becouse it not backing php compiler that what did i made only but for any things els its can be upload it what i need to know what is the source is backing for tha php compiler asa pic and jpg and gif and all this kainds and i wanna know that if there is some things can be made it in the php.ini to stop what i need to stop it to upload it to the server i thing there is a way be couse i made what i write in the notice and some of it work try it and u well see

**aracrew** · 03-11-2007 04:29 AM

http://www.gamr15.net/up/index.php

this is one off my work and with what did i make it uploading ??

any idea can stop some file to be uploads from the server ??

i things there is well

**Spiral** · 03-11-2007 11:33 AM

To disable file uploads in PHP.INI:

Code:

file_uploads  = Off

To disable dynamic loading of extensions (recommended):

Code:

enable_dl    = Off

I would also make use of disable_functions and disable some of
the more dangerous functions such as the shell functions, highlight_file,
and others which could be used for abuse.

If you don't want users to override settings with .htaccess (module)
or a custom php.ini file (phpsuexec) then you might want to look
into upgrading and getting suphp which doesn't allow end users
to change php configuration settings.

You should make sure that your /tmp folder is non-executable which
will make it a bit more difficult to run uploaded scripts ...

Edit /etc/fstab and replace the /dev/shm line:

Code:

/dev/shm                /dev/shm                tmpfs   loop,noexec,nosuid,rw    0 0

(server needs to be rebooted after the change or need to remount drives)

**fta-uae** · 03-14-2007 11:16 AM

if he will working

shold thes oun be work

Use allowed_upload_functions

but he will not work

the compiler do win you upload

read and wirte like text

**aracrew** · 03-15-2007 02:36 AM

Originally Posted by Spiral

To disable file uploads in PHP.INI:

Code:

file_uploads  = Off

To disable dynamic loading of extensions (recommended):

Code:

enable_dl    = Off

I would also make use of disable_functions and disable some of
the more dangerous functions such as the shell functions, highlight_file,
and others which could be used for abuse.

If you don't want users to override settings with .htaccess (module)
or a custom php.ini file (phpsuexec) then you might want to look
into upgrading and getting suphp which doesn't allow end users
to change php configuration settings.

You should make sure that your /tmp folder is non-executable which
will make it a bit more difficult to run uploaded scripts ...

Edit /etc/fstab and replace the /dev/shm line:

Code:

/dev/shm                /dev/shm                tmpfs   loop,noexec,nosuid,rw    0 0

(server needs to be rebooted after the change or need to remount drives)

as u said its shod have a tmp and there is a tow way to working the sections ..... there is some php scripts allow to contents with php.ini and allowed it to upload and some of scripts have onthers way to upload the files from a source in the php scritps sooo we have tow choice the one that Spiral show it to as it can be but witj some harddisk well work and with some well not and we can backing to the scripts that allow woth php.ini or with it source thin we can make sure that we can make it work as i make its working with me becouse my server hard is sci and with some upload section not wotking soo as we know now that some of the secripts is allowed to php.ini and some of it allowed to the source of the scripts

many thinks and i looking to get update for php.ini to allow that working with php.net it well make a save for us

LinkBack

Thread Tools

disable_upload_functions