I want Make my Server Can't Accept any shell file

[A_1]

Hello,

i want make my server can't read any shell file on sites , so when any one want upload any shell file , so that can't read or do any thing
can any one tell me how i can make that ?

for info: i have disabled this functions:

PHP Code:

curl_init, dl, exec, shell_exec, system, passthru, popen, pclose, proc_open, proc_nice, proc_terminate, proc_get_status, proc_close, pfsockopen, leak, apache_child_terminate, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, escapeshellcmd, escapeshellarg, hell-exec, fpassthru, exec, crack_check, crack_closedict, crack_getlastmessage, crack_opendict, psockopen, php_ini_scanned_files, php_uname, phpinfo, copy 


AND i have already setup mode_security
and make safe_mode On


the last what ASK;
how can disable this open bae dir



i hope any one can help me

thanks,

[mohit]

hi,
you can set open base dir restriction from WHM-->Tweak security-->Php open_basedir TweaK.

see ya,
mohit

[A_1]

hi,
you can set open base dir restriction from WHM-->Tweak security-->Php open_basedir TweaK.

see ya,
mohit

thanks , for ur reply
and what about that first ask ?

[chirpy]

In reality, what you're asking for simply isn't possible. You can go some way by disabling PHP functions as you've mentioned, but there are ways around that that you cannot avoid without completely breaking PHP. Once you've done all that work, it's still trivial to do in perl which you cannot restrict in that way. It's simply something you have to accept in a shared hosting environment and make sure your server and scripts are as secure as they can be. One essential with PHP is to run with phpsuexec (or suphp) otherwise PHP scripts can access anything in other users sites.

[A_1]

In reality, what you're asking for simply isn't possible. You can go some way by disabling PHP functions as you've mentioned, but there are ways around that that you cannot avoid without completely breaking PHP. Once you've done all that work, it's still trivial to do in perl which you cannot restrict in that way. It's simply something you have to accept in a shared hosting environment and make sure your server and scripts are as secure as they can be. One essential with PHP is to run with phpsuexec (or suphp) otherwise PHP scripts can access anything in other users sites.

Thank you for ur answer , and i want ur advice ,
what function u advice me disable it ? and any secure in PHP


Thanks

[AndyReed]

i have disabled this functions:

PHP Code:

curl_init, dl, exec, shell_exec, system, passthru, popen, pclose, proc_open, proc_nice, proc_terminate, proc_get_status, proc_close, pfsockopen, leak, apache_child_terminate, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, escapeshellcmd, escapeshellarg, hell-exec, fpassthru, exec, crack_check, crack_closedict, crack_getlastmessage, crack_opendict, psockopen, php_ini_scanned_files, php_uname, phpinfo, copy 


This pretty much covers the vast majority of Php functions you can disable in php.ini. Install Mod Security with a very good set of rules.

Regadring passwords, when choosing a new password, make sure it's unrelated to any previous password. You might use a word pair with punctuation inserted, a pass phrase
(an understandable sequence of words), or the first letter of each word in a
pass phrase. In addition, a password must be at least eight characters in length. Just a thought

[A_1]

This pretty much covers the vast majority of Php functions you can disable in php.ini. Install Mod Security with a very good set of rules.

Regadring passwords, when choosing a new password, make sure it's unrelated to any previous password. You might use a word pair with punctuation inserted, a pass phrase
(an understandable sequence of words), or the first letter of each word in a
pass phrase. In addition, a password must be at least eight characters in length. Just a thought

many thanks bro for ur reply

u have any good mode_secuirty ?
and how install it ?

thanks,