The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Block php.ini on accounts

Discussion in 'Security' started by AlexisMeroni, Feb 9, 2013.

  1. AlexisMeroni

    AlexisMeroni Active Member

    Joined:
    Feb 9, 2013
    Messages:
    36
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    Hello !
    On global php.ini i have change for security reasons :

    PHP:
     magic_quotes On
    safe_mode 
    On
    expose_php 
    Off
    Enable_dl 
    Off
    register_globals 
    off
    display_errors 
    off
    disable_functions 
    systemshow_sourcesymlinkexecdlshell_execpassthruphpinfoescapeshellargescapeshellcmdini_setpopenproc_openallow_url_fopen
    But if a account create a php.ini file on /public_html with
    PHP:
    safe_mode On
    there functions are reactivated.
    I do not know what to do to secure my cPanel maximum.
    Thank you in advance for your help
     
  2. AlexisMeroni

    AlexisMeroni Active Member

    Joined:
    Feb 9, 2013
    Messages:
    36
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    Can you help me ? :s Please :rolleyes:
     
  3. quietFinn

    quietFinn Well-Known Member

    Joined:
    Feb 4, 2006
    Messages:
    998
    Likes Received:
    10
    Trophy Points:
    18
    Location:
    Finland
    cPanel Access Level:
    Root Administrator
    Do you use suPHP in your server?
     
  4. AlexisMeroni

    AlexisMeroni Active Member

    Joined:
    Feb 9, 2013
    Messages:
    36
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    I don't Know x) cPanel.PNG

    - - - Updated - - -

    I've attached a screen.
     
  5. quietFinn

    quietFinn Well-Known Member

    Joined:
    Feb 4, 2006
    Messages:
    998
    Likes Received:
    10
    Trophy Points:
    18
    Location:
    Finland
    cPanel Access Level:
    Root Administrator
    Seems you use suPHP.

    You must edit file /opt/suphp/etc/suphp.conf
    and find these lines:

    Code:
    [phprc_paths]
    ;Uncommenting these will force all requests to that handler to use the php.ini
    ;in the specified directory regardless of suPHP_ConfigPath settings.
    ;application/x-httpd-php=/usr/local/lib/  
    ;application/x-httpd-php4=/usr/local/php4/lib/  
    ;application/x-httpd-php5=/usr/local/lib/  
    
    and change them to be like this:

    Code:
    [phprc_paths]
    ;Uncommenting these will force all requests to that handler to use the php.ini
    ;in the specified directory regardless of suPHP_ConfigPath settings.
    application/x-httpd-php=/usr/local/lib/  
    application/x-httpd-php4=/usr/local/php4/lib/  
    application/x-httpd-php5=/usr/local/lib/  
    
     
    cPanelJamyn likes this.
  6. AlexisMeroni

    AlexisMeroni Active Member

    Joined:
    Feb 9, 2013
    Messages:
    36
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    Thats OK .
    I restart apache?
    Do you Know others security fails ?
     
  7. quietFinn

    quietFinn Well-Known Member

    Joined:
    Feb 4, 2006
    Messages:
    998
    Likes Received:
    10
    Trophy Points:
    18
    Location:
    Finland
    cPanel Access Level:
    Root Administrator
    Not needed.
     
  8. AlexisMeroni

    AlexisMeroni Active Member

    Joined:
    Feb 9, 2013
    Messages:
    36
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    Ok
    and do you Know others security fails ?
     
  9. quietFinn

    quietFinn Well-Known Member

    Joined:
    Feb 4, 2006
    Messages:
    998
    Likes Received:
    10
    Trophy Points:
    18
    Location:
    Finland
    cPanel Access Level:
    Root Administrator
    The subject of this thread is "Block php.ini on accounts", and seems that you got your answer.
    If you have other questions you must post another thread.
     
  10. AlexisMeroni

    AlexisMeroni Active Member

    Joined:
    Feb 9, 2013
    Messages:
    36
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    Thanks You all ! :)
     
Loading...

Share This Page