The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Conception about to avoid code injection

Discussion in 'Security' started by maisha.majed, May 14, 2010.

  1. maisha.majed

    maisha.majed Registered

    Joined:
    May 14, 2010
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Hi, is there anyone can give me suggestions about how to avoid code injection in apache web server? Please give me a short brief. Thank you.
     
  2. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    Ok, here is a few basic pointers ....

    1. For your server's PHP type use only either SuPHP or FCGI

    2. Install SuHosin (actually designed specifically for this purpose)

    3. Install Mod_Security and get a good ruleset (such as GotRoot.Com)

    4. Make sure all your web scripts have the latest versions and patches

    5. Disable external MySQL access (disabled by default anyway)

    6. Disable common exploitable functions ("disable_functions" in php.ini)

    7. Apache should be version 2.2.15 and PHP version 2.2.13 or above

    8. Goes without saying but don't use any easy passwords anywhere
     
Loading...
Similar Threads - Conception avoid code
  1. tyuuu
    Replies:
    6
    Views:
    429
  2. samuelmf
    Replies:
    1
    Views:
    375

Share This Page