Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Conception about to avoid code injection

Discussion in 'Security' started by maisha.majed, May 14, 2010.

  1. maisha.majed

    maisha.majed Registered

    May 14, 2010
    Likes Received:
    Trophy Points:
    Hi, is there anyone can give me suggestions about how to avoid code injection in apache web server? Please give me a short brief. Thank you.
  2. Spiral

    Spiral BANNED

    Jun 24, 2005
    Likes Received:
    Trophy Points:
    Ok, here is a few basic pointers ....

    1. For your server's PHP type use only either SuPHP or FCGI

    2. Install SuHosin (actually designed specifically for this purpose)

    3. Install Mod_Security and get a good ruleset (such as GotRoot.Com)

    4. Make sure all your web scripts have the latest versions and patches

    5. Disable external MySQL access (disabled by default anyway)

    6. Disable common exploitable functions ("disable_functions" in php.ini)

    7. Apache should be version 2.2.15 and PHP version 2.2.13 or above

    8. Goes without saying but don't use any easy passwords anywhere

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice