disable execution of base64 encoded scripts?

umysql

Member
Jul 24, 2015
6
0
1
India
cPanel Access Level
Root Administrator
Hi,
If i disable these function in php.ini file in cpanel , is it possible it will also disable execution of "base64" encoded script.
Code:
"disable_functions = phpinfo, allow_url_fopen, exec, popen, pclose, ini_set, php_eval, safe_dir, g lob, root, ftok, posix_access, egy_perl, symlink, set_time_limit, ini_restore, shell_exec, passthru, ini_alter, dl, openlog, syslog, readlink, link, leak, escapeshellcmd, proc_close, proc_get_status, proc_nice, proc_open, proc_terminate, pcntl_exec, wscript, curl_exec, apache_child_terminate, apache_setenv, define_syslog_variables, escapeshellarg, escapeshellcmd, exec, fp, fput, ftp_connect, ftp_exec, ftp_get, ftp_login, ftp_nb_fput, ftp_put, ftp_raw, ftp_rawlist, highlight_file, ini_get_all, inject_code, mysql_pconnect, php_uname, phpAds_remoteInfo, phpAds_XmlRpc, phpAds_xmlrpcDecode, phpAds_xmlrpcEncode, posix_getpwuid, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, posix_setuid, posix_uname, proc_close, proc_get_status, proc_terminate, system, xmlrpc_entity_decode"

i saw many spamming codes or scripts are in "base64" encoded.
so if i can stop those script from execution by php.ini, that will help to stop server from doing spamming.
 
Last edited by a moderator:

Jcats

Well-Known Member
PartnerNOC
May 25, 2011
807
158
168
New Jersey
cPanel Access Level
DataCenter Provider
You can add:
base64_decode
to disable_functions yes

Sadly there are ways around it though but it is better than nothing. Also realize although it is used in a lot of malicious code, there is legitimate code that relies on it as well.
 

quizknows

Well-Known Member
Oct 20, 2009
1,008
87
78
cPanel Access Level
DataCenter Provider
You could try it, but like Jcats says, a lot of legitimate code relies on this function. Even the wordpress core and many popular plugins like wp-super-cache rely on base64_decode.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,218
463
Hello :)

Right, as mentioned, it's likely to block legitimate code and create issues for your users if this is a shared hosting server. If it's SPAM you want to prevent, then you may find this document helpful:

cPanel - How to prevent SPAM

Thank you.