Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

disable execution of base64 encoded scripts?

Discussion in 'Security' started by umysql, Oct 1, 2015.

  1. umysql

    umysql Member

    Joined:
    Jul 24, 2015
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Hi,
    If i disable these function in php.ini file in cpanel , is it possible it will also disable execution of "base64" encoded script.
    Code:
    "disable_functions = phpinfo, allow_url_fopen, exec, popen, pclose, ini_set, php_eval, safe_dir, g lob, root, ftok, posix_access, egy_perl, symlink, set_time_limit, ini_restore, shell_exec, passthru, ini_alter, dl, openlog, syslog, readlink, link, leak, escapeshellcmd, proc_close, proc_get_status, proc_nice, proc_open, proc_terminate, pcntl_exec, wscript, curl_exec, apache_child_terminate, apache_setenv, define_syslog_variables, escapeshellarg, escapeshellcmd, exec, fp, fput, ftp_connect, ftp_exec, ftp_get, ftp_login, ftp_nb_fput, ftp_put, ftp_raw, ftp_rawlist, highlight_file, ini_get_all, inject_code, mysql_pconnect, php_uname, phpAds_remoteInfo, phpAds_XmlRpc, phpAds_xmlrpcDecode, phpAds_xmlrpcEncode, posix_getpwuid, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, posix_setuid, posix_uname, proc_close, proc_get_status, proc_terminate, system, xmlrpc_entity_decode"
    

    i saw many spamming codes or scripts are in "base64" encoded.
    so if i can stop those script from execution by php.ini, that will help to stop server from doing spamming.
     
    #1 umysql, Oct 1, 2015
    Last edited by a moderator: Oct 1, 2015
  2. Jcats

    Jcats Well-Known Member

    Joined:
    May 25, 2011
    Messages:
    720
    Likes Received:
    123
    Trophy Points:
    168
    Location:
    New Jersey
    cPanel Access Level:
    DataCenter Provider
    You can add:
    base64_decode
    to disable_functions yes

    Sadly there are ways around it though but it is better than nothing. Also realize although it is used in a lot of malicious code, there is legitimate code that relies on it as well.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    1,011
    Likes Received:
    88
    Trophy Points:
    78
    cPanel Access Level:
    DataCenter Provider
    You could try it, but like Jcats says, a lot of legitimate code relies on this function. Even the wordpress core and many popular plugins like wp-super-cache rely on base64_decode.
     
  4. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,809
    Likes Received:
    1,898
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello :)

    Right, as mentioned, it's likely to block legitimate code and create issues for your users if this is a shared hosting server. If it's SPAM you want to prevent, then you may find this document helpful:

    cPanel - How to prevent SPAM

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice