The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

disable_upload_functions

Discussion in 'General Discussion' started by aracrew, Mar 9, 2007.

  1. aracrew

    aracrew Active Member

    Joined:
    Dec 8, 2006
    Messages:
    29
    Likes Received:
    0
    Trophy Points:
    1
    how it can to disable_upload_functions as a shell and many files can be a way to attack your server from any scripts for uploading a txt or any kaind of tayps it the way to disable from the server :rolleyes:



    any idea about that

    i made this to make sure that we can make it in safe :

    Code:
    pico /usr/local/lib/php.ini
    thin

    search for upload u well found this kaind

    Code:
    file_uploads = On
    down of it add this

    Code:
     disable_upload_functions=(add what u need to disable )

    any idea about that can be safe your server from the root
     
    #1 aracrew, Mar 9, 2007
    Last edited: Mar 9, 2007
  2. prof

    prof Member

    Joined:
    Jan 22, 2005
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    you can't add this value disable_upload_functions to php.ini couze itsn't listed on php compiler on the server .

    best regards
     
  3. aracrew

    aracrew Active Member

    Joined:
    Dec 8, 2006
    Messages:
    29
    Likes Received:
    0
    Trophy Points:
    1
    but i try and i get some good working with some way but i need to know the best thin that can give a agreements to upload what i need to be upload in the server
     
  4. NogomHost

    NogomHost Registered

    Joined:
    Dec 24, 2006
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Is evaluated the work of this? And you succeeded. Please sent us a link to our experiment
     
  5. aracrew

    aracrew Active Member

    Joined:
    Dec 8, 2006
    Messages:
    29
    Likes Received:
    0
    Trophy Points:
    1
    ok what did hapin that it has been disable the txt upload only becouse it not backing php compiler that what did i made only but for any things els its can be upload it what i need to know what is the source is backing for tha php compiler asa pic and jpg and gif and all this kainds and i wanna know that if there is some things can be made it in the php.ini to stop what i need to stop it to upload it to the server i thing there is a way be couse i made what i write in the notice and some of it work try it and u well see
     
  6. aracrew

    aracrew Active Member

    Joined:
    Dec 8, 2006
    Messages:
    29
    Likes Received:
    0
    Trophy Points:
    1
    http://www.gamr15.net/up/index.php

    this is one off my work and with what did i make it uploading ??

    any idea can stop some file to be uploads from the server ??


    i things there is well :rolleyes:
     
  7. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    To disable file uploads in PHP.INI:
    Code:
    file_uploads  = Off
    
    To disable dynamic loading of extensions (recommended):
    Code:
    enable_dl    = Off
    
    I would also make use of disable_functions and disable some of
    the more dangerous functions such as the shell functions, highlight_file,
    and others which could be used for abuse.

    If you don't want users to override settings with .htaccess (module)
    or a custom php.ini file (phpsuexec) then you might want to look
    into upgrading and getting suphp which doesn't allow end users
    to change php configuration settings.

    You should make sure that your /tmp folder is non-executable which
    will make it a bit more difficult to run uploaded scripts ...

    Edit /etc/fstab and replace the /dev/shm line:
    Code:
    /dev/shm                /dev/shm                tmpfs   loop,noexec,nosuid,rw    0 0
    
    (server needs to be rebooted after the change or need to remount drives)
     
    #7 Spiral, Mar 11, 2007
    Last edited: Mar 11, 2007
  8. fta-uae

    fta-uae Registered

    Joined:
    Dec 28, 2006
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    :) if he will working


    shold thes oun be work

    Use allowed_upload_functions

    but he will not work

    the compiler do win you upload

    read and wirte like text

    :confused:
     
  9. aracrew

    aracrew Active Member

    Joined:
    Dec 8, 2006
    Messages:
    29
    Likes Received:
    0
    Trophy Points:
    1


    as u said its shod have a tmp and there is a tow way to working the sections ..... there is some php scripts allow to contents with php.ini and allowed it to upload and some of scripts have onthers way to upload the files from a source in the php scritps sooo we have tow choice the one that Spiral show it to as it can be but witj some harddisk well work and with some well not and we can backing to the scripts that allow woth php.ini or with it source thin we can make sure that we can make it work as i make its working with me becouse my server hard is sci and with some upload section not wotking soo as we know now that some of the secripts is allowed to php.ini and some of it allowed to the source of the scripts


    many thinks and i looking to get update for php.ini to allow that working with php.net it well make a save for us :)
     

Share This Page