aracrew

Active Member
Dec 8, 2006
29
0
151
how it can to disable_upload_functions as a shell and many files can be a way to attack your server from any scripts for uploading a txt or any kaind of tayps it the way to disable from the server :rolleyes:



any idea about that

i made this to make sure that we can make it in safe :

Code:
pico /usr/local/lib/php.ini
thin

search for upload u well found this kaind

Code:
file_uploads = On
down of it add this

Code:
 disable_upload_functions=(add what u need to disable )

any idea about that can be safe your server from the root
 
Last edited:

prof

Member
Jan 22, 2005
14
0
151
you can't add this value disable_upload_functions to php.ini couze itsn't listed on php compiler on the server .

best regards
 

aracrew

Active Member
Dec 8, 2006
29
0
151
but i try and i get some good working with some way but i need to know the best thin that can give a agreements to upload what i need to be upload in the server
 

NogomHost

Registered
Dec 24, 2006
3
0
151
Is evaluated the work of this? And you succeeded. Please sent us a link to our experiment
 

aracrew

Active Member
Dec 8, 2006
29
0
151
ok what did hapin that it has been disable the txt upload only becouse it not backing php compiler that what did i made only but for any things els its can be upload it what i need to know what is the source is backing for tha php compiler asa pic and jpg and gif and all this kainds and i wanna know that if there is some things can be made it in the php.ini to stop what i need to stop it to upload it to the server i thing there is a way be couse i made what i write in the notice and some of it work try it and u well see
 

Spiral

BANNED
Jun 24, 2005
2,018
8
193
To disable file uploads in PHP.INI:
Code:
file_uploads  = Off
To disable dynamic loading of extensions (recommended):
Code:
enable_dl    = Off
I would also make use of disable_functions and disable some of
the more dangerous functions such as the shell functions, highlight_file,
and others which could be used for abuse.

If you don't want users to override settings with .htaccess (module)
or a custom php.ini file (phpsuexec) then you might want to look
into upgrading and getting suphp which doesn't allow end users
to change php configuration settings.

You should make sure that your /tmp folder is non-executable which
will make it a bit more difficult to run uploaded scripts ...

Edit /etc/fstab and replace the /dev/shm line:
Code:
/dev/shm                /dev/shm                tmpfs   loop,noexec,nosuid,rw    0 0
(server needs to be rebooted after the change or need to remount drives)
 
Last edited:

fta-uae

Registered
Dec 28, 2006
2
0
151
:) if he will working


shold thes oun be work

Use allowed_upload_functions

but he will not work

the compiler do win you upload

read and wirte like text

:confused:
 

aracrew

Active Member
Dec 8, 2006
29
0
151
To disable file uploads in PHP.INI:
Code:
file_uploads  = Off
To disable dynamic loading of extensions (recommended):
Code:
enable_dl    = Off
I would also make use of disable_functions and disable some of
the more dangerous functions such as the shell functions, highlight_file,
and others which could be used for abuse.

If you don't want users to override settings with .htaccess (module)
or a custom php.ini file (phpsuexec) then you might want to look
into upgrading and getting suphp which doesn't allow end users
to change php configuration settings.

You should make sure that your /tmp folder is non-executable which
will make it a bit more difficult to run uploaded scripts ...

Edit /etc/fstab and replace the /dev/shm line:
Code:
/dev/shm                /dev/shm                tmpfs   loop,noexec,nosuid,rw    0 0
(server needs to be rebooted after the change or need to remount drives)


as u said its shod have a tmp and there is a tow way to working the sections ..... there is some php scripts allow to contents with php.ini and allowed it to upload and some of scripts have onthers way to upload the files from a source in the php scritps sooo we have tow choice the one that Spiral show it to as it can be but witj some harddisk well work and with some well not and we can backing to the scripts that allow woth php.ini or with it source thin we can make sure that we can make it work as i make its working with me becouse my server hard is sci and with some upload section not wotking soo as we know now that some of the secripts is allowed to php.ini and some of it allowed to the source of the scripts


many thinks and i looking to get update for php.ini to allow that working with php.net it well make a save for us :)