Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

How to disallow php.ini overriding?

Discussion in 'General Discussion' started by Top Line, Jun 16, 2007.

  1. Top Line

    Top Line Member

    Jan 16, 2004
    Likes Received:
    Trophy Points:

    some accounts was hacked yesterday on our server and by tracking the hacking method we found the attackers was bybassing the user priviliges by this function smylink (it was disabled in /usr/local/lib/php.ini before)
    + and bybassing safe_mode and disabled functions by uploading php.ini with dafault settings on the user account..

    How can we disallowing overriding php.ini?

    any help will be appreciatted.

    Our System
    Cent 4.5
    Cgi Module (phpsuexec enabled)

    Thank you
  2. psychodreams

    psychodreams Well-Known Member

    Apr 14, 2004
    Likes Received:
    Trophy Points:

    This shouldnt happen are you using suexec and apche compile with phpsuexec. Ive had mine set up like that for years and sites that get hacked were not able to spread across the server
  3. sparek-3

    sparek-3 Well-Known Member

    Aug 10, 2002
    Likes Received:
    Trophy Points:
    cPanel Access Level:
    Root Administrator
    There is some truth to what psychodreams is saying. If you are running PHP as CGI, then PHP scripts aren't executed by a shared username throughout the server, so there's not a lot of damage that can be done to the server, just to that specific account.

    That being said, the only way I know to to disallow custom php.ini and run PHP as CGI is to use a patched suPHP system. I wrote a guide some time ago for doing a custom suPHP install on a cPanel server:

    I believe cPanel has since begun including suPHP into their new easyapache3 system, although I think it is only for Apache2. The guide I wrote only applies to Apache 1.3 and to suPHP 0.6.1. Personally, if you are just getting started with this, I might recommend waiting and seeing what the cPanel suPHP does and how it approaches this situation.
  4. nitro777

    nitro777 Registered

    Apr 6, 2008
    Likes Received:
    Trophy Points:
    Hello ,

    You just create an empty file : .htaccess

    suPHP_ConfigPath /usr/local/lib/php.ini
    Those config mean the default php config is located in the correct path

    and make sure to do attrib for no change to the .htaccess for the root only could be make attrib for allow you to edit that file : .htaccess

    and put the .htaccess in the /home/ directory so here each account by apache module cannot create and use another php.ini file in his account dir

    thank you :)

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice