Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

PHP Disable Functions

Discussion in 'Security' started by Bashed, Jul 3, 2015.

  1. Bashed

    Bashed Well-Known Member

    Joined:
    Dec 18, 2013
    Messages:
    114
    Likes Received:
    3
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Hey folks,

    What is everyone's recommended disable_functions setting in PHP (w/ suPHP enabled) on shared servers?

    I'm currently using this:

    Code:
    passthru,exec,shell_exec,system,apache_note,apache_setenv,closelog,debugger_off,debugger_on,define_syslog_variables,openlog,syslog,symlink,escapeshellarg,escapeshellcmd,dl,socket_accept,socket_bind,socket_clear_error,socket_close,socket_connect,socket_create_listen,socket_create_pair,socket_create,socket_get_option,socket_getpeername,socket_getsockname,socket_last_error,socket_listen,socket_read,socket_recv,socket_recvfrom,socket_select,socket_send,socket_sendto,socket_set_block,socket_set_nonblock,socket_set_option,socket_shutdown,socket_strerror,socket_write,stream_sock
    I've read that these are all 'dangerous' too, is this too much?

    Code:
        apache_child_terminate
    apache_setenv
    define_syslog_variables
    escapeshellarg
    escapeshellcmd
    eval
    exec
    fp
    fput
    ftp_connect
    ftp_exec
    ftp_get
    ftp_login
    ftp_nb_fput
    ftp_put
    ftp_raw
    ftp_rawlist
    highlight_file
    ini_alter
    ini_get_all
    ini_restore
    inject_code
    mysql_pconnect
    openlog
    passthru
    php_uname
    phpAds_remoteInfo
    phpAds_XmlRpc
    phpAds_xmlrpcDecode
    phpAds_xmlrpcEncode
    popen
    posix_getpwuid
    posix_kill
    posix_mkfifo
    posix_setpgid
    posix_setsid
    posix_setuid
    posix_setuid
    posix_uname
    proc_close
    proc_get_status
    proc_nice
    proc_open
    proc_terminate
    shell_exec
    syslog
    system
    xmlrpc_entity_decode
     
    #1 Bashed, Jul 3, 2015
  2. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    1,008
    Likes Received:
    86
    Trophy Points:
    78
    cPanel Access Level:
    DataCenter Provider
    Those all look about right. Worst case if a customer has issues with a legitimate application, get them their own php.ini with a different disable_functions.
     
    #2 quizknows, Jul 3, 2015
  3. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    46,375
    Likes Received:
    2,044
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello :)

    You may want to monitor your error_log files within the accounts after disabling additional functions if you are concerned it will cause issues with the scripts installed for your accounts.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #3 cPanelMichael, Jul 8, 2015
(You must log in or sign up to post here.)
Loading...
Similar Threads - Disable Functions
  1. Peter Pham

    Disable some functions in WHM Interface

    Peter Pham, Mar 20, 2019 at 1:13 AM, in forum: Security
    Replies:
    3
    Views:
    82
    cPanelLauren
    Mar 21, 2019 at 3:57 PM
  2. lukapaunovic

    In Progress [CPANEL-26292] Set open_basedir and disable_functions to NULL for PECL

    lukapaunovic, Mar 8, 2019, in forum: EasyApache
    Replies:
    5
    Views:
    551
    cPanelMichael
    Mar 15, 2019
  3. ChrisDeVe

    Disabled functions (disable_functions)

    ChrisDeVe, Feb 21, 2019, in forum: Security
    Replies:
    2
    Views:
    208
    ChrisDeVe
    Feb 25, 2019
  4. MattGarner

    PHP FPM & Disable Functions

    MattGarner, Dec 11, 2018, in forum: EasyApache
    Replies:
    3
    Views:
    475
    cPanelMichael
    Dec 17, 2018
  5. Miguel G

    Disable functions for a particular user in a PHP-FPM pool

    Miguel G, Jun 26, 2018, in forum: Security
    Replies:
    4
    Views:
    801
    cPanelMichael
    Jul 13, 2018

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice