The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

PHP Disable Functions

Discussion in 'Security' started by Bashed, Jul 3, 2015.

  1. Bashed

    Bashed Well-Known Member

    Joined:
    Dec 18, 2013
    Messages:
    100
    Likes Received:
    2
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Hey folks,

    What is everyone's recommended disable_functions setting in PHP (w/ suPHP enabled) on shared servers?

    I'm currently using this:

    Code:
    passthru,exec,shell_exec,system,apache_note,apache_setenv,closelog,debugger_off,debugger_on,define_syslog_variables,openlog,syslog,symlink,escapeshellarg,escapeshellcmd,dl,socket_accept,socket_bind,socket_clear_error,socket_close,socket_connect,socket_create_listen,socket_create_pair,socket_create,socket_get_option,socket_getpeername,socket_getsockname,socket_last_error,socket_listen,socket_read,socket_recv,socket_recvfrom,socket_select,socket_send,socket_sendto,socket_set_block,socket_set_nonblock,socket_set_option,socket_shutdown,socket_strerror,socket_write,stream_sock
    I've read that these are all 'dangerous' too, is this too much?

    Code:
        apache_child_terminate
    apache_setenv
    define_syslog_variables
    escapeshellarg
    escapeshellcmd
    eval
    exec
    fp
    fput
    ftp_connect
    ftp_exec
    ftp_get
    ftp_login
    ftp_nb_fput
    ftp_put
    ftp_raw
    ftp_rawlist
    highlight_file
    ini_alter
    ini_get_all
    ini_restore
    inject_code
    mysql_pconnect
    openlog
    passthru
    php_uname
    phpAds_remoteInfo
    phpAds_XmlRpc
    phpAds_xmlrpcDecode
    phpAds_xmlrpcEncode
    popen
    posix_getpwuid
    posix_kill
    posix_mkfifo
    posix_setpgid
    posix_setsid
    posix_setuid
    posix_setuid
    posix_uname
    proc_close
    proc_get_status
    proc_nice
    proc_open
    proc_terminate
    shell_exec
    syslog
    system
    xmlrpc_entity_decode
     
    #1 Bashed, Jul 3, 2015
  2. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    982
    Likes Received:
    75
    Trophy Points:
    78
    cPanel Access Level:
    DataCenter Provider
    Those all look about right. Worst case if a customer has issues with a legitimate application, get them their own php.ini with a different disable_functions.
     
    #2 quizknows, Jul 3, 2015
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,064
    Likes Received:
    1,285
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello :)

    You may want to monitor your error_log files within the accounts after disabling additional functions if you are concerned it will cause issues with the scripts installed for your accounts.

    Thank you.
     
    #3 cPanelMichael, Jul 8, 2015
(You must log in or sign up to post here.)
Loading...
Similar Threads - Disable Functions
  1. webdatago

    Disable Mail Functions

    webdatago, Aug 3, 2017, in forum: E-mail Discussions
    Replies:
    3
    Views:
    88
    cPanelMichael
    Aug 3, 2017
  2. keat63

    Disable Functions

    keat63, Jul 25, 2017, in forum: EasyApache
    Replies:
    5
    Views:
    91
    cPanelMichael
    Jul 26, 2017
  3. furquan

    SOLVED disable_functions in PHP.INI

    furquan, Jul 21, 2017, in forum: Security
    Replies:
    3
    Views:
    90
    furquan
    Jul 21, 2017
  4. AndyX

    Enabling PHP-FPM forces disable_functions

    AndyX, Jan 18, 2017, in forum: EasyApache
    Replies:
    21
    Views:
    1,318
    cPanelMichael
    Aug 14, 2017 at 1:17 PM
  5. Karl1

    SOLVED Disable Functions in PHP configuration EasyApache 4

    Karl1, Dec 27, 2016, in forum: EasyApache
    Replies:
    3
    Views:
    1,592
    cPanelMichael
    Jan 3, 2017

Share This Page