The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

PHP Disabled Functions Security

Discussion in 'Security' started by spork985, Feb 24, 2012.

  1. spork985

    spork985 Member

    Joined:
    Feb 10, 2012
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I'm setting up a shared hosting service and need to secure my PHP in cPanel. I'm not sure the best way to do this since I'm sure there are many ways to do things that I'm unaware of.

    So far I have this list of disabled functions:
    show_source, system, shell_exec, passthru, exec, popen, proc_open

    Are there any others that should be disabled? Also, what other settings should I be looking at? I'm doing both a free and paid service, so it needs to be locked down pretty well.

    Thanks.
     
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,455
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    This question comes up often. If you have a look around the forums you should find many threads to sift thru that you'll find helpful I'm sure. Here's one that came up 2 days ago:
    New Server Hardening/ SetUp/ Prepare To Go Live

    HTH!
     
  3. spork985

    spork985 Member

    Joined:
    Feb 10, 2012
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Thanks, that helped with my cpanel installation, but what about PHP?
     
  4. storminternet

    storminternet Well-Known Member

    Joined:
    Nov 2, 2011
    Messages:
    462
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
  5. smith002

    smith002 Registered

    Joined:
    Feb 28, 2012
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Reseller Owner
    Symlink ,base64 function , dl function , you have to disable this only.
     
  6. VIETHOSTING

    VIETHOSTING Registered
    PartnerNOC

    Joined:
    Feb 19, 2012
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    HCMC, VN
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    disable functions do not help you more secure, it's usually break many scripts ( wp, joomla etc.. ). You should using suhosin + config from apache and using mod_security with good rules ( gotroot.com )
     
Loading...

Share This Page