PHP Disabled Functions Security

[spork985]

I'm setting up a shared hosting service and need to secure my PHP in cPanel. I'm not sure the best way to do this since I'm sure there are many ways to do things that I'm unaware of.

So far I have this list of disabled functions:
show_source, system, shell_exec, passthru, exec, popen, proc_open

Are there any others that should be disabled? Also, what other settings should I be looking at? I'm doing both a free and paid service, so it needs to be locked down pretty well.

Thanks.

 

[Infopro]

This question comes up often. If you have a look around the forums you should find many threads to sift thru that you'll find helpful I'm sure. Here's one that came up 2 days ago:
New Server Hardening/ SetUp/ Prepare To Go Live

HTH!

 

[spork985]

Thanks, that helped with my cpanel installation, but what about PHP?

 

[storminternet]

I hope this thread should help you for Hardening Php on server

 

[smith002]

Symlink ,base64 function , dl function , you have to disable this only.

 

[VietHosting]

disable functions do not help you more secure, it's usually break many scripts ( wp, joomla etc.. ). You should using suhosin + config from apache and using mod_security with good rules ( gotroot.com )