Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

php recommend disable_functions

Discussion in 'Security' started by Venomous21, Sep 16, 2014.

  1. Venomous21

    Venomous21 Well-Known Member

    Joined:
    Jun 28, 2012
    Messages:
    83
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    Hello,

    Got a question about hardening php and figure I will ask it here since so many of us use it on our servers.

    PHP.INI settings: Disable exec, shell_exec, system, popen and Other Functions To Improve Security

    That article recommends setting these directives in php.ini:

    disable_functions =exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,parse_ini_file,show_source

    Is it likely that disabling these functions will have any affect on standard drupal or wordpress installs? Do you recommend disabling any others? Or any other general hardening tips?

    I use modsuphp, disabled shell access, latest version of php 5.3 & 5.4 (migrating all to 5.4), keep apache up-to-date, etc.

    Thank you.
     
  2. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    1,010
    Likes Received:
    87
    Trophy Points:
    78
    cPanel Access Level:
    DataCenter Provider
    I have used this for disable_functions for a long time and never had any problems with wordpress or other common CMS software:

    disable_functions = show_source,system,shell_exec,passthru,exec,phpinfo,popen,proc_open,allow_url_fopen

    The other ones you listed are probably OK to disable too.

    Other than that make sure you have some form of cross-account symlink protection, even if it's just the patch in EA.
     
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,711
    Likes Received:
    1,794
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello :)

    The "Security Advisor" option in WHM is a good place to start for tips on how to improve security on your server.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. Venomous21

    Venomous21 Well-Known Member

    Joined:
    Jun 28, 2012
    Messages:
    83
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    quizknows, thank you. Is the allow_url_fopen needed in disable_functions if I have it set globally to Off already in php.ini? I am also already using the EA symlink patch and security advisor :) Thanks for the info!
     
  5. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    1,010
    Likes Received:
    87
    Trophy Points:
    78
    cPanel Access Level:
    DataCenter Provider
    It's probably not needed, but it also won't hurt anything.
     
  6. storminternet

    storminternet Well-Known Member

    Joined:
    Nov 2, 2011
    Messages:
    460
    Likes Received:
    0
    Trophy Points:
    66
    cPanel Access Level:
    Root Administrator
    If you have disabled allow_url_fopen in php.ini then there is no need to add it in list of disable functions list.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice