The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

php recommend disable_functions

Discussion in 'Security' started by Venomous21, Sep 16, 2014.

  1. Venomous21

    Venomous21 Well-Known Member

    Joined:
    Jun 28, 2012
    Messages:
    70
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    Hello,

    Got a question about hardening php and figure I will ask it here since so many of us use it on our servers.

    PHP.INI settings: Disable exec, shell_exec, system, popen and Other Functions To Improve Security

    That article recommends setting these directives in php.ini:

    disable_functions =exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,parse_ini_file,show_source

    Is it likely that disabling these functions will have any affect on standard drupal or wordpress installs? Do you recommend disabling any others? Or any other general hardening tips?

    I use modsuphp, disabled shell access, latest version of php 5.3 & 5.4 (migrating all to 5.4), keep apache up-to-date, etc.

    Thank you.
     
    #1 Venomous21, Sep 16, 2014
  2. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    982
    Likes Received:
    75
    Trophy Points:
    78
    cPanel Access Level:
    DataCenter Provider
    I have used this for disable_functions for a long time and never had any problems with wordpress or other common CMS software:

    disable_functions = show_source,system,shell_exec,passthru,exec,phpinfo,popen,proc_open,allow_url_fopen

    The other ones you listed are probably OK to disable too.

    Other than that make sure you have some form of cross-account symlink protection, even if it's just the patch in EA.
     
    #2 quizknows, Sep 16, 2014
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,064
    Likes Received:
    1,287
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello :)

    The "Security Advisor" option in WHM is a good place to start for tips on how to improve security on your server.

    Thank you.
     
    #3 cPanelMichael, Sep 17, 2014
  4. Venomous21

    Venomous21 Well-Known Member

    Joined:
    Jun 28, 2012
    Messages:
    70
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    quizknows, thank you. Is the allow_url_fopen needed in disable_functions if I have it set globally to Off already in php.ini? I am also already using the EA symlink patch and security advisor :) Thanks for the info!
     
    #4 Venomous21, Sep 17, 2014
  5. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    982
    Likes Received:
    75
    Trophy Points:
    78
    cPanel Access Level:
    DataCenter Provider
    It's probably not needed, but it also won't hurt anything.
     
    #5 quizknows, Sep 17, 2014
  6. storminternet

    storminternet Well-Known Member

    Joined:
    Nov 2, 2011
    Messages:
    462
    Likes Received:
    0
    Trophy Points:
    66
    cPanel Access Level:
    Root Administrator
    If you have disabled allow_url_fopen in php.ini then there is no need to add it in list of disable functions list.
     
    #6 storminternet, Sep 18, 2014
(You must log in or sign up to post here.)
Loading...
Similar Threads - recommend disable_functions
  1. albatroz

    Can you recommend me a DNS configuration for this setup?

    albatroz, Jul 8, 2017, in forum: Bind / DNS / Nameserver Issues
    Replies:
    2
    Views:
    136
    cPanelMichael
    Jul 10, 2017
  2. crazyaboutlinux

    Recommendation for Local Mail Exchanger or Remote Mail Exchanger

    crazyaboutlinux, Jun 6, 2017, in forum: E-mail Discussions
    Replies:
    6
    Views:
    225
    cPanelMichael
    Jun 6, 2017
  3. Nirjonadda

    Recommended email services

    Nirjonadda, Apr 24, 2017, in forum: E-mail Discussions
    Replies:
    3
    Views:
    157
    cPanelMichael
    Apr 25, 2017
  4. Rakaris Bakaris

    Recommended server hardware

    Rakaris Bakaris, Mar 3, 2017, in forum: Workarounds and Optimization
    Replies:
    3
    Views:
    253
    germany
    Mar 7, 2017
  5. Karl1

    SOLVED Error applying CSF recommendations for PHP

    Karl1, Mar 2, 2017, in forum: Security
    Replies:
    4
    Views:
    249
    Infopro
    Mar 2, 2017

Share This Page