Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

php recommend disable_functions

Discussion in 'Security' started by Venomous21, Sep 16, 2014.

  1. Venomous21

    Venomous21 Well-Known Member

    Joined:
    Jun 28, 2012
    Messages:
    85
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    Hello,

    Got a question about hardening php and figure I will ask it here since so many of us use it on our servers.

    PHP.INI settings: Disable exec, shell_exec, system, popen and Other Functions To Improve Security

    That article recommends setting these directives in php.ini:

    disable_functions =exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,parse_ini_file,show_source

    Is it likely that disabling these functions will have any affect on standard drupal or wordpress installs? Do you recommend disabling any others? Or any other general hardening tips?

    I use modsuphp, disabled shell access, latest version of php 5.3 & 5.4 (migrating all to 5.4), keep apache up-to-date, etc.

    Thank you.
     
    #1 Venomous21, Sep 16, 2014
  2. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    1,011
    Likes Received:
    89
    Trophy Points:
    78
    cPanel Access Level:
    DataCenter Provider
    I have used this for disable_functions for a long time and never had any problems with wordpress or other common CMS software:

    disable_functions = show_source,system,shell_exec,passthru,exec,phpinfo,popen,proc_open,allow_url_fopen

    The other ones you listed are probably OK to disable too.

    Other than that make sure you have some form of cross-account symlink protection, even if it's just the patch in EA.
     
    #2 quizknows, Sep 16, 2014
  3. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,734
    Likes Received:
    1,992
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello :)

    The "Security Advisor" option in WHM is a good place to start for tips on how to improve security on your server.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #3 cPanelMichael, Sep 17, 2014
  4. Venomous21

    Venomous21 Well-Known Member

    Joined:
    Jun 28, 2012
    Messages:
    85
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    quizknows, thank you. Is the allow_url_fopen needed in disable_functions if I have it set globally to Off already in php.ini? I am also already using the EA symlink patch and security advisor :) Thanks for the info!
     
    #4 Venomous21, Sep 17, 2014
  5. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    1,011
    Likes Received:
    89
    Trophy Points:
    78
    cPanel Access Level:
    DataCenter Provider
    It's probably not needed, but it also won't hurt anything.
     
    #5 quizknows, Sep 17, 2014
  6. storminternet

    storminternet Well-Known Member

    Joined:
    Nov 2, 2011
    Messages:
    460
    Likes Received:
    0
    Trophy Points:
    66
    cPanel Access Level:
    Root Administrator
    If you have disabled allow_url_fopen in php.ini then there is no need to add it in list of disable functions list.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #6 storminternet, Sep 18, 2014
(You must log in or sign up to post here.)
Loading...
Similar Threads - recommend disable_functions
  1. kabatak

    Recommended .cpanel.yml settings for Git Deployment?

    kabatak, Dec 28, 2018, in forum: General Discussion
    Replies:
    4
    Views:
    184
    kabatak
    Dec 29, 2018
  2. SJR

    cPanel Hosting Recommendation

    SJR, Sep 12, 2018, in forum: General Discussion
    Replies:
    1
    Views:
    117
    Infopro
    Sep 12, 2018
  3. coursevector

    Recommended Shell Access setting

    coursevector, Jun 15, 2018, in forum: Security
    Replies:
    5
    Views:
    275
    cPanelMichael
    Jun 18, 2018
  4. PeteS

    Is suhosin7 recommended?

    PeteS, Feb 6, 2018, in forum: EasyApache
    Replies:
    3
    Views:
    394
    cPWilliamL
    Feb 7, 2018
  5. Venomous21

    Recommendation on security notifications from cpanel

    Venomous21, Jan 30, 2018, in forum: Security
    Replies:
    1
    Views:
    273
    cPanelMichael
    Jan 31, 2018

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice