PHP Security

H

HARD

Member
Jul 21, 2005
10
0
151
Hello ,

I would like to ask you about a few things

1. How can i disable using local php.ini files ? i read about setting allowoverride but does it has anything to do with the php.ini file ? or just with htaccess ?

2. i have cPanel installed ... how can i set specific settings for users ? i cant find users configurations in httpd.conf file ... where does it located? or how it can be set in the main httpd.conf file

3. i tryed to disable "cgi access" for some user but he still able to use files with ".pl" extension and execute perl scripts is that a bug in cPanel ? or am i missing something ?
 
M

mOdY

Well-Known Member
Dec 25, 2004
80
0
156
Hello,

May be you need to comment out those lines from httpd.conf

AddHandler cgi-script .cgi
AddHandler cgi-script .pl
AddHandler cgi-script .cgi .pl

This will totally prevent execution of cgi scripts..

Also you may need to let cpanel run it's own cgi script smoothly..

Add this in httpd.conf


<Directory /usr/local/cpanel>
Options +ExecCGI -Includes
AddHandler cgi-script .cgi
</Directory>


Now let script kiddies search for another way to break in ;)
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
P New Security Advisor notifications with High importance - PHP 7.3 and PHP 7.4 reached EOL Security 1
B SOLVED PHP IMAP Module Security Report Security 1
S Correct security & php settings - what file(s) do I edit and is this code correct? Security 12
coursevector PHP security patch timeline Security 9
M What are the security threats of enabling php zip extension? Security 3
Similar threads
New Security Advisor notifications with High importance - PHP 7.3 and PHP 7.4 reached EOL
SOLVED PHP IMAP Module Security Report
Correct security & php settings - what file(s) do I edit and is this code correct?
PHP security patch timeline
What are the security threats of enabling php zip extension?
Top Bottom