shell_exec() has been disabled for security reasons in /usr/local/cpanel/whostmgr/.../logger.php

[postcd]

Hello, in root folder on WHM server i have "error_log" file which contains many log lines from today and many days before:
PHP Warning: shell_exec() has been disabled for security reasons in /usr/local/cpanel/whostmgr/docroot/themes/x/xtra/functions/load/logger.php on line 76

Is it problem that WHM cant use this PHP function? How should i solve this while keeping this function disabled for hosted websites?

thank you

 

[madmanmachines]

This looks like you are using a 3rd-party addon for WHM that has special requirements that cPanel/WHM does not normally allow. I'd say that 'shell_exec()' is disabled for good reason. You must absolutely trust this addon if you enable 'shell_exec()'. Search for the directive using the following

find /usr/local/ -type f -name php.ini -exec grep -il "shell_exec" {} \;

How should i solve this while keeping this function disabled for hosted websites?

I doubt the same PHP configuration is used for this 3rd-party addon and the actual websites.

 

[postcd]

Thx, yes, your command found file: /usr/local/lib/php.ini

And the above mentioned log entry points to this file: /usr/local/cpanel/whostmgr/docroot/themes/x/xtra/functions/load/logger.php

which contains:

$beancounters = @shell_exec("/bin/beanc 2> /dev/null");
if (!$beancounters) {
if (file_exists('/proc/user_beancounters')) {
$beancounters = `cat /proc/user_beancounters 2> /dev/null`;
}
else {
$ded=TRUE;
}
}
if ($beancounters) {
if (file_exists($logdir.'_nobeans')) {
unlink($logdir.'_nobeans');
}
$pattern = "/^.*\b(oomguarpages)\b.*$/mi";
preg_match($pattern, $beancounters, $hits);
$bean = trim($hits[0]);
$bean = preg_replace("/ {1,99}/", " ", $bean);
$parts = explode(" ",$bean);
$mem1 = $parts[1];
$oomgmax = $parts[3];
$pattern = "/^.*\b(privvmpages)\b.*$/mi";
preg_match($pattern, $beancounters, $hits);
$bean = trim($hits[0]);
$bean = preg_replace("/ {1,99}/", " ", $bean);
$parts = explode(" ",$bean);
$mem2 = $parts[1];
$privmax = $parts[3];
}

To disable this script/WHMXtra plugin,
go to Plugins >> Load/Bandwidth Monitor and select the option to
disable the cron

 

[postcd]

Can i somehow edit that logger.php file and disallow it to log errors?

or into that directory .htaccess to add something like?:
ErrorLog /dev/null

 

[cPanelMichael]

Hello

I suggest reporting this issue to the developer of the plugin you are using. It's possible an update is available for it, or the developers need to address the issue to avoid a modification to the cPanel PHP configuration.

Thank you.

 

[postcd]

Thanks, the developer is aware and will probably use different function in future.

To disable this script/WHMXtra plugin, go to Plugins >> Load/Bandwidth Monitor
and select the option to disable the cron

solved 4me, thx Michael

 

[cPanelMichael]

I m happy to see you were able to address the issue by disabling the plugin and contacting the developer. Thank you for updating us with the outcome.