The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Show phpinfo not available message to user

Discussion in 'Security' started by durangod, Jan 4, 2017.

  1. durangod

    durangod Well-Known Member

    Joined:
    May 12, 2012
    Messages:
    284
    Likes Received:
    13
    Trophy Points:
    68
    cPanel Access Level:
    Root Administrator
    Hi, i was able to turn php info off via the direct file option. I had originally found this post

    Warning: phpinfo() has been disabled for security reasons in

    But sadly i dont have that menu option, there is no php config option or advanced option on my menu. I guess you moved it since that post.

    Anyway, i added phpinfo to the disabled functions however it just displays a blank page, i would like to add a message to that page which says this function has been disabled for security reasons, however i dont know how to add that message.

    Is there a way via whm to add that message if someone tries to look up phpinfo?

    Thanks
     
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    15,617
    Likes Received:
    296
    Trophy Points:
    433
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Go here: WebHost Manager ┬╗Service Configuration ┬╗PHP Configuration Editor
    Click the Advanced Mode radio button at top.
    Search the page with your browser for: disable_functions

    It's there.

    The page is your script.
     
  3. durangod

    durangod Well-Known Member

    Joined:
    May 12, 2012
    Messages:
    284
    Likes Received:
    13
    Trophy Points:
    68
    cPanel Access Level:
    Root Administrator
    I dont see it, here is the screen shot of service config, i checked server config too.

    serviceconfig.jpg
     
  4. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    15,617
    Likes Received:
    296
    Trophy Points:
    433
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Are you logged in as root user to WHM?
     
  5. durangod

    durangod Well-Known Member

    Joined:
    May 12, 2012
    Messages:
    284
    Likes Received:
    13
    Trophy Points:
    68
    cPanel Access Level:
    Root Administrator
  6. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    15,617
    Likes Received:
    296
    Trophy Points:
    433
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Is that server completely setup? You're actually missing two items. PHP Configuration Editor and Configure PHP and suEXEC.
     

    Attached Files:

  7. durangod

    durangod Well-Known Member

    Joined:
    May 12, 2012
    Messages:
    284
    Likes Received:
    13
    Trophy Points:
    68
    cPanel Access Level:
    Root Administrator
    I assumed it was, i thought i went thru everything when i set it up 6 mos ago. It has been running fine, i just use apache to serve up my PHP so i dont use any cgi for that since im the only user i dont need individual php.ini files. What did i miss that would prevent those two items?

    UPDATE: i did find this

    webmasters.stackexchange.com/questions/98776/why-doesnt-the-php-configuration-editor-show-up-in-whm

    I am also using easyapache so does that mean i dont need those items?
     
    #7 durangod, Jan 4, 2017
    Last edited by a moderator: Jan 4, 2017
  8. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    15,617
    Likes Received:
    296
    Trophy Points:
    433
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
  9. durangod

    durangod Well-Known Member

    Joined:
    May 12, 2012
    Messages:
    284
    Likes Received:
    13
    Trophy Points:
    68
    cPanel Access Level:
    Root Administrator
    OK thanks, so how does that effect the message display, is that going to be in error control in the php ini or is that going to be at the domain level in a custom error file? I assume that when you block phpinfo it should give an error code i hope.

    UPDATE: I do get the message in my error log

    [04-Jan-2017 08:30:49 UTC] PHP Warning: phpinfo() has been disabled for security reasons in /home/username/public_html/folder/filename.php on line 3

    however it does not show an error code, so im not sure how to do a custom error page for it.
     
    #9 durangod, Jan 4, 2017
    Last edited: Jan 4, 2017
  10. durangod

    durangod Well-Known Member

    Joined:
    May 12, 2012
    Messages:
    284
    Likes Received:
    13
    Trophy Points:
    68
    cPanel Access Level:
    Root Administrator
    I think i found it its at the php level you can test it like so:


    Code:
     
    
    $phpinfo = //youll have to set this value - see the phpinfo doc page
    
    if(!empty($phpinfo))
     {
          //info is there do something
     }else{
                 //info is not there do something else
                 //such as display message
              }
    that should work
     
  11. georgeb

    georgeb Well-Known Member

    Joined:
    May 23, 2010
    Messages:
    49
    Likes Received:
    1
    Trophy Points:
    58
    Location:
    Montreal, QC, Canada
    cPanel Access Level:
    Root Administrator
    Why to block phpinfo? Remember, hiding something is an invitation to hack.... This is the invitation to hack "this function has been disabled for security reasons"...You have to fight in another way with this, not sending invitations...
     
  12. durangod

    durangod Well-Known Member

    Joined:
    May 12, 2012
    Messages:
    284
    Likes Received:
    13
    Trophy Points:
    68
    cPanel Access Level:
    Root Administrator
    I understand and respect your reply and i agree to a point. However if thats the case then having a login is also an invite. The message does not have to say that directly it can say anything. I guess i didnt think this all the way through because that solution i offered just works if you have one file you use to display phpinfo, it does not work on a server global scale. So im back to square one on this. :(
     
Loading...

Share This Page