Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Show phpinfo not available message to user

Discussion in 'Security' started by durangod, Jan 4, 2017.

  1. durangod

    durangod Well-Known Member

    Joined:
    May 12, 2012
    Messages:
    436
    Likes Received:
    25
    Trophy Points:
    78
    cPanel Access Level:
    Root Administrator
    Hi, i was able to turn php info off via the direct file option. I had originally found this post

    Warning: phpinfo() has been disabled for security reasons in

    But sadly i dont have that menu option, there is no php config option or advanced option on my menu. I guess you moved it since that post.

    Anyway, i added phpinfo to the disabled functions however it just displays a blank page, i would like to add a message to that page which says this function has been disabled for security reasons, however i dont know how to add that message.

    Is there a way via whm to add that message if someone tries to look up phpinfo?

    Thanks
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,479
    Likes Received:
    421
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Go here: WebHost Manager »Service Configuration »PHP Configuration Editor
    Click the Advanced Mode radio button at top.
    Search the page with your browser for: disable_functions

    It's there.

    The page is your script.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. durangod

    durangod Well-Known Member

    Joined:
    May 12, 2012
    Messages:
    436
    Likes Received:
    25
    Trophy Points:
    78
    cPanel Access Level:
    Root Administrator
    I dont see it, here is the screen shot of service config, i checked server config too.

    serviceconfig.jpg
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,479
    Likes Received:
    421
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Are you logged in as root user to WHM?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. durangod

    durangod Well-Known Member

    Joined:
    May 12, 2012
    Messages:
    436
    Likes Received:
    25
    Trophy Points:
    78
    cPanel Access Level:
    Root Administrator
    Yes
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,479
    Likes Received:
    421
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Is that server completely setup? You're actually missing two items. PHP Configuration Editor and Configure PHP and suEXEC.
     

    Attached Files:

    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. durangod

    durangod Well-Known Member

    Joined:
    May 12, 2012
    Messages:
    436
    Likes Received:
    25
    Trophy Points:
    78
    cPanel Access Level:
    Root Administrator
    I assumed it was, i thought i went thru everything when i set it up 6 mos ago. It has been running fine, i just use apache to serve up my PHP so i dont use any cgi for that since im the only user i dont need individual php.ini files. What did i miss that would prevent those two items?

    UPDATE: i did find this

    webmasters.stackexchange.com/questions/98776/why-doesnt-the-php-configuration-editor-show-up-in-whm

    I am also using easyapache so does that mean i dont need those items?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #7 durangod, Jan 4, 2017
    Last edited by a moderator: Jan 4, 2017
  8. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,479
    Likes Received:
    421
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. durangod

    durangod Well-Known Member

    Joined:
    May 12, 2012
    Messages:
    436
    Likes Received:
    25
    Trophy Points:
    78
    cPanel Access Level:
    Root Administrator
    OK thanks, so how does that effect the message display, is that going to be in error control in the php ini or is that going to be at the domain level in a custom error file? I assume that when you block phpinfo it should give an error code i hope.

    UPDATE: I do get the message in my error log

    [04-Jan-2017 08:30:49 UTC] PHP Warning: phpinfo() has been disabled for security reasons in /home/username/public_html/folder/filename.php on line 3

    however it does not show an error code, so im not sure how to do a custom error page for it.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #9 durangod, Jan 4, 2017
    Last edited: Jan 4, 2017
  10. durangod

    durangod Well-Known Member

    Joined:
    May 12, 2012
    Messages:
    436
    Likes Received:
    25
    Trophy Points:
    78
    cPanel Access Level:
    Root Administrator
    I think i found it its at the php level you can test it like so:


    Code:
     
    
    $phpinfo = //youll have to set this value - see the phpinfo doc page
    
    if(!empty($phpinfo))
     {
          //info is there do something
     }else{
                 //info is not there do something else
                 //such as display message
              }
    that should work
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  11. georgeb

    georgeb Well-Known Member

    Joined:
    May 23, 2010
    Messages:
    49
    Likes Received:
    1
    Trophy Points:
    58
    Location:
    Montreal, QC, Canada
    cPanel Access Level:
    Root Administrator
    Why to block phpinfo? Remember, hiding something is an invitation to hack.... This is the invitation to hack "this function has been disabled for security reasons"...You have to fight in another way with this, not sending invitations...
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  12. durangod

    durangod Well-Known Member

    Joined:
    May 12, 2012
    Messages:
    436
    Likes Received:
    25
    Trophy Points:
    78
    cPanel Access Level:
    Root Administrator
    I understand and respect your reply and i agree to a point. However if thats the case then having a login is also an invite. The message does not have to say that directly it can say anything. I guess i didnt think this all the way through because that solution i offered just works if you have one file you use to display phpinfo, it does not work on a server global scale. So im back to square one on this. :(
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice