Activities

August 2008
M T W T F S S
« Jul   Oct »
 123
45678910
11121314151617
18192021222324
25262728293031

Secure Webserver from Php function vulernability

PHP has a lot of functions which can be used to crack your server if not used properly. You can set list of functions in php.ini using disable_functions directive. This directive allows you to disable certain functions for security reasons. It takes on a comma-delimited list of function names. disable_functions is not affected by Safe Mode. This directive must be set in php.ini For example, you cannot set this in httpd.conf.

1. Open php.ini file:

# vi /etc/php.ini

Find disable_functions and set new list as follows:

disable_functions =exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,parse_ini_file,show_source

Save and close the file. Restart httpd:

# service httpd restart

2. Check the file permission set to either 755 or 644.

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>