Home Trung tâm tải phần mềm cho máy tính, laptop, iPhone, Android, Window... » Linux webserver » News » [Secure Server] Turn off the dangerous functions in PHP

[Secure Server] Turn off the dangerous functions in PHP

Thứ Hai, 26 tháng 5, 2014
For those who fear the administration Webserver hacked hacking in general or in particular local is always a permanent thing. PHP provides us with a powerful web programming language with a lot of system function calls, help programmers can manipulate the system conveniently.  However, it also has its drawbacks when servers are hacked, or simply share hosting server you are and your neighbors children Up 1 c99 shell like R57 or more. So we must fight like? 

To combat this shell is at a basic level, we need to install mod_security, php run at and need to disable some functions call system is considered dangerous in PHP, namely the following functions, and disables as follows: 

We open the php.ini file, locate the line that begins with disable_funtions = and add the following: 

Code:
  disable_functions = "dl, fsockopen, socket_create, socket_create_listen, socket_create_pair, pfsockopen, putenv, pcntl_exec, pcntl_fork, apache_child_terminate, apache_setenv, define_syslog_variables, escapeshellarg, escapeshellcmd, eval, exec, fp, fput, ftp_connect, ftp_exec, ftp_get, ftp_login, ftp_nb_fput, ftp_put , ftp_raw, ftp_rawlist, highlight_file, ini_alter, ini_get_all, ini_restore, inject_code, mysql_pconnect, openlog, passthru, php_uname, phpAds_remoteInfo, phpAds_XmlRpc, phpAds_xmlrpcDecode, phpAds_xmlrpcEncode, popen, posix_getpwuid, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, posix_setuid, posix_uname, proc_close , proc_get_status, proc_nice, proc_open, proc_terminate, shell_exec, syslog, system, xmlrpc_entity_decode "
If you disable the function on your web page that does not work, you can use the following code instead: 

Code:
  disable_functions = "dl, openlog, syslog, exec, passthru, shell_exec, proc_open, system, popen, fsockopen, ftp_connect, posix_setuid, socket_create, socket_create_listen, socket_create_pair, pfsockopen, putenv, pcntl_exec, pcntl_fork"
Generally, depending on the type of source that requires the use of various PHP functions. If an error where we can rely on it to enable php error add necessary functions for which source code 

Then save and restart apache, the moment your server is more secure.

Chia sẻ bài viết ^^
Other post

All comments [ 0 ]


Your comments