When it comes to secure your server based on PHP applications you should consider following setting as it’s the one of the main sources for servers and user accounts getting compromised. Thus you need to lock down PHP, securing php and securing php.ini
You need to know how you can edit php.ini file which is the main configuration file for PHP. You need to login into shell and typing in the following:
# php -i |grep php.ini
Turn on safe_mode :
Using Safe mode you can easily lock down the security and functions based on PHP. You can find more details on php safe_mode at PHP.net where they describe it as , “The PHP safe mode is an attempt to solve the shared-server security problem. It is architecturally incorrect to try to solve this problem at the PHP level, but since the alternatives at the web server and OS levels aren’t very realistic, many people, especially ISP’s, use safe mode for now.” Thus its always recommend that you enable safe_mode on your servers, especially in shared environments. Which will stop exec functions and others functions that can easily prevent a security breach.
Disable Dangerous PHP Functions :
There are many cases where servers are compromised due to use of insecure PHP scripts. Such scripts can be considered as an entry point for most hackers thus you should use all such scripts very carefully. PHP has a lot of potential to mess up your server and hack user accounts and even get root access of your server. as a preventive measure just edit your php.in file using following action.
Search the php.ini file for:
disable_functions =
Now add following PHP functions in the above code : “ disable_functions = dl,system,exec,passthru,shell_exec “ also make sure you Turn off Register Globals within your php.ini file which will ensure you total security for your server.
Posted under Reseller Hosting, Technology Updates, cpanel hosting tips
This post was written by on January 5, 2009




















