Securing PHP php
# php -i |grep php.ini
The above command will give you the path to php.ini
Open the php.ini file
Disable Dangerous PHP Functions
PHP has a lot of potential to mess up your server and hack user accounts and even get root. I've seen many times where users use an insecure PHP script as an entry point to a server to start unleashing dangerous commands and taking control.
Searchphp.ini file for disable_functions =
Add the following:
disable_functions = system,system_exec,shell,shell_exec,exec,passthru,escapeshellarg, escapeshellcmd,proc_close,proc_open,ini_alter,dl, popen,parse_ini_file,show_source
Then restart apache...
No comments:
Post a Comment