Thursday, January 17, 2008

Securing PHP

Securing PHP php

# php -i |grep php.ini

The above command will give you the path to php.ini


Open the php.ini file

Disable Dangerous PHP Functions

PHP has a lot of potential to mess up your server and hack user accounts and even get root. I've seen many times where users use an insecure PHP script as an entry point to a server to start unleashing dangerous commands and taking control.

Searchphp.ini file for disable_functions =



Add the following:

disable_functions = system,system_exec,shell,shell_exec,exec,passthru,escapeshellarg, escapeshellcmd,proc_close,proc_open,ini_alter,dl, popen,parse_ini_file,show_source

Then restart apache...

No comments: