SECURITY TIPS - Disabled PHP Functions (Shared Hosting)

Knowledgebase

(22)WHM (59)cPanel (31)Plesk (5)DNS (34)Linux Server (6)Windows Server (8)Cloud (26)Billing (3)MS Exchange (3)Forex (6)VPS (Virtual Private Server) (125)MANUALS / GUIDES (18)Applications (36)CMS (Content Management System ) (57)Control Panel (26)Database (32)Dedicated Servers (35)Domain Name (19)Domain Name Server (DNS) (4)Downloads / Tools (6)Email Blasting (International) (136)Email Hosting (4)Reseller Tips (139)Security (82)Shared Hosting (20)SSL (16)VPN (Virtual Private Network) (9)Webserver (25)Business Email Hosting (Dynamail) (14)WordPress (29)Microsoft 365/O365 (8)Migration (7)Acronis Backup - Cyber Protect Cloud (23)Smartermail (3)VestaCP (3)CloudFlare (2)Spam Expert (Mailsentinel) (8)Client Area (3)PI-KVM

Knowledgebase

SECURITY TIPS - Disabled PHP Functions (Shared Hosting) Posted by Uvaraj N. on 11 July 2023 12:51 PM
Disabled PHP Functions (Shared Hosting) We have disabled PHP features to improve safety on our shared hosting servers: – exec – passthru – shell_exec – system – proc_open, proc_close, proc_get_status, proc_nice, proc_terminate – posix_getpwuid, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, posix_uname, – popen – curl_exec – curl_multi_exec – parse_ini_file – show_source – socket_create_listen – socket_create – syslog Please create a php.ini file in your public_html directory if you want to use the above PHP features on your website and add below line: “disable_functions =” (without double quotes) You can generate a blank text file with the name of “php.ini” in your public html if you do not understand how to generate php.ini (php custom file setup). This settings file will override your website’s present PHP settings. This enables the default in a single domain setting. Why are PHP Functions dangerous? Seriously, almost any PHP function can be dangerous given the right context. The function- `strlen` and like are probably safe, but any function that talks to the outside world can bring surprises if the rest of the code is not safe. You can check the list of dangerous PHP functions here: http://php.net/manual . If you want to secure the site, the security should be throughout the code. If you just disable some function here and there is not going to work. However, it is only going to blind you and lead to sloppy coding. There are capabilities in PHP that can assist you in writing more secure code. However, they won’t make secure code from insecure ones. Look for open_basedir and allow_url_fopen as an example. Besides that, you can use `disable_functions` to prohibit some actions that you consider dangerous. However, only certain classes of actions can be inhibited this way. For example, you can disable and this probably will prevent running external programs from your code. Nonetheless, most of the things done by these programs can be done by PHP means too. Moreover, trying to avoid things like “writing a file” probably won’t work. You should do it via OS permissions instead, not via PHP. So, define what exactly do you want to prohibit first. Then, see if it’s possible – while keeping in mind it may be impossible. Unfortunately, security is not done by just setting `security=On` in `php.ini`. Therefore, you can read the security chapter in the PHP manual and some PHP security books. Thanks for reading! We hope you learn about disabled PHP functions through this article.
(0 vote(s)) Helpful Not helpful

Disabled PHP Functions (Shared Hosting)

Why are PHP Functions dangerous?