Archive for April, 2011

SBDavid
Apr 13th, 2011

Php Hardening option allow_url_fopen and allow_url_include

Php Hardening option allow_url_fopen and allow_url_include

Set

allow_url_fopen Off

Disabling this option prevents attackers from opening remote files from your server via file inclusion vulnerabilities.

Set

allow_url_include Off

Disabling this option prevents attackers from including remote files from your server via file inclusion vulnerabilities.

SBDavid
Apr 12th, 2011

PHP Checklist Parameter disable_functions

PHP Checklist Parameter disable_functions

Values: A comma-separated list of functions to disable.

This parameter takes a comma-separated list of PHP functions you wish to disable. You will likely want to disable most or all of the PHP functions that have the ability to execute code remotely. You should take the time to talk to your developers and have them standardized on a particular function for shell operations as well.

Example:

disable_functions = dl,system,exec,passthru,shell_exec
SBDavid
Apr 11th, 2011

Editing Your php.ini File

Editing Your php.ini File

Cpanel server’s php.ini file is located at /usr/local/lib/php.ini. Cpanel strongly recommend using WHM’s PHP Configuration Editor feature (Main >> Service Configuration >> PHP Configuration Editor) to edit PHP’s configuration file.

You must access the Advanced Configuration Editor to change many of the settings.

Example:

safe_mode

Safe mode attempts to solve many of the problems associated with using PHP in a shared hosting environment.
It checks the user ID (UID) of the PHP script and the files and directories it attempts to access. If the UIDs do not match, the script will not be allowed to access the requested file or directory.
note

Note: This feature is deprecated as of PHP 5.3.0.

Reference: http://cpanel.net/

SBDavid
Apr 10th, 2011

Disable ipv6 on RHEL 4 and 5

Disable ipv6 on RHEL 4 and 5

Edit /etc/sysconfig/network and change

NETWORKING_IPV6=yes to
NETWORKING_IPV6=no

Edit /etc/modprobe.conf and add these lines (if they’re not in it):

alias net-pf-10 off
alias ipv6 off

Stop the ipv6tables service by typing:

service ip6tables stop

Disable the ipv6tables service by typing:

chkconfig ip6tables off

IPv6 will be disabled after the next reboot of the system.

SBDavid
Apr 9th, 2011

update_php_mime_types Examples

update_php_mime_types Examples

update_php_mime_types –verbose

Update all user .htaccess files that already contain PHP MIME mappings.

update_php_mime_types –user=buddy –force=4 –verbose

Set buddy’s main .htaccess file to use PHP 4 by default.

update_php_mime_types –user=buddy –strip –verbose

Remove all PHP AddHandler lines and marker comments from buddy’s .htaccess files.

Reference: http://cpanel.net/

« Prev - Next »