Initial Set Up for Quotas on Cpanel
This is the final stage of the Initial Setup process. You will need to select whether you would like to track disk usage on your server. This is generally a good idea if you plan to lease server space to individual users. However, if you do not plan to host individual accounts on your server, you may not need to enable quotas.
To set up quotas:
Select Use file system quotas.
This is a good idea if you plan to host individual accounts on your server.
To disable quotas:
Select Do not use file system quotas.
This is not a good idea if you plan to host individual accounts on your server.
Once you have finished, click the Finish Setup Wizard button. You will then be taken to the WHM homepage.
Tags: cpanel, quotas
Restrict File Uploads in PHP configuration
Restricting all file uploads is an easy way to completely prevent attackers from exploiting your PHP configuration to inject their own PHP scripts. However, some developers will want to include the ability to upload files to your server via PHP. If you must allow file uploads, you should change the default temporary directory for file uploads using the upload_tmp_dir parameter.
Many administrators also choose to limit the maximum file size users can upload using the upload_max_filesize parameter. Setting this parameter is generally not intended to improve the security of your PHP configuration. Administrators choose to set this parameter to help manage the server’s PHP load.
Tags: configuration, file, PHP, Restrict, Uploads
Php Security Preventing Information Disclosure
Disclosing information, such as errors, to attackers can leave your system in a vulnerable position. Before and during an attack, the attacker will need to acquire a wealth of general information about your system. This information includes your directory structure, database names, usernames, and more. Preventing PHP from printing errors to the web application’s user interface is one way to inhibit an attacker’s ability to gain information he could use to compromise your system.
When display_errors is disabled, your developers are still able to retrieve debugging information from the appropriate PHP logs.
Tags: Disclosure, Information, PHP, Preventing, Security
Cpanel Tool to configure PHP and SuExec
Main >> Service Configuration >> Configure PHP and SuExec
This tool allows you to configure the Apache PHP Handler, the default PHP version and suEXEC support.
The default PHP version determines which version of PHP is used for files with a ‘.php’ extensions when served by Apache.
Enabling suEXEC provides support for Apache to run CGI programs as the user ID of the account owner. suEXEC is not PHPSuExec.
Please refer to the documentation for a detailed explanation of how each handler functions.
Reference: http://www.cpanel.net/support/docs/ea/ea3/ea3php_php_requests.html
Tags: Configure, cpanel, PHP, Suexec, tool
PHP Safe Mode
If you are running a version of PHP older than 3.5.0, and you cannot enable safe mode, this page provides a couple of alternative measures you can take to better secure your PHP configuration.
In some cases, you may be able to use safe mode with a group ID (GID) check rather than a user ID (UID) check. This can be useful if, for example, you have multiple users deploying PHP scripts. To enable safe mode’s group ID check, change the following parameter:
You also may wish to limit directories that can contain include files or executables. To do so, you can specify 1 or both of the following parameters:
safe_mode_include_dir = /path/to/include/directory
safe_mode_exec_dir = /path/to/executable/directory
Tags: mode, PHP, Safe
