Jun 3rd, 2011
Updating the PHP instance used by cPanel
Updating the PHP instance used by cPanel
PHP used by cPanel
To update the PHP instance used by cPanel, run
from the command line.
Updating the PHP instance used by cPanel
PHP used by cPanel
To update the PHP instance used by cPanel, run
from the command line.
Updating or changing the version of PHP?
To update the PHP instance used by Apache, run
from the command line.
PHP used by Apache
To change the PHP version used by Apache, access EasyApache, either at Main >> Software >> EasyApache (Apache Update) in WHM, or
on the command line.
PHP security restricting Includes
Local include attacks occur when an attacker is able to pull local files into PHP scripts to view sensitive information on or about your system. For example, an attacker may be able to include and subsequently view the /etc/passwd file using a PHP inclusion vulnerability, in effect acquiring some basic information about every account associated with your web server.
To help prevent local include vulnerabilities, you can set the open_basedir parameter in your PHP configuration to a specific directory. This will limit an attacker’s access via local includes to a single directory. In most cases, you will want to set the open_basedir parameter to a public_html directory, allowing PHP to open and modify HTTP-accessible (public) files contained within the specified directory while limiting access to more sensitive information contained outside of the specified directory
The rebuild_phpconf script on your server allows you to udpate your server’s php.conf file (located at /usr/local/cpanel/bin/rebuild_phpconf). By doing this, you can change Apache’s PHP handler configuration, change the default version of PHP used by your server, and enable or disable the suEXEC feature.
Note: This script offers nearly the same functionality as the WHM Configure PHP and suEXEC feature. Users more comfortable with a graphical interface may prefer that method.
To see a list of all options and arguments for this script, type the following from the command line:
Restrict File Uploads in PHP configuration
Restricting all file uploads is an easy way to completely prevent attackers from exploiting your PHP configuration to inject their own PHP scripts. However, some developers will want to include the ability to upload files to your server via PHP. If you must allow file uploads, you should change the default temporary directory for file uploads using the upload_tmp_dir parameter.
Many administrators also choose to limit the maximum file size users can upload using the upload_max_filesize parameter. Setting this parameter is generally not intended to improve the security of your PHP configuration. Administrators choose to set this parameter to help manage the server’s PHP load.