Is It Safe To Enable Exec()
Jun 21, 2009
I am trying to install gallery 2.3 and it requires exec() to be enabled for some functions. Is it safe to enable it in php.ini?
In php.ini file I see this, disable_functions = symlink,shell_exec,exec,proc_close,proc_open,popen,system,dl,passthru,escapeshellarg,escapeshellcmd
I have CentOS running on my VPS.
View 13 Replies
ADVERTISEMENT
May 28, 2007
Ok first thing I have a P4 3.0ghz server and i assumed it has HTT feature in it but correct me if Im wrong with this dmesg
Code:
Copyright (c) 1992-2007 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD is a registered trademark of The FreeBSD Foundation.
FreeBSD 6.2-RELEASE-p5 #0: Sun May 27 03:15:00 UTC 2007
root@:/usr/obj/usr/src/sys/SharkTECH6
Timecounter "i8254" frequency 1193182 Hz quality 0
CPU: Intel(R) Pentium(R) 4 CPU 3.00GHz (2999.68-MHz 686-class CPU)
Origin = "GenuineIntel" Id = 0xf41 Stepping = 1
Features=0xbfebfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,C
MOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE>
Features2=0x441d<SSE3,RSVD2,MON,DS_CPL,CNTX-ID,<b14>>
Logical CPUs per core: 2
Anyways the kernel it is using now has SMP disabled. Now i heard and from google searches that enabling SMP when you have an HTT processor is bad since I heard that there some kind of exploit and vulnerability. But this was back in 2005 and im not sure if it's fixed yet. Is anyone using a P4 with HTT with SMP enabled in their kernel as a dedi server? Some people also said that it lowers performance. This server mainly runs on WHM, apache, mysql, mail, and php.
View 3 Replies
View Related
Apr 16, 2009
I have build PHP as CGI but now the function exec says with every command like uptime this error: [Thu Apr 16 10:28:37 2009] [error] [client xxx.xxx.xxx.xxx] sh: uptime: command not found
This also happens when I do the command convert (yes Imagemagick is installed). Strange enough when I login with the permissions of the exame user I can do the commands through SSH without any problem.
I use DirectAdmin with custombuild. How can I resolve this? Am I required to build PHP to CLI to use the exec command?
View 7 Replies
View Related
Dec 5, 2008
My happiness with Innohosting (as a reseller) has come to a screeching halt when I found they've disabled exec(). This has sunk my plans to use Typo3 and Gallery for a website I'm creating for a client as they use Imagemagick through exec(). Rather than reconfigure them to use gdlib (possible?) instead, I'm inclined to look for a host that allows exec().
I've asked Innohosting about applying the PHP exec_dir patch found here:[url]
And discussed here:[url]
I'm waiting for them to get back to me. I hope it's a solution as Innohosting seem great otherwise.
Failing all else, how many hosts have PHP exec() disabled? Is this common?
View 7 Replies
View Related
Apr 6, 2008
I want to install Client Exec in my Cpanel.
View 2 Replies
View Related
Apr 6, 2009
i need open curl-exec in one site in server
Configured Value for php
PHP 5 Handler dso
View 0 Replies
View Related
Dec 15, 2008
I have a client that is running backup exec. They have 2 scheduled jobs in the system. One of them runs, and one does not.
It is skipping over the job. If you watch the timer for the backups, it counts down, 2 mins, 1 min. Then jumps to 60 mins. No errors or anything reported in the logs.
Again, the other backup job runs perfectly fine and a manual job runs as well.
View 3 Replies
View Related
Jul 1, 2009
I have been having a lot of problems with my server lately. Today I attempted to update container software. The operation failed with this output:
Operation update with the Env(s) "server.[site].com" is finished with errors: Can not update packages: exec failed: warning: /etc/issue created as /etc/issue.rpmnew warning: /etc/issue.net created as /etc/issue.net.rpmnew error: /etc/httpd/logs expected to be a regular file, lstat() returned 40000 error: unpacking of archive failed on file /etc/httpd/logs: cpio: rename failed - Is a directory warning: /etc/yum.conf created as /etc/yum.conf.rpmnew Error in Transaction: One or more rpm failed. Error: /usr/share/vzyum/bin/yum failed, exitcode=1 .
I am slowly learning how to use Linux and the SSH terminal to manage my server... but this beyond me...
(I wonder if it has anything to do with the "segmentation faults" that have been occurring.)
View 0 Replies
View Related
Jun 13, 2008
How to disable those functions on VPS with Lxadmin and CentOS 5
show_source, system, shell_exec, passthru, exec,
phpinfo, popen, proc_open, base64_decode, base64_encodem, proc_terminate
View 9 Replies
View Related
Nov 6, 2009
What is the best option in the php setting does keeping the php function safe mode on or off?
View 12 Replies
View Related
Apr 9, 2009
i need to enable php safe mode on for my joomla and i came across this
Quote:
When the php safe mode is turned off globally by default at our server end, you can still override the setting to turn it ON for only your domain by just insert the following line inside the ".htaccess" file (at Linux server):
Code:
php_value safe_mode "1"
my joomla .htaccess file:
Quote:
##
# @version $Id: htaccess.txt 10492 2008-07-02 06:38:28Z ircmaxell $
# @package Joomla
# @copyright Copyright (C) 2005 - 2008 Open Source Matters. All rights reserved.
# @license http://www.gnu.org/copyleft/gpl.html GNU/GPL
# Joomla! is Free Software
##
#####################################################
# READ THIS COMPLETELY IF YOU CHOOSE TO USE THIS FILE
#
# The line just below this section: 'Options +FollowSymLinks' may cause problems
# with some server configurations. It is required for use of mod_rewrite, but may already
# be set by your server administrator in a way that dissallows changing it in
# your .htaccess file. If using it causes your server to error out, comment it out (add # to
# beginning of line), reload your site in your browser and test your sef url's. If they work,
# it has been set by your server administrator and you do not need it set here.
#
#####################################################
## Can be commented out if causes errors, see notes above.
Options +FollowSymLinks
#
# mod_rewrite in use
RewriteEngine On
########## Begin - Rewrite rules to block out some common exploits
## If you experience problems on your site block out the operations listed below
## This attempts to block the most common type of exploit `attempts` to Joomla!
#
# Block out any script trying to set a mosConfig value through the URL
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]
# Block out any script trying to base64_encode crap to send via URL
RewriteCond %{QUERY_STRING} base64_encode.*(.*) [OR]
# Block out any script that includes a <script> tag in URL
RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR]
# Block out any script trying to set a PHP GLOBALS variable via URL
RewriteCond %{QUERY_STRING} GLOBALS(=|[|\%[0-9A-Z]{0,2}) [OR]
# Block out any script trying to modify a _REQUEST variable via URL
RewriteCond %{QUERY_STRING} _REQUEST(=|[|\%[0-9A-Z]{0,2})
# Send all blocked request to homepage with 403 Forbidden error!
RewriteRule ^(.*)$ index.php [F,L]
#
########## End - Rewrite rules to block out some common exploits
View 3 Replies
View Related
Jul 6, 2009
My /tmp on my cPanel hosting server is nearly full, and I was wondering if it is safe to remove all the contents in /tmp, if not, what can I delete to clear up the space?
View 6 Replies
View Related
Feb 15, 2008
Most of my files are 755 as permission. Is this safe?
How about putting all files under 644 permission? What is the best permission so that all files are safe from intrusion?
View 8 Replies
View Related
Aug 30, 2008
I have a script that needs safe mode off to run, the script writers have said safe mode is disabled as default and not required and even disabled in php 6
Now I'm not to fimular with Safe mode, all I know is most scripts are wrote to work with this on
View 4 Replies
View Related
Jun 3, 2008
Should i switch safe mode on or off . Right now i am using it as on some one told me if i switch it off then server can easily hack but becoz i switch it on im having too much problem specially users of sites having problem of uploading and wordpress also have issue and some more script what you say what should i do?
View 9 Replies
View Related
May 13, 2007
how can i make "safe mode on/off" using .htaccess?( in SharedHosting )
View 1 Replies
View Related
Nov 27, 2007
I would like to know as to whether or not you have php safe mode turned on? If you do, please specify why, and would you allow your clients to turn it off?
View 13 Replies
View Related
May 12, 2007
I'm a customer and don't know much about server management, so like title says, is it okay to put php.ini in public_html?
View 14 Replies
View Related
Sep 17, 2007
I searched but couldn't find much - should you run PHP with safe mode on or off on a shared (Linux) server?
View 3 Replies
View Related
Mar 25, 2008
As with many sites. my site was hacked recently. my host was so negative about this. they didn't notice the hack attempt although it took the hacker 9 hours to break through.
after that I made some search on my host to find that it is not a real host at all. they are just resellers to another company. I was very disappointed, Then I decided to go to a better host who can protect me from hackers.
I read some threads about 'hacker safe host' but they all in general don't give a real name of trusted 'anti-hackers' companies.
can you guide me to some of the famous hosts?
if you can't my friends got a VPS hosted with WestHost. he offered me to move my site to his VPS. is west host trusted about hackers?
View 14 Replies
View Related
Aug 2, 2008
i have a cpanel server.. can any one tell me how to allow safe mode to a specific domain?
View 1 Replies
View Related
Jan 18, 2008
I am going to run a free host, yes I know I should post this in FWHT but well, they dont answer very fast if at all.
It is very dangerous to have Safe Mode OFF on a free host, but someone was telling me about open_basedir, which makes it so they cant touch any files set outside of open_basedir. Would this be suffiecient to keep them from touching others files? I know I need to disable other functions like exec() and stuff but would open_basedir keep hackers away from others files and hacking them...
View 7 Replies
View Related
Feb 12, 2008
I am running my VPS on direct admin panel, my disk space is going low, so i am deleting few junk / log files
Kindly let me know
1) is it safe to delete data of this directory -
/var/log/httpd/domains
The File names in above directory are such as - " domain.com.bytes "
As it is occupying 600 MB space
2) where can i delete much junk / temp files, to free up space.
View 5 Replies
View Related
Aug 11, 2008
To Install www.awbs.com scripts to my server
How Can I Do This Following to one site on My server
safe_mode Off
allow_url_fopen On
session.auto_start Off
tell Me that i can do that from httpd config
View 4 Replies
View Related
Oct 2, 2007
I have found on one webhost that they have very cool feature:
Here is what they say:
Quote:
Browsing through any webhost related forum will reveal that giving safe mode off poses extreme security risk to the server. Because it offers hackers a great advantage to access any other members account or read their sensitive files which usually contain passwords.
But then some genuine scripts won't work with safe mode ON. Meaning you could turn it on per member requests but that takes lots of labor.
So we completely reprogrammed the safe mode PHP source code and recompiled it. As a result ours safe mode OFF is light-years safer & hacker-proof then standard PHP v5 safe mode ON.
So all our members are getting safe mode OFF, with harder security then those hosts who offer Safe Mode ON.
So now I am wondering, how they did that? I have searched forums and Google for lots of different keyword but haven't found anything.
I believe a lot of you running Apache as nobody and having php save mode OFF. It there any way you protect yourself? phpsuexec is not a solution now as it increasing load.
View 8 Replies
View Related
Nov 7, 2007
I am trying to assist a customer install a Dolphin CMS but it returns some "open_basedir restriction in effect" on /usr/local/bin/php (it needs the path to the PHP binary).
If I put /usr/local/bin/php in httpd.conf -> php_admin_value open_basedir "..." it seems to work and it finds the required binary but...is this safe?
View 10 Replies
View Related
Sep 19, 2007
I stumbled upon this through google images...click as you wish. They are clothed, just riskay. And in calpop! LOL! I wonder who that guy is? Yes, off topic I know. Maybe a repost.
[url]
View 14 Replies
View Related
May 5, 2007
I have WHM 11.1.0 cPanel 11.2.1-C11635
FEDORA 4 i686 - WHM X v3.1.0
My /var partition is over 64% full. 2 directories in there show a lot of space being used.
One of these is /var/lib/mysql
du -h --max-depth=1 #
shows user accounts on the server with their database names. Are these just logs, or are they the actual databases? (Probably dumb newbie question)
The other big one is /var/log/munin Is there anything there I can delete?
View 14 Replies
View Related
Apr 9, 2009
I need to ask, what's best company of Secuity and Safe servers.
So I hope any one can answer my seeking.
View 3 Replies
View Related
Aug 17, 2008
I had VPS from SolarVPS a year ago and I found that it requires full attention since it wasn't stable like dedicated server. So, I had to keep an eye on the server and websites where some technical problems happened. These problems like websites stopped working suddenly, email problems, Mysql permissions etc.
I totally agree that SolarVPS has a fantastic support and very quick. They supported me all over the past period. But, a week ago one of my client’s website was used for phishing Paypal customers and it seems like a hacker used the mailing script for this website. Therefore, SolrVPS stopped my VPS immediately and I am still keep on contacting Abuse Department to clarify the situation and resolve the problem. However, all my clients are down now because they are affected by stopping my VPS.
My question here, since I wasn't be able to administrate security or look after the websites at my VPS, what shall I do to have a rest of mind from these problems and concentrate on sales and light support?
Shall I go for dedicated? VPS again? Reseller? However, I always need root access to my server for my technical purposes.
View 9 Replies
View Related