PHP Security: Disabling Classes
Apr 4, 2009
We all know that some php funcions are dangerous, such as:
system, system_exec, passthru, shell, shell_exec, exec, popen, pclose, proc_open, proc_nice, proc_terminate, proc_get_status, proc_close, pfsockopen, leak, apache_child_terminate, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, escapeshellcmd, escapeshellarg
Those functions can be disabled at php.ini using disable_functions option.
Now.. what about disable_classes option? I haven't seen anyone talking about this on the common security tutorials. What are your suggestions for this? What classes should be disabled?
View 2 Replies
ADVERTISEMENT
Apr 24, 2009
I want to disable the use of other dns being used instead of my name servers is this possible if so how can i do this.
View 4 Replies
View Related
Apr 23, 2009
How do i take one IP on the server down ?
I need to disable eth1:4 as it get ddos attack.
ifdown eth0:4 is not working
Quote:
[root@server22 ~]# ifdown eth0:4
usage: ifdown <device name>
[root@server22 ~]#
I think the command used to work before.
Anyone know how to take down only that IP with out editing ifcfg-eth0-range0 ?
View 5 Replies
View Related
Nov 27, 2008
Disabling POP and IMAP on cPanel
We're using Google Apps to handle all e-mail for the domain, so we have no need for POP and IMAP services running on our server (and I'm always getting e-mails from LFD that show bots are trying to connect with random passwords and such) so I want to disable them, but keep SMTP active since some scripts running on our server use it and I don't feel like rewriting them right now.
I unchecked IMAP and POP in the WHM service manager to disable them, but it's still enabled and I'm able to connect and everything. How can I completely disable these 2 services?
View 5 Replies
View Related
Oct 22, 2009
I have a website which has a FLV player serving .flv files which are hosted in the server. I notice that some users are directly downloading the files using the direct URL and they seem to be using download managers for that which is opening several Apache connections and open slows down Apache. I want to prevent this. I thought of preventing it using a .htaccess file but did not help. This is what I used:
<Files *>
order allow,deny
allow from 127.0.0.1
allow from localhost
deny from all
</Files>
I thought this would work but it doesn't as it is blocking the FLV player from playing the file. Can anyone tell me the right way to do it?
View 3 Replies
View Related
Jul 2, 2009
Is there someway to disable shell files from working? Because even if you disable shell, shell files still seem to work...
View 2 Replies
View Related
Mar 1, 2008
i have a dedicated server wich has safe_mode ON.
i run a joomla portal and i am having issues regarding uploading new modules and stuff like that.. i know that the solution is disabling the safe_mode
i have tried using a customized php.ini but it didnt work... what else can i try?
View 4 Replies
View Related
Apr 7, 2007
I am not expert in linux box.... Actually I have found a problem in my machine, our clients are not able to access their sites from server, when I checked the system log it was related to Permission Denied. Someone told me to disable SELinux enforcing, Now after that my problem resolved.
But I am curious that what exactly Selinux is and what kind of issue it may create for my box if I disable it?
View 4 Replies
View Related
Apr 18, 2007
I have RH ES4 running as a vhost on Plesk.
Does anyone know how I can turn off IonCube? I don't see the .so for IonCube in php.ini
View 4 Replies
View Related
Apr 18, 2007
I just got a new vps running virtuozzo with cpanel/whm. I have no plans on ever using email on this server. What's the best way to turn all of it off from whm/cpanel and is it worth doing to speed up the server?
View 4 Replies
View Related
Apr 4, 2008
I run a web hosting company and one of my servers is a LAMP server running CentOs 5. A user of mine has a Joomla installation running to manage his website and he has run into the following problem that I am puzzled by.
When Joomla adds a component or module to itself, or when a user uses the Joomla upload functionality, Joomla will add the new files under the user name "apache". This makes sense as it is the apache service running PHP that is actually creating the files.
However, when he FTP's into the account to modify these files, he doesn't have the appropriate permissions to do so as he doesn't have a root level login, just permissions on his home directory which is the site. Any help would be much appreciated.
Also, does anyone know how to change the owner/group of a directory and all of its sub directories in Linux without changing the actual permissions? I.e. some of the files in the folder have different permissions (0644 as apposed to 0755) than its parent but if I do a top down user/group change on the folder it will change everything in that folder to 0755.
View 10 Replies
View Related
Apr 18, 2008
I am trying to troubleshoot messages piling up in my /var/log/messages on CentOS 5 that look like this:
Apr 18 10:04:01 sc16 kernel: printk: 3 messages suppressed.
Apr 18 10:04:06 sc16 kernel: printk: 2 messages suppressed.
Apr 18 10:04:14 sc16 kernel: printk: 3 messages suppressed.
Apr 18 10:04:17 sc16 kernel: printk: 1 messages suppressed.
Apr 18 10:04:25 sc16 kernel: printk: 3 messages suppressed.
Apr 18 10:04:31 sc16 kernel: printk: 1 messages suppressed.
Apr 18 10:04:39 sc16 kernel: printk: 2 messages suppressed.
The messages are supressed so I can't see what they are or what is causing them.
How can I disable printk supression?
I have already tried:
echo 0 > /proc/sys/kernel/printk_ratelimit_burst
echo 0 > /proc/sys/kernel/printk_ratelimit
They don't seem to disable it... Any ideas?
View 3 Replies
View Related
Jul 21, 2008
I like to disable the CGI Module in httpd.conf. Can you please help me to disable the CGI Module.
View 5 Replies
View Related
Feb 3, 2008
i have a problem with a hacker that uses .htaccess to disable mod_security
using this code
PHP Code:
<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>
so is there a way to stop this?
also they have come up with a smart way to run shell files named as images using this code in .htaccess
PHP Code:
AddType application/x-httpd-php .gif
is there a way to disable the "AddType application"?
View 14 Replies
View Related
Apr 16, 2008
login as: hen
hen@xx.xx.xx.xx's password:
Last login:
hen@root [~]# su -
Password:
su: incorrect password
I verified that root password is correct, but no matter how many times I tried, I can't su in
Where's my su permission
-rwxr-xr-x 1 root wheel 24060 Mar 22 2007 /bin/su*
here's inside /etc/group
wheel:x:10:root,hen
View 14 Replies
View Related
Jan 2, 2007
someone develop a game which is server-centric. Everything is done server-side. In any case, he can compile it without a problem in Ubuntu, but on my CentOS 4.4 servers, he's having trouble.
The one last bug that he's hit, is that he needs to disable the stack protector on CentOS 4.4 in order to compile the game without any more problems.
View 2 Replies
View Related
Apr 3, 2009
in order to secure my server against instrusion, i disabled ssh root login and created a user for myself. however in order to access the user i need to enable SSH Password authentication
I dont enable password authentication all the time and i keep it disabled unless i need to do something via ssh.
Now my question will be, is there a way to keep the user i created and keep the root login disabled and password authentication disabled but use ssh keys for the user i created?
I was informed that if i opt to login to ssh via the user i created, the only way to do that is to enable password authentication as it cannot work with ssh keys. is this true?
I really hope someone can help me how to use the user i created together with ssh keys so i dont have to enable password authentication when loggin to ssh
View 7 Replies
View Related
Jul 25, 2009
A customer asked me if it could be possible to disallow certain email accounts to send emails out of the accounts domain. Is there a way to do so with the Exim installation in Cpanel?
View 0 Replies
View Related
Apr 2, 2008
Everytime a new account is created in WHM/cPanel, the "Allow Annonymous Access for FTP" option is enabled by default. Since this is something I want turned off for all new accounts... does anyone know a way of switching this off globally in cPanel/WHM so that every new account will have this turned off by default?
View 3 Replies
View Related
Jun 4, 2014
At times as I'm developing, due to some coding error in PHP on my part, particularly calling a COM object, the apache server crashes. I'm delighted that it recovers, but in so doing it always tries to rerun the query that crashed it, which just causes another crash, and so on. Is there some way of getting round this, so that it recovers but the problematic code is not rerun?
XP SP3 (still!)
Apache/2.4.3 (Win32) mod_fcgid/2.3.7 PHP/5.4.9
Firefox (Aurora)
View 1 Replies
View Related
Mar 29, 2007
Can we disable sender verificaiton for a specific domain in exim? If so, can you tell me the steps?
View 2 Replies
View Related
Mar 4, 2014
We are trying to disable server info into response header.
Header unset Server
Header set Server "unknown"
It is not working.We have installed "Apache 2.4.6-x86 server" on Win 2008 R2 Standard server (64-Bit).
View 3 Replies
View Related
May 5, 2015
I'm working on transferring my Hostings to a new server, but ran into some problems.
Transferring the data from one Plesk 12 server to another works quite well using the migration manager, although you have to create the service plans by hand as well as you need to work through the server configuration parameters.
After re-creating the service plans I wanted to link and sync them to the subscriptions, but unfortunately I have no success to do so, because everytime I try to get them in sync, it tells me that Apache ASP support is enabled for the subscription and needs to be disabled. Plesk then tells me, the setting is disabled, but next time you try to sync the subscription... ASP is back enabled.
Problem is that on the old server I had Apache ASP enabled and used it in my hostings.
I tried to solve the problem using the command line tools, but "./subscription -u domain.name -asp false" returns "SUCCESS: Update of domain 'domain.name' completed.", but you can guess, same problem.
As a last resort I disabled Apache ASP support for my hostings on the old server, deleted everything on the new one and I got no warnings before migrating about the missing ASP feature.
But unfortunately this procedure ended up with the same problem as before.
Is there a way to remove the ASP support from the existing subscriptions?
View 1 Replies
View Related
Jul 8, 2015
After successfully changing to a fresh created dhparam pem and a reissue of my certificate all was well.
A couple of other things needed to be done so I followed the article: [URL] ....
nginxDomainVirtualHost.php was already present so the only thing I did was adding the ciphers I got from another site (ciphers that also gave me XP and IE8 support etc.)
After executing the httpdmng --reconfigure-all command I instantly got a error message:
Details: (timestamp) ERR [util_exec] proc_close() failed
(timestamp) ERR [panel] Apache config (14364042360.16209100) generation failed:
Template_Exception: nginx: [emerg] unknown directive "HIGH:!aNULL:!MD5"
[Code] .....
Why are "HIGH:!aNULL:!MD5" unknown directives? How can I merge:
ssl_ciphers
EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:
ECDHE-RSA-AES128-GCM-SHA256HE-RSA-AES256-GCM-SHA384HE-RSA-AES128-GCM-SHA256:
ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:
[Code] ....
into these these automatically created @domainname.conf files of all my sites without getting this error.
I'm hosting 5 sites, all 5 sites are down now because of the missing conf files.
View 9 Replies
View Related