How to disable those functions on VPS with Lxadmin and CentOS 5
show_source, system, shell_exec, passthru, exec,
phpinfo, popen, proc_open, base64_decode, base64_encodem, proc_terminate
To disable or not to disable shell_exec and readfile.
I haven't found any possible problems about enabling readfile but regarding shell_exec, I might be vulnerable to phpshell scripts though if the server is correcly configured (suPHP, suoshin, etc.), the risks are minimun.
Does the below look good for a private server (linux, cpanel, phpsuexec disabled)?
disable_functions = show_source, system, shell_exec, passthru, phpinfo, popen, proc_open
What about a shared hosting server (linux, cpanel, phpsuexec *enabled*)?
disable_functions = show_source, system, shell_exec, passthru, phpinfo, popen, proc_open
Is it possible to disable mod_security and open_basedir thru .htaccess if both are enabled in server configuration?
View 3 Replies View RelatedIn the php.ini ive disabled several functions for security reasons but i need to enable exec() and shell_exec() for WHMCS Status, but i dont want it enabled for anything or anyone else. I know you can over ride global php.ini but i preferably dont want that on and also i forgot where that option is but i was wondering if there was any work arounds or would i have to enable exec() and shell_exec() globally or enable php.ini override.
View 3 Replies View RelatedWhen dealing with the security of your server you will eventually get to the part were you will want to disable some php functions. The only problem on shared hosting is that you cannot disable exec for a domain and enable that function for an other that needs it because of some lame script. Eventually you will get to the part were you will need to enable exec on the entire server because of one site.
There is a solution to this and it’s called suhosin.
Suhosin has a configuration variable called ”suhosin.executor.func.blacklist” which can be used to disable some php functions. The difference between this variable and disable_functions in php.ini is that it can be set for all the sites and then it can be modified for a domain only (it can be overwritten) so you will be able to disable exec on the entire server and enable that function for a single domain.
I will not write here how to install suhosin.
Also, you only need the extension for this so you do not need to patch php and recompile.
IMPORTANT: I have noticed that the suhosin extension 0.9.20 will not work anymore as there are some problems with it. It’s ok as long as we have 0.9.18. Probably the next version of the extension will be fixed to work ok again so remember to use version 0.9.18 for this until the problem is fixed.
Ok, so to use suhosin as the php function blocker we need to comment out disable_functions in php ini (yes, enable all the functions) and then set in php.ini
suhosin.executor.func.blacklist to something like this:
suhosin.executor.func.blacklist = exec, passthru, shell_exec, system, pcntl_exec, proc_open, proc_nice, proc_terminate, proc_get_status, proc_close, leak, apache_child_terminate, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, escapeshellcmd, escapeshellarg
You can add as many functions as you like.
After that, all the functions added in suhosin.executor.func.blacklist will not work anymore in php scripts. If you need to enable a function for a domain, let’s say
exec, you will have to edit apache configuration file and add suhosin.executor.func.blacklist without the exec function:
<VirtualHost 127.0.0.1>
ServerAlias www.test.com
ServerAdmin webmaster@test.com
DocumentRoot /home/test/public_html
php_admin_value suhosin.executor.func.blacklist "passthru, show_source, shell_exec, system, pcntl_exec, popen, pclose, proc_open, proc_nice, proc_terminate, proc_get_status, proc_close, leak, apache_child_terminate, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, escapeshellcmd, escapeshellarg"
</VirtualHost>
Now exec is disable on the server but it’s enabled on the test domain.
For one of my server based on cpanel i want to disable all email services/ send/receive etc. How do i go about it ?
Would Main >> Service Configuration >> Service Manager be the best place and disable the following services :
antirelayd
POP before SMTP daemon
exim
SMTP Server
imap
IMAP Server
pop
POP3 Server
spamd
SpamAssasin Server (if you choose to disable this, you should disable SpamAssasin in tweak settings as well)
Would that be enough to stop any emails from going out of server? Say via any contact form or any other way?
Please advice or i need to do it mannually via ssh and disable them.
I have SIM installed, so would i need to configure or remove something out of it too?
Is it possible to disable the option to change the system user (FTP/SSH) for customers. I can disable this for the control panel user but not the system user (FTP/SSH). Is there any option to do this that I didn't see?
View 2 Replies View RelatedHow do we disable the "change system user settings" option when a user creates a new webspace? I don't want customers to pick their own system username/passwords.
View 2 Replies View Relatedphp passthru() works from PHP CLI but not web
I have a script which I use to restart processes and I am trying to make it work by clicking a button on the word. It works from running it from php command line but I can never seem to get it to work through the click of a button. Does anyone know what may be the cause of this?
here is some other observations:
old php version 4 seems to work fine, but ever since around 4.3+ it just won't work from the web.
My existing web host has disabled shell_exec and one of my php scripts requires it to work, so is shell_exec dangerous? Would you have it enabled on your servers or is it typical for it to be disabled?
View 4 Replies View RelatedI am running into a few problems when it comes to using the above command. No it is not being blocked in the php.ini file. The issue has to do with permissions. On my old server everything worked fine until I moved over to this new server.
$who = shell_exec("whoami");
echo "$who";
When I run that commend on the old server I got that users username. Which, makes since as that means anything created via PHP would be owned by that user. In fact, every other host I know of was like that. But, on the new server when I run the commend it shows up as "nobody". How can I fix this so my commands will run properly for me and my users?
How do I enable shell_exec in an .htaccess file for one particular account, even thought it is disabled globally in php.ini ?
I am using php 4.4.6 / cpanel / centos
Also, what would the .htaccess look like for php5x?
to run one PHP script from crontab as root..
But my basic PHP has shell_exec disabled in php.ini and when trying to run script that use shell_exec even from root I get error that function is disabled.
Do you have any suggestion how can I overcome this and have ability to use this function when executing php script from console?
I have build PHP as CGI but now the function exec says with every command like uptime this error: [Thu Apr 16 10:28:37 2009] [error] [client xxx.xxx.xxx.xxx] sh: uptime: command not found
This also happens when I do the command convert (yes Imagemagick is installed). Strange enough when I login with the permissions of the exame user I can do the commands through SSH without any problem.
I use DirectAdmin with custombuild. How can I resolve this? Am I required to build PHP to CLI to use the exec command?
I installed status2k on my server and i am encountering this error.
Quote:
Warning: shell_exec() has been disabled for security reasons in /home/oxyhosts/public_html/status/includes/functions.php on line 455
You can take a look at the errors on http://tinyurl.com/264tot
I even tried disabling shell_exec and exec from php.ini but that too didnt resolve the issue.
Is there a way i can get this thing to run without / with enabling shell_exec?
I am trying to install gallery 2.3 and it requires exec() to be enabled for some functions. Is it safe to enable it in php.ini?
In php.ini file I see this, disable_functions = symlink,shell_exec,exec,proc_close,proc_open,popen,system,dl,passthru,escapeshellarg,escapeshellcmd
I have CentOS running on my VPS.
My happiness with Innohosting (as a reseller) has come to a screeching halt when I found they've disabled exec(). This has sunk my plans to use Typo3 and Gallery for a website I'm creating for a client as they use Imagemagick through exec(). Rather than reconfigure them to use gdlib (possible?) instead, I'm inclined to look for a host that allows exec().
I've asked Innohosting about applying the PHP exec_dir patch found here:[url]
And discussed here:[url]
I'm waiting for them to get back to me. I hope it's a solution as Innohosting seem great otherwise.
Failing all else, how many hosts have PHP exec() disabled? Is this common?
I want to install Client Exec in my Cpanel.
View 2 Replies View Relatedi need open curl-exec in one site in server
Configured Value for php
PHP 5 Handler dso
I have a client that is running backup exec. They have 2 scheduled jobs in the system. One of them runs, and one does not.
It is skipping over the job. If you watch the timer for the backups, it counts down, 2 mins, 1 min. Then jumps to 60 mins. No errors or anything reported in the logs.
Again, the other backup job runs perfectly fine and a manual job runs as well.
I have been having a lot of problems with my server lately. Today I attempted to update container software. The operation failed with this output:
Operation update with the Env(s) "server.[site].com" is finished with errors: Can not update packages: exec failed: warning: /etc/issue created as /etc/issue.rpmnew warning: /etc/issue.net created as /etc/issue.net.rpmnew error: /etc/httpd/logs expected to be a regular file, lstat() returned 40000 error: unpacking of archive failed on file /etc/httpd/logs: cpio: rename failed - Is a directory warning: /etc/yum.conf created as /etc/yum.conf.rpmnew Error in Transaction: One or more rpm failed. Error: /usr/share/vzyum/bin/yum failed, exitcode=1 .
I am slowly learning how to use Linux and the SSH terminal to manage my server... but this beyond me...
(I wonder if it has anything to do with the "segmentation faults" that have been occurring.)
about DNS functions. I know what the DNS is, but some part of it I am confused.
Here is situation.
AAA.com - Master
BBB.com - Reseller
Now, BBB's clients point their DNS to ns1.BBB.com, ns2.BBB.com
However, when I check BBB's whois, it shows BBB has ns1.AAA.com, ns2.AAA.com
So, BBB's clients know BBB is reseller. How can I show ns1.BBB.com, ns2.BBB.com?
I believe it's DNS function, right?
so I tried to edit DNS following:
Domain TTL Recordtype
BBB.com 86400 NS ns1.BBB.com (default was ns1.AAA.com)
BBB.com 86400 NS ns1.BBB.com (default was ns2.AAA.com)
Is it correct?
however, I checked BBB's whois, but it's still showing up ns1.AAA.com, ns2.AAA.com
It seems that some tsearch2 functions are inaccessible such as a set of rank() funcs. The default definition for one of the functions is shown in the following snippet of
code:
CREATE OR REPLACE FUNCTION rank(real[], tsvector, tsquery)
RETURNS real AS
'$libdir/tsearch2', 'rank'
LANGUAGE 'c' IMMUTABLE STRICT;
I've tried to execute this script shown above and got the following error:
ERROR: permission denied for language c
rpm -qa | grep postgresql
postgresql-devel-8.3.5-1PGDG.rhel4
postgresql-server-8.3.5-1PGDG.rhel4
postgresql-8.3.5-1PGDG.rhel4
postgresql-libs-8.3.5-1PGDG.rhel4
postgresql-plpython-8.3.5-1PGDG.rhel4
My vps managed service has disabled this functions in php.ini :
Code:
exec, shell_exec, system, passthru,popen, virtual, show_source, pclose
I asked them why these disabled and the answer was "because of security reasons" .
So for example a Joomla installation with working RSS needs some of these functions and when I install vary php programs I face some strnge problems that I think it may be from these disabilities .
So my question is could these functions usually be disabled ? and may I delete them from disable_functions of php.ini
My site is running with php scripts It's work fire at bluehost but get some error when i move to new VPS .
Quote:
Warning: fputs(): supplied argument is not a valid stream resource in /home/xxx/public_html/home/admin/update_categories.php on line 171
Warning: fclose(): supplied argument is not a valid stream resource in /home/xxx/public_html/home/admin/update_categories.php on line 173
Warning: fputs(): supplied argument is not a valid stream resource in /home/xxx/public_html/home/admin/update_categories.php on line 225
Warning: fclose(): supplied argument is not a valid stream resource in /home/xxx/public_html/home/admin/update_categories.php on line 227
I want to enable these functions fopen(),fputs(),fclose(),fputs(),fclose() but i don't know how to enable them .Could you tell me details
Are there companies out there that allow unlimited emailing capabilities on a VPS server? What kind of budget would be best to get this capability? Am I better of going with a dedicated server?
View 1 Replies View Relatedhow to make MySQL functions in PHP in server,bcz when i intall VB in my dedicated server it comeing is there is any option in WHM to chnage these funtion!
View 14 Replies View Relatedi have disbaled many functions in php.ini settings ! for security!
but i need to use some of the functions for my billing System!
how can i enable all the functions just for an account? or a directory!
