Disable_functions
Jan 25, 2007
I moved to a new didecated server, after moving some secripts don't work any more like : php upload center that change the photo name and write the site name under the photo. when I try to upload any image the page reload without any result nor errors!
when I took a look to the php info I found many fanctions are disable.
Now I don't know which function is the one which couse this problem.
disable_functions:
Code:
dl,exec,shell_exec,system,passthru,popen,pclose,proc_open,proc_nice,proc_terminate,proc_get_status,proc_close,pfsockopen,leak,apache_child_terminate,posix_kill,posix_mkfifo,posix_setpgid,posix_setsid,posix_setuid,escapeshellcmd,escapeshellarg,dl,exec,shell_exec,system,passthru,popen,pclose,proc_open,proc_nice,proc_terminate,proc_get_status,proc_close,pfsockopen,leak,apache_child_terminate,posix_kill,posix_mkfifo,posix_setpgid,posix_setsid,posix_setuid,escapeshellcmd,escapeshellarg
my php Version 4.4.4
View 7 Replies
Jun 11, 2007
what are the most important issues for secure php.ini file like when you turn your SAFE_MODE ON or OFF?
or please who every read this topic to post his important disable_functions in php.ini ... and if some functions disable to post it ...
let's make this subject for the most important issues for secure your php.ini
from script-kids as we can ...
here i have some important question's for anyone has or controlling a server ; vps ....
#0x01 ; what the most important disable_functions for the php.ini?
#0x02 ; is the safe_mode should be enabled? or disable? and this depend on what exacly?
#0x03 ; what the functions or any trick to control the nobody ( attacker on the server or shell ) FROOZ .... didn't move ? or make any command in the server ...
#0x04 ; i saw in some secure server ( as they say ) they changed the Server : discribe to them name[s] like
Server : SECURE BY US .COM OR SECURE SERVER ..
uname -a : Linux secure.secure.com 2.6.9-023stab040.1 #1 Mon Jan 15 23:24:32 MSK 2007 i686 athlon i386 GNU/Linux
sysctl : linux 2.6.9-023stab040.1
Server : SECURE BY US ! < [THIS WHAT I MEAN HOW COULD WE CHANGE IT IN PHP.ini ?]
id : uid=99(nobody) gid=99(nobody) groups=99(nobody) <[how can we cannot make this nobody to have the host id ! everyhost in the server should have his own name and php.ini ?]
pwd : /home/host/public_html/
#0x05 ; how can we hide the uname -a on the shell [ the attacker upload it to our customer site !]
#0x06 ; how can we hide the sysctl to view to anyone like [ attacker ] ...
#0x07 ; how can we rewrite on he Server Type the display for our secure message?Server : SECURE BY US !
#0x08 ; how can we give evey site and customer his php.ini file in his public_html? and how can we give him [ JUST HIS PERMISSION TO HIS SITES FOLDER AND NOT OTHER PATHS AND PERMISSION!]
these question every one had a server ; vps , need to know and secure his box from other ...
and anyone would like to publish any new [secure or not] idea please let us know what you would like to say ....
View 1 Replies
View Related
