My vps managed service has disabled this functions in php.ini :
Code: exec, shell_exec, system, passthru,popen, virtual, show_source, pclose I asked them why these disabled and the answer was "because of security reasons" .
So for example a Joomla installation with working RSS needs some of these functions and when I install vary php programs I face some strnge problems that I think it may be from these disabilities .
So my question is could these functions usually be disabled ? and may I delete them from disable_functions of php.ini
is it possible to set the disabled functions list for PHP in apache's HTTPD.conf per virtual host? i want a bunch of functions disabled for everyone except the default host (me).
I tried the php_admin_value way and when i look at phpinfo() it shows that the master is disabled and the local is not disabled (exactly what i want) but they arnt actually enabled for me
The problem appeared from register globals, in the shop oscommerce after the actualization PHP to the version 4.4.5 information appears me: FATAL ERROR: register_globals is disabled in php.ini, please enable it! and if I add: php_flag register_globals On to the file .htaccess this: one can not display page.
I hosted three domains in dreamhost for at least two years. Several days ago, some guy (registered in one of my websites) complained to dreamhost that I was sending a spam email to him and then Dreamhost disabled my account. I don't even have access to my data now.
The email I sent to that guy was just a regular newsletter of my website. The dreamhost staff Karl said that I should provide proof that users of my website should have confirmation on their registration and I should record their registration IP as well as registration date. Well, my website indeed was designed with such feature. After registration, users will receive a confirmation email on their registration. They should click on a link in the email to activate their account. And we designed the database so that the registration IP and date will be recorded.
However, the dreamhost staff said that not all the fields of IP&date are filled with data, some are blank. Then it must be the problem of our PHP script, not our original purpose, because we designed the database for that.
Now dreamhost disabled my account forever. No response for my emails with questions. No backup for my data that I worked for everyday. I just can't ever believe such a famous hosting provider would act like this. I don't even have a chance to have my data back. I don't even have a chance to correct my PHP script so that the problem will not occur any more.
It seems that some tsearch2 functions are inaccessible such as a set of rank() funcs. The default definition for one of the functions is shown in the following snippet of
code: CREATE OR REPLACE FUNCTION rank(real[], tsvector, tsquery) RETURNS real AS '$libdir/tsearch2', 'rank' LANGUAGE 'c' IMMUTABLE STRICT; I've tried to execute this script shown above and got the following error: ERROR: permission denied for language c rpm -qa | grep postgresql postgresql-devel-8.3.5-1PGDG.rhel4 postgresql-server-8.3.5-1PGDG.rhel4 postgresql-8.3.5-1PGDG.rhel4 postgresql-libs-8.3.5-1PGDG.rhel4 postgresql-plpython-8.3.5-1PGDG.rhel4
Are there companies out there that allow unlimited emailing capabilities on a VPS server? What kind of budget would be best to get this capability? Am I better of going with a dedicated server?
In the php.ini ive disabled several functions for security reasons but i need to enable exec() and shell_exec() for WHMCS Status, but i dont want it enabled for anything or anyone else. I know you can over ride global php.ini but i preferably dont want that on and also i forgot where that option is but i was wondering if there was any work arounds or would i have to enable exec() and shell_exec() globally or enable php.ini override.
When dealing with the security of your server you will eventually get to the part were you will want to disable some php functions. The only problem on shared hosting is that you cannot disable exec for a domain and enable that function for an other that needs it because of some lame script. Eventually you will get to the part were you will need to enable exec on the entire server because of one site.
There is a solution to this and it’s called suhosin.
Suhosin has a configuration variable called ”suhosin.executor.func.blacklist” which can be used to disable some php functions. The difference between this variable and disable_functions in php.ini is that it can be set for all the sites and then it can be modified for a domain only (it can be overwritten) so you will be able to disable exec on the entire server and enable that function for a single domain.
I will not write here how to install suhosin.
Also, you only need the extension for this so you do not need to patch php and recompile.
IMPORTANT: I have noticed that the suhosin extension 0.9.20 will not work anymore as there are some problems with it. It’s ok as long as we have 0.9.18. Probably the next version of the extension will be fixed to work ok again so remember to use version 0.9.18 for this until the problem is fixed.
Ok, so to use suhosin as the php function blocker we need to comment out disable_functions in php ini (yes, enable all the functions) and then set in php.ini suhosin.executor.func.blacklist to something like this:
After that, all the functions added in suhosin.executor.func.blacklist will not work anymore in php scripts. If you need to enable a function for a domain, let’s say exec, you will have to edit apache configuration file and add suhosin.executor.func.blacklist without the exec function:
how to make MySQL functions in PHP in server,bcz when i intall VB in my dedicated server it comeing is there is any option in WHM to chnage these funtion!
How to disable those functions on VPS with Lxadmin and CentOS 5 show_source, system, shell_exec, passthru, exec, phpinfo, popen, proc_open, base64_decode, base64_encodem, proc_terminate
I'm using Parallels Plesk 12.0 and a mysql-Server.
I'm logged in with a customer's account into his phpmyadmin. Whenever a client connects to his website (which uses the database of his account) I get logged out and receive a "session expired" error. When I log in again I get "there's already a user with your username logged in".
I went with the cheapest VPS, no control panel and installed webmin myself (done - saves a quid a month )
I have now setup the virtual domains for multiple domain hosting, to find whilst migrating a website that the current install of php (5.12ish) has --without-mysql so i got the php install files, went to run ./config to find i'm missing required files (configure: error: Could not find pcre.h in /usr) which in turn required more files the resolution rpms are out of the question too many, I need YUM yet... bash: yum: command not found strange as centos comes with yum i thaught support is busy, thaught i'd try here ------------------------------------------------- Me: Web Designer Only linux experience prior is Yellow Dog Linux No prior experience in VPS VPS: centos 5 minimum spec now with webmin
Last night MySQL Crashed, and when the guy that I share the server with found out, he simply restarted the server (because he doesnt know any better). I went to check my email this morning and it wasnt connecting, I assumed the pop3 server or exim was in need of a restart, but when I went to restart pop3, this came up:
Attempting to restart cppop Waiting for cppop to restart.... . . . . . . . . . . finished.
cppop status
couriertcpd is disabled
Service: [cppop] has been disabled by the sys admin So, I re-enabled cppop (can't imagine why it would have disabled itself) and still nothing, I looked up couriertcpd to re-enable as well, but found nothing about enabling/disabling it on google.
I am hosted at EuroVPS from my reseller. I have noticed that my disk space has high usage 150MB whereas real usage should be around 30MB. Then I tried report service which stated disk usage is 30MB and Log report is 120MB. I said no problem let delete those Log files where I bumped to a problem, Log rotation is disabled and there is no X (delete button). In few years I could reach to maximum disk usage and disabilty to upload files and etc..
What to do now? I don't have password for support at EuroVPS since I am not reseller and my reseller isn't replying).
Recently your account was utilizing excessive resources and putting load on server, making it unstable. Details are as follows:
A detail of the problem is shown below as:
CPU: 4.34 % Memory: 0.97 % Mysql: 4.1 %
My account information:
Disk Space Usage 2642.17 Megabytes MySQL Disk Space 27.80 Megabytes Bandwidth (this month) 13591.15 Megabytes
After Lunarpages disabled my index.php file to shut down my site, I transferred my download files to an Online Hard Disk -- Skydrive. With only dozens of IPs per day, the CPU usage will not be excessive.
I don't know if this can solve the problem and let them open my site again. Now with almost two days passed, and still no reply, I get worried.
My happiness with Innohosting (as a reseller) has come to a screeching halt when I found they've disabled exec(). This has sunk my plans to use Typo3 and Gallery for a website I'm creating for a client as they use Imagemagick through exec(). Rather than reconfigure them to use gdlib (possible?) instead, I'm inclined to look for a host that allows exec().
I've asked Innohosting about applying the PHP exec_dir patch found here:[url]
And discussed here:[url]
I'm waiting for them to get back to me. I hope it's a solution as Innohosting seem great otherwise.
Failing all else, how many hosts have PHP exec() disabled? Is this common?
If APF is running, but iptables is not. Will it then even work if it's not in monolythic kernel? When i check the iptables status, i see: # service iptables status Firewall is stopped.
Someone is assisting me with security installs on my server, and he told me it's is normal? I thought APF is an iptables based script, so iptables must be enabled?
One problem: All my old files and folders are owned by ROOT so that means my SU account named XXX cant edit/add/delete anything from my SFTP because of folder/file permission.
Is there anyway my SUDO(wheel) account can still edit these files own by ROOT?
I have problem with one of our clients, they have disabled network card and of course lost access to windows server. After reboot it looks that it doesn;t auto-start net.
Server is at ovh and there is problem with theirs support (they don;t support windows - or maybe they don;t know how to click on network card at enable).
We have started kvm but it is activated in some virtual network and in network connections is only some "local connection 2" with local address 10.x.x.x
How we can remotly enable/restore network after normal system start ?
Is there any command that we can add to autostart that can enable network, or maybe there is some another way to fix this (change some registry key that network will be activate after restart or sth).