X

Lütfen Para Birimi Seçiniz

Türk Lirası $ US Dollar Euro
X

Lütfen Para Birimi Seçiniz

Türk Lirası $ US Dollar Euro
TRY

Bilgi Bankası

AnasayfaBilgi BankasıSystem AdministrationDisabling Dangerous PHP Functions

Disabling Dangerous PHP Functions

Have you ever wondered which PHP functions are termed to be highly dangerous in web hosting & should promptly be left disabled in the configuration ?

PHP is a powerful language which; when used in an improper way, either unknowingly; carries the potential to mess up with a web hosting server & hack/exploit user accounts further upto root level. Hackers using an insecure PHP script as an entry point to a web hosting server can start unleashing dangerous commands and take control over the complete server quickly.. Certain functions which are used in such scripts are termed to be dangerous & are turned off in the PHP configuration. Let's find out which functions are dangerous & how they are turned off..

Here's a complete list of such functions which are needed to be stopped from being executed within any website on your web hosting server:

"apache_child_terminate, apache_setenv, define_syslog_variables, escapeshellarg, escapeshellcmd, eval, exec, fp, fput, ftp_connect, ftp_exec, ftp_get, ftp_login, ftp_nb_fput, ftp_put, ftp_raw, ftp_rawlist, highlight_file, ini_alter, ini_get_all, ini_restore, inject_code, mysql_pconnect, openlog, passthru, php_uname, phpAds_remoteInfo, phpAds_XmlRpc, phpAds_xmlrpcDecode, phpAds_xmlrpcEncode, popen, posix_getpwuid, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, posix_setuid, posix_uname, proc_close, proc_get_status, proc_nice, proc_open, proc_terminate, shell_exec, syslog, system, xmlrpc_entity_decode"

Locate your php.ini and then edit:

root@server [~]# php -i | grep php.ini

You'd get "Configuration File (php.ini) Path => /etc/php.ini" or any other different location, such as /usr/local/lib/php.ini

Now edit the file using your favourite editor :

root@server [~]# vi /etc/php.ini

Search for the following text within that configuration file & modify disable_functions = "" to

disable_functions = "apache_child_terminate, apache_setenv, define_syslog_variables, escapeshellarg, escapeshellcmd, eval, exec, fp, fput, ftp_connect, ftp_exec, ftp_get, ftp_login, ftp_nb_fput, ftp_put, ftp_raw, ftp_rawlist, highlight_file, ini_alter, ini_get_all, ini_restore, inject_code, mysql_pconnect, openlog, passthru, php_uname, phpAds_remoteInfo, phpAds_XmlRpc, phpAds_xmlrpcDecode, phpAds_xmlrpcEncode, popen, posix_getpwuid, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, posix_setuid, posix_uname, proc_close, proc_get_status, proc_nice, proc_open, proc_terminate, shell_exec, syslog, system, xmlrpc_entity_decode"

After modifying the PHP configuration, the Apache web server needs to be restarted.. for the above done changes to take effect.

If you find any problems with your web-applications after disabling these above mentioned functions, it's recommended to recheck your code & find an alternative solution, rather than risking the complete server for a mere application.. 

Note that the above mentioned solution is applicable for both type of servers, Linux web hosting server & for Windows web hosting servers as well.. The PHP configuration on Windows is generally found in the C:\Windows folder.. Make sure you restart IIS web server PHP config modifications on windows servers too..

Aradığınız Bilgiyi Bulamıyor musunuz?

Bilgi bankasını detaylı olarak incelediniz, fakat ihtiyacınız olan bilgiyi bulamıyorsanız,

Bir Destek Talebi Oluşturun.
Faydalı Buldunuz mu?
(14422 defa görüntülendi. / 146 kişi faydalı buldu.)

Top