I run a small Apache webserver based on my personal use, and that along with friends and family. However, most of the script kiddie try to exploit applications like wordpress php using exec (), passthru (), shell_exec (), system () function, etc.. How do I disable this function to improve the security of my php script?
A. PHP has many functions that can be used to solve your server if not used properly. You can set the list of functions in php.ini directive disable_functions use. This directive allows you to disable certain functions for security reasons. It takes on a comma-delimited list of function names. disable_functions not affected by Safe Mode. This directive must be set in php.ini For example, you can not set this in httpd.conf.
Open the php.ini file:
# Vi / etc / php.inidisable_functions = exec, passthru, shell_exec, system, proc_open, popen, curl_exec,
curl_multi_exec, parse_ini_file, show_source
Save and close the file. Restart httpd:
# Service httpd restart
0 comments:
Post a Comment