Dangerous PHP Functions Must be Disabled?

justsmallsteps

Member
Registered
Joined
Mar 11, 2014
Messages
38
Points
8
I have read a reply on this forum and was recommended to disabled dangerous PHP Functions on my hosting control panel?

I searched and got a list of dangerous php functions:
apache_child_terminate
apache_setenv
define_syslog_variables
escapeshellarg
escapeshellcmd
eval
exec
fp
fput
ftp_connect
ftp_exec
ftp_get
ftp_login
ftp_nb_fput
ftp_put
ftp_raw
ftp_rawlist
highlight_file
ini_alter
ini_get_all
ini_restore
inject_code
mysql_pconnect
openlog
passthru
php_uname
phpAds_remoteInfo
phpAds_XmlRpc
phpAds_xmlrpcDecode
phpAds_xmlrpcEncode
popen
posix_getpwuid
posix_kill
posix_mkfifo
posix_setpgid
posix_setsid
posix_setuid
posix_setuid
posix_uname
proc_close
proc_get_status
proc_nice
proc_open
proc_terminate
shell_exec
syslog
system
xmlrpc_entity_decode
Should I disable all of them? How to do?


Thanks!
 

hostens

Well-known member
Hosting Provider
Registered
Joined
Jan 18, 2017
Messages
215
Points
28
If you are not using them it should be better to disable them. Just make sure any of your hosted project do not use them.
 

justsmallsteps

Member
Registered
Joined
Mar 11, 2014
Messages
38
Points
8
If you are not using them it should be better to disable them. Just make sure any of your hosted project do not use them.
I am afraid my scripts can have small errors that I can not know when disabling these functions. So I will go your second suggestion.
although they are dangerous functions , some of them will need enabled in order to work the app or the website work. so enable them as per the needs
I got your points hence I still am using them :)
 

WPCycle

Well-known member
Hosting Provider
Registered
Joined
Dec 31, 2016
Messages
123
Points
18
Sorry I don't know how to quote with the new forum, but if you have logs running (access and errors) you should be able to track even small errors. Either way, that is a good list to start out with.
 

24x7serverman

Well-known member
Hosting Provider
Registered
Joined
Jul 25, 2017
Messages
651
Points
28
Actually, these functions are not dangerous by design but a hacker can use it for malicious purposes.

Many web host providers have disabled these functions by default but if needed then the end user can enable it.
 

justsmallsteps

Member
Registered
Joined
Mar 11, 2014
Messages
38
Points
8
justsmallsteps
Thanks for your answers, I still am enabling these functions on my server and I don't see any problems with it. Maybe they are just enabled for any servers need high security.
 

bountysite

Well-known member
Registered
Joined
Oct 11, 2017
Messages
109
Points
28
Disabling those functions is only a layer of security. Does not mean that there are no ways to circumvent.
Having those functions will only make it easy for script kiddies. So, generally recommended to disable.

Offcourse having your site running is first priority. But in most cases, the functions mentioned should not cause any issues.
May be the errors are occurring anyway.
 

hostguy

Member
Registered
Joined
Sep 9, 2020
Messages
49
Points
6
Its better to disable all these PHP functions, it will add extra layer of security to your server.
After disabling then you can check your php functions in phpinfo.php file.
 

hostguy

Member
Registered
Joined
Sep 9, 2020
Messages
49
Points
6
I have read a reply on this forum and was recommended to disabled dangerous PHP Functions on my hosting control panel?

I searched and got a list of dangerous php functions:


Should I disable all of them? How to do?


Thanks!
You can disable PHP function if you have root access of your server.
I have followed this guide Disable dangerous PHP functions and its easy to disable fro WHM server.
 
Recommended Threads

Latest Hosting OffersNew Reviews

Sponsors

Tag Cloud

You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.

Top