Should you modify the PHP configuration and disable commonly abused PHP functions?

Klaus Warzecha

Klaus Warzecha

Member
Registered
Joined
Nov 10, 2016
Messages
42
Points
8
Hi everyone, after installed my hosting control panel, I was recommended to disable PHP functions

Code: 
disable_functions = show_source, allow_url_fopen, parse_ini_file, open_base, symlink, phpinfo, apache_child_terminate, apache_setenv, define_syslog_variables, escapeshellarg, escapeshellcmd, eval, exec, fp, fput, ftp_connect, ftp_exec, ftp_get, ftp_login, ftp_nb_fput, ftp_put, ftp_raw, ftp_rawlist, highlight_file, ini_alter, ini_get_all, ini_restore, inject_code, mysql_pconnect, openlog, passthru, php_uname, phpAds_remoteInfo, phpAds_XmlRpc, phpAds_xmlrpcDecode, phpAds_xmlrpcEncode, popen, posix_getpwuid, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, posix_setuid, posix_uname, proc_close, proc_get_status, proc_nice, proc_open, proc_terminate, shell_exec, syslog, system, xmlrpc_entity_decode
Should I modify the PHP configuration and disable commonly abused PHP functions above? they are commands should be closed from server to avoid hackers exploit your website?

Any suggestions?
 
Dewlance

Dewlance

Well-known member
Hosting Provider
Registered
Joined
Dec 20, 2014
Messages
115
Points
18
1 year ago, I was use this method to disable some function but later I found that most of popular software required this command and create issue so I no longer block this because of latest PHP software is more secure and we no longer use some old software.

For example, allow_url_fopen is used by common software so disabling this will affect script and it will not run properly.
 
David Beroff

David Beroff

Well-known member
Registered
Joined
Jun 14, 2016
Messages
1,498
Points
63
Dewlance said:
1 year ago, I was use this method to disable some function but later I found that most of popular software required this command and create issue so I no longer block this because of latest PHP software is more secure and we no longer use some old software.

For example, allow_url_fopen is used by common software so disabling this will affect script and it will not run properly.
Click to expand...
isix said:
Moreover that many companies are using APIs and by disabling such php functions it won't work.
Click to expand...
I agree with Dewlance and isix, to secure your server, it is not only depending on disabling or enabling those functions, it depends on how you will configure your website cms and your hosting server.
 
WeWatchYourWebsite

WeWatchYourWebsite

New member
Registered
Joined
May 15, 2017
Messages
6
Points
0
Since php.ini files can be nested, you can disable globally and then add a php.ini in the folders that require those functions.

Yes, it's a pain in the neck, but so is an infected website. It's like disabling PHP in a /wp-content/uploads folders on WordPress sites. In the majority of cases, PHP code never needs to run in that folder. But frequently we find malicious code uploaded there. So why not disable it?

It's another layer in the "Defense in Depth" strategy.
 
You must log in or register to reply here.
Older Threads
Klaus Warzecha
Vultr DDoS Protection?
Replies
8
Views
10,692
isix
David Beroff
Powerdns vs Bind
Replies
5
Views
4,501
24x7serverman
HostYouFast
OFFER Cheap DEDICATED CLOUD, SINGLE CPU, MULTI CPU - SERVERS (SSD Storage Optional) 99.9% Uptime.
Replies
0
Views
1,569
HostYouFast
L
OFFER UK SSD Virtual Servers - Fully Managed - Plans Start From £9.99 Per Month
Replies
2
Views
5,870
LJSHost
L
OFFER Managed Reseller Hosting - 10GB | £7.99 per month | SALE NOW ON use PROMO30 for 30% off !
Replies
0
Views
5,589
LJSHost
Newer Threads
Klaus Warzecha
How to make SSH listen on multiple ports?
Replies
8
Views
7,411
24x7serverman
wpspeedster
Linux malware scanner?
2
Replies
29
Views
14,497
Nixtree
David Beroff
What do daily backups include?
Replies
7
Views
7,434
VirtuBox
Matt Eberlie
Is KYUP container hosting is reliable for PHP based applications?
Replies
4
Views
7,236
Matt Eberlie
BlueLeaf
Greetings Everyone!
Replies
6
Views
2,703
rankmyhub
Latest Threads
M
Need suggestions about dedicated servers
Replies
0
Views
117
marylouis
Jinendra Khobare
Hello!
Replies
0
Views
65
Jinendra Khobare
B
HELLO ALL MEMBER
Replies
0
Views
57
BestWarez
J
Jtti Black Friday Special: Hong Kong VPS Cloud Servers Starting at $4.16/Month with Up to 70% Discount
Replies
1
Views
177
marylouis
S
I'm unable to buy domain name from OVH.com
Replies
1
Views
87
BlueLeaf
Recommended Threads
Philippe Gaucher
CentOS 6 vs 7, Which is better?
2
Replies
27
Views
36,831
Cheerag Nundlall
S
facebook ads and google ads
Replies
12
Views
3,767
Dopani
Knowing Roger
What would be next ?
Replies
0
Views
1,972
Knowing Roger
White Tiger
Hi There ! White Tiger here !
Replies
0
Views
1,208
White Tiger
alpshost1
Good day from Alps Host
Replies
6
Views
2,253
Dr. McKay
Similar Threads
harrygreen90
What should I change on the DirectAdmin control panel to make my server more secure?
Replies
10
Views
2,319
David Beroff
Mihai B.
Should I edit MySQL configurations for high-traffic websites?
Replies
3
Views
1,669
HifiveHost
Cheerag Nundlall
Should I choose a domain extension other than .com?
Replies
17
Views
6,023
portuguesedude
Chris Worner
Monthly maintenance checklist for WHM/cPanel: What should I be checking and updating?
Replies
8
Views
2,176
Harry P
Chris Worner
Should I change to a new server on Hetzner?
Replies
3
Views
1,629
MajorGap

Latest postsNew threads

Latest Hosting OffersNew Reviews

Popular Contributors - Past 30 Days

Sponsors

Tag Cloud

You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
  • cpanel
  • dedicated
  • free
  • hello
  • hosting
  • hosting services
  • marketing
  • offers
  • seo
  • server
  • services
  • vps
  • web
  • web hosting
  • website
  • wordpress
    • Top