Results 1 to 10 of 25
-
21st May 2011, 12:59 AM #1OPMember
[TUT] KWWH special ! : How to Harden PHP via php.ini
Hello Guys ,
This is my tutorial on how to harden PHP via the php.ini to stop those horrible php shells like c99.
Ok lets get started ~
Step 1 : Install Suhostin :
Code:cd /opt wget http://download.suhosin.org/suhosin-0.9.27.tgz
Code:yum install php-devel
Code:cd suhosin-0.9.27 phpize ./configure make make install
Code:echo 'extension=suhosin.so' > /etc/php.d/suhosin.ini
Step 4 : Edit Your php.ini
Code:nano /etc/php.ini
FindCode:disable_functions =
Code:disable_functions
Code:php_uname,delete,system,etmyuid,getmypid,passthru,leak,listen,diskfreespace,tmpfile,link,ignore_user_abord,shell_exec,dl,set_time_limit,exec,system,highlight_file,source,show_source,fpaththru,virtual,posix_ctermid,posix_getcwd,symlink,popen,system,escapeshellarg,escapeshellcmd,myshellexec,c99_buff_prepare,c99_sess_put,fpassthru,posix_getegid,posix_geteuid,posix_getgid,posix_getgrgid,posix_getgrnam,posix_getgroups,posix_getlogin,posix_getpgid,posix_getpgrp,posix_getpid,posix,getppid,posix_getpwnam,posix_getpwuid,posix_getrlimit,posix_getsid,posix_getuid,posix_isatty,posix_kill,posix_mkfifo,posix_setegid,posix_seteuid,posix_setgid,posix_setpgid,posix_setsid,posix_setuid,posix_times,posix_ttyname,posix_uname,proc_open,proc_close,proc_get_status,proc_nice,proc_terminate,phpinfo
Step 5 : Now we are preventing information disclosure
FindCode:display_errors =
Code:display_errors = Off
Code:register_globals = Off
Code:allow_url_fopen = Off allow_url_include = Off
Code:file_uploads = Off
Code:upload_tmp_dir = /var/php_tmp upload_max_filezize = 2M
Code:session.save_path = /var/lib/php session.cookie_httponly = 1
Then Restart Your Apache :
Code:/sbin/service httpd reload
Dom Reviewed by Dom on . [TUT] KWWH special ! : How to Harden PHP via php.ini Hello Guys , This is my tutorial on how to harden PHP via the php.ini to stop those horrible php shells like c99. Ok lets get started ~ http://www.besthostingforums.com/images/cdn/besthostingforums.com/2011/05/th_harden-1.gif Step 1 : Install Suhostin : Rating: 5
-
21st May 2011, 04:07 AM #2Respected MemberWebsite's:
DL4Everything.com Soft2050.inLooks like a nice tut
-
21st May 2011, 04:09 AM #3Member
Keep it up dude. We need more security related articles.
-
21st May 2011, 04:11 AM #4MemberWebsite's:
vrapidshare.com vconverter.coccnice tut!
-
21st May 2011, 04:13 AM #5MemberWebsite's:
felonygames.comi don't see many benefits in this. The latest version of PHP have register_globals = Off off bu default and the rest of the crap to be honest is
crap. Like disabling errors . This shouldn't be an issue on a live server because
ALL DISPLAYED errors should have been fixed in BETA while running
the script on localhost
-
21st May 2011, 04:23 AM #6OPMember
The Benefit in this tutorial is too show people what codes can affects your site and server , and blocking them
-
21st May 2011, 04:28 AM #7MemberWebsite's:
felonygames.comYour PHP is secure against those hackers.
-
21st May 2011, 04:34 AM #8OPMember
Well , If you did a little re-search c99 , c100 , r57 etc all those shells use shell_exec . So yes by disabling functions like that you will be safe from shells
-
21st May 2011, 04:38 AM #9Member
FFS u even disabled phpinfo . lame. Afaik disabling php functions doesn't provide any security
-
21st May 2011, 04:41 AM #10Member
You dont need phpinfo as long as you know what php you are running on.
Sponsored Links
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Similar Threads
-
[VIDEO TUT]How to install Mod_Security and Harden PHP
By Dom in forum Technical and Security TutorialsReplies: 14Last Post: 9th Jun 2011, 11:00 AM -
something special
By extremetrauma in forum Webmaster DiscussionReplies: 1Last Post: 3rd Mar 2011, 10:54 AM -
[VPS] [EU][VPS][Special Offer!] SeedExpress Germany VPS Pre. Special
By SeedExpress in forum ArchiveReplies: 4Last Post: 18th Dec 2010, 09:03 AM -
Very Special Thanks to ProtoWorker
By SaBteCh in forum General DiscussionReplies: 11Last Post: 5th May 2010, 02:49 PM
themaManager - edit and manage...
Version 4.05 released. Open older version (or...