Knowledgebase

Knowledgebase

Portal Home > Knowledgebase > Articles Database > Prevent user use custom php.ini


Prevent user use custom php.ini




Posted by ASVJSC, 04-26-2008, 01:49 PM
Hi, I have added some functions in php.ini for security. But when user use their php.ini file located in their account, all functions enabled again. How can i prevent user custom php.ini ? Thank you.
Posted by activelobby4u, 04-27-2008, 08:24 AM
suphp enabled ?
Posted by Patrick, 04-27-2008, 01:06 PM
No, suPHP does not restrict users from using custom php.ini files.
Posted by activelobby4u, 04-27-2008, 01:50 PM
I was thinking the other way round . If he tries to remove the php.ini from the domains , they would fail if suphp is enabled.
Posted by ASVJSC, 04-28-2008, 02:36 PM
Yeap, i'm using suphp. I have trouble in shell local attack. I disabled some php function in php.ini to prevent. But when user upload their php.ini to their account, all my functions disabled will be enabled again. Can you advise me the way to resolve this issue ?
Posted by activelobby4u, 04-28-2008, 02:48 PM
This is being reported by other users as well and i beleive it is a bug. http://www.webhostingtalk.com/archiv.../t-558374.html try changing your php version to something else
Posted by ASVJSC, 04-28-2008, 03:05 PM
hmm, I'm using the lastest version of php 5.2.5. The last, i used php 4.4.7 and got the same issue If this issue cant resolve, server will got big trouble with shell attack (local attack). @activelobby4u: How about your server ? do you get the same ? Please try to test ..
Posted by ASVJSC, 04-30-2008, 06:12 AM
Anyone can give me an advise ??
Posted by cloud911, 04-30-2008, 08:03 AM
are you on a cpanel server ?
Posted by ASVJSC, 04-30-2008, 03:45 PM
Yeah, i'm using the lastest WHM/Cpanel version with php 5.2.5, suPHP....
Posted by cloud911, 05-02-2008, 12:39 AM
in a text editor (nano, vi etc) open the file - /opt/suphp/etc/suphp.conf search for [phprc_paths] there uncomment the following lines : ;application/x-httpd-php=/usr/local/lib/ ;application/x-httpd-php4=/usr/local/php4/lib/ ;application/x-httpd-php5=/usr/local/lib/ save and quit. restart apache. you are done, now regardless of php.ini at their home folders, all users will be forced to use php.ini at the above paths .


Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
reseller account which allows mp3 index scripts (Views: 545)
FTP Ban (Views: 540)
live chat image on the site (Views: 613)
setuid and setgid (Views: 623)
"Service Status" not showing services (Views: 607)


Language:

Contact us

Copyright © 2018 DC International LLC. - All Rights Reserved.