custom php.ini
Forum
  1. Forums
  2. CloudLinux and Control Panels
  3. CloudLinux and cPanel
  1. Frank Doud
  2. Monday, 28 January 2013
  3.  Subscribe via email
Hi,

 Is it possible to create a custom php.ini and place in a cPanel account so as they may use functions that are turned off in the serves php.
such as allow_url_include etc? 

thanks
Rate this post:
  1. 31.01.2013 01:01:20
  2. # 1
yanayun yanayun Accepted Answer
Posts: 1
Joined: 31.01.2013
0
Votes
Undo
cracker/hacker can change php.ini  to incative global function and execute bash shell to send thousand spam email 

disable_functions =

please protect this function, nobody can change except some user was allow
  1. 31.01.2013 06:01:18
  2. # 2
Igor Seletskiy Accepted Answer
Posts: 1200
Joined: 09.02.2010
0
Votes
Undo
cracker / hacker can also add a cgi handler to .htaccess file, and run full blown CGI -- even if you blocked it on cPanel level. Hence all those disable_functions are meaningless (we have just recently witnessed attack like that -- even though user had all the \'disabled_functions\' you can ask for.

Relying on user not being able to run arbitrary shell / scirpt commands is just opening yourself for set of troubles. Correct way to go is to have CageFS & some form of anti-spam.

Eitherway -- we do plan to try to limit php.ini config options that user can modify.
  • Page :
  • 1


There are no replies made for this post yet.
Be one of the first to reply to this post!
Guest
Submit Your Response
Upload files or images for this discussion by clicking on the upload button below. Supports gif,jpg,png,zip,rar,pdf
• Insert • Remove Upload Files (Maximum File Size: 2 MB)
Captcha
To protect the site from bots and unauthorized scripts, we require that you enter the captcha codes below before posting your question.