пользовательский php.ini
  1. Forums
  2. CloudLinux and Control Panels
  3. CloudLinux and cPanel
  1. Frank Doud
  2. Monday, 28 January 2013
  3.  Subscribe via email

 Is it possible to create a custom php.ini and place in a cPanel account so as they may use functions that are turned off in the serves php.
such as allow_url_include etc? 

Rate this post:
  1. 31.01.2013 01:01:20
  2. # 1
yanayun yanayun Accepted Answer
Posts: 1
Joined: 31.01.2013
cracker/hacker can change php.ini  to incative global function and execute bash shell to send thousand spam email 

disable_functions =

please protect this function, nobody can change except some user was allow
  1. 31.01.2013 06:01:18
  2. # 2
Igor Seletskiy Accepted Answer
Posts: 1200
Joined: 09.02.2010
cracker / hacker can also add a cgi handler to .htaccess file, and run full blown CGI -- even if you blocked it on cPanel level. Hence all those disable_functions are meaningless (we have just recently witnessed attack like that -- even though user had all the \'disabled_functions\' you can ask for.

Relying on user not being able to run arbitrary shell / scirpt commands is just opening yourself for set of troubles. Correct way to go is to have CageFS & some form of anti-spam.

Eitherway -- we do plan to try to limit php.ini config options that user can modify.
  • Page :
  • 1

There are no replies made for this post yet.
Be one of the first to reply to this post!
Submit Your Response
Upload files or images for this discussion by clicking on the upload button below. Supports gif,jpg,png,zip,rar,pdf
• Insert • Remove Upload Files (Maximum File Size: 2 MB)
To protect the site from bots and unauthorized scripts, we require that you enter the captcha codes below before posting your question.