How to disable php vulnerability function on linux server using php.ini file
Most of the linux server was hacked due to PHP vulnerability function not disabled properly also most of the open source script got hacked like (WordPress, joomla and drupal)
So we need to disable these vulnerability function to improve our server security. We can done this in “php.ini” file.
First we need to find out the global “php.ini” file on server, click the link to get the php.ini file path.
Use “nano” or “vi” editor to open the php.ini file on shell and disable the below function to Hardening your server from hackers, malware and malicious contents.
1) Find the php.ini file and open it
For example, login to your server via ssh and open the php.ini file
[email protected] [~]# nano /usr/local/lib/php.ini
2) Check the php.ini file contents
Sample Output of php.ini file is showing below.
GNU nano 1.3.12 File: /usr/local/lib/php.ini [PHP] ;;;;;;;;;;; ; WARNING ; ;;;;;;;;;;; ; This is the default settings file for new PHP installations. ; By default, PHP installs itself with a configuration suitable for ; development purposes, and *NOT* for production purposes. ; For several security-oriented considerations that should be taken ; before going online with your site, please consult php.ini-recommended ; and http://php.net/manual/en/security.php. ;;;;;;;;;;;;;;;;;;; ; About this file ; ;;;;;;;;;;;;;;;;;;; ; This file controls many aspects of PHP's behavior. In order for PHP to ; read it, it must be named 'php.ini'. PHP looks for it in the current ; working directory, in the path designated by the environment variable ; PHPRC, and in the path that was defined in compile time (in that order). ; Under Windows, the compile-time path is the Windows directory. The ; path in which the php.ini file is looked for can be overridden using ; the -c argument in command line mode.
3) Find the disable_function and add below listed php functions
Find disable_functions and disable the below vulnerability function’s
disable_functions = "phpinfo,exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,parse_ini_file,show_source,allow_url_fopen,allow_url_include"
If you are going to do this on shared server “N” of customer face lots of issues like some of the function’s not worked, then you need to create the php.ini file in particular domain home folder and enable the function which need to run the script.
4) Restart Apache service
Save and close the file and Restart apache server to take effect the modification.
[email protected] [~]# service httpd restart or [email protected] [~]# /etc/init.d/httpd restart