Troubleshoot - by Hostrare
PHP is a server-side scripting language. You can plant PHP code in your web pages with HTML. When your server supports an application for a side, it first affords the page to the PHP handler program. The PHP handler outputs HTML code as-is, but when it encounters cpanel PHP knowledgebase commands, it produces them. Any HTML created by the PHP commands is also output. The result is a web page with content that has been customized on the server before being sent to whoever demanded it.
there are two folders where PHP configuration commands can go: php.ini or Apache .htaccess ( please refer to what php running on your server)
How to view your PHP settings.
Generate a text file with a .php extension, containing just this line.
Then scan that file to check php info page.
The following functions are used to prevent hacking efforts and malware injection, etc., on your php application.
This directive supports you to damage certain functions for safety analyses. It takes on a comma-delimited list of role names. disable_functions is not affected by Safe Mode. This directive requirement be set in php.ini
disable_functions = exec, passthru, shell_exec, system, proc_open, popen, curl_exec, curl_multi_exec, parse_ini_file, show_source
Please refer to another unwanted php function and damage it.
What is Safe Mode?
safe mode is a security innovation that was produced to prevent hackers from being able to use PHP scripts to produce commands at the operating system level (such as Linux shell commands).
To disable PHP safe mode on a server, edit the /usr/local/lib/php.ini file and qualify the following line:
safe_mode = Off
The open_basedir function marks the places or paths from which PHP is permitted to access records using functions like fopen() and gzopen(). If a file is external of the paths defined by open_basdir, PHP will refuse to open it. You cannot use a symbolic link as a workaround, because the path that the typical link fixes to falls under the restrictions of the open_basedir reception.
To prevent accounts from accessing foreign files using PHP:
WHM >> Security Center >> PHP open_basedir Tweak
Click the Enable php open_basedir Protection checkbox at the top of the list.
Select domains you wish to exclude, disabling assurance for their files.
How does it work?
PHP admin directives for open_basedir are added to each Virtual Host in httpd.conf. These directives limit users’ access via PHP to only the following directories:
register_globals is an internal PHP setting that registers the $REQUEST array’s factors as variables. If you propose a value in a form, via POST or GET, the value of that input will automatically be accessible via a variable in the PHP script, named after the name of the data field.
In different words, if you submitted a form containing a username text field, the word ($username === $_POST[‘username’]) at the very opening of the script would return true.
If it is enabled, any question string at the end of the URL http://yourdomainsomething.php?valid=true will affect the benefit of a variable $valid (for example) in something.php, if it exists.
If you’re using publically usable PHP code (a library for example) the names of variables are well known, and it would be tolerable for hackers to control their benefits by assigning values in the query string. They may be able to bypass authentication.
For safety reasons, it is suggested to disable register_globals
put in the one line of code on your php.ini
register_globals = off
allow_url_fopen is extraordinarily essential. It limits URLs (internet addresses) from being used in PHP include() records and in some other places. A command such as include(“http://website.com/page.php“) will not be permitted to execute. Only files that reside within your website can be included, and you must refer to them by their file pathnames, not by their internet URLs.
You can add a file from your site simply by defining its path and filename. Here is an example of how to change a URL include to one that does not use a URL:
Affect your current code seems like this:
You would convert it to this:
include($_SERVER[‘DOCUMENT_ROOT’] . ‘/page.php’);
Turn off this settings.
allow_url_fopen = Off
Magic Quotes, usually speaking, is the method of escaping specific characters with a ‘\’ to allow a string to be entered into a database. This is considered ‘magic’ because PHP can do this automatically for you if you have magic_quotes_gpc switched on.
More particularly if magic_quotes_gpc is turned on for the copy of PHP you are using all Get, Post & Cookie variables (gpc, get it?) in PHP will already have special qualities like “, ‘ and \ escaped so it is safe to put them quickly into an SQL query.
magic_quotes_gpc = Off
Whether you are looking for a personal website hosting plan or a business website hosting plan, We are the perfect solution for you. Our powerful website hosting services will not only help you achieve your overall website goals, but will also provide you with the confidence you need in knowing that you are partnered with a reliable and secure website hosting platform.
Any hosting service you require, you can avail 50% Discount with new verified account. Chat with your Team Now