ozux Posted April 6, 2008 Share Posted April 6, 2008 Hi everybody, We are providing Shared webhosting services on Apache webserver and PHP5 and Mysql+Postgres and we have a problem --A big security one!. Our problem is related to php safe_mod, if I disable (off) this mod, every user can execude what they want or she can use some sort of shell programs like (php_shell) and in other hand our customers need safe_mod for some applications like OSCommerce, Self made Applications and so on, Now: "How Can I enable safe_mod but restrict users to run system commands through PHP or installling malicious application like php_shell that can be harmful for other users on shared host?" Quote Link to comment Share on other sites More sharing options...
wildteen88 Posted April 6, 2008 Share Posted April 6, 2008 You can setup PHP to disable certain functions/classes which will prevent users from using these function in thier scripts. ; This directive allows you to disable certain functions for security reasons. ; It receives a comma-delimited list of function names. This directive is ; *NOT* affected by whether Safe Mode is turned On or Off. disable_functions = ; This directive allows you to disable certain classes for security reasons. ; It receives a comma-delimited list of class names. This directive is ; *NOT* affected by whether Safe Mode is turned On or Off. disable_classes = Quote Link to comment Share on other sites More sharing options...
ozux Posted April 6, 2008 Author Share Posted April 6, 2008 Thanks, It's useful. and other thing: Is it possible to log every file access by php? I want to create a log in my server that shows me which Virtual Host executes which php file. Now we have session logging with "session.save_path" variable but it just logs the Sessions activities. Quote Link to comment Share on other sites More sharing options...
trq Posted April 6, 2008 Share Posted April 6, 2008 These logs should automatically be created by apache by default. take a look at the CustomLog directive to narrow down your logging to more relevent information. Quote Link to comment Share on other sites More sharing options...
steviewdr Posted April 7, 2008 Share Posted April 7, 2008 You should really be using something like suPHP. As for logging, you could do a auto_prepend file to log some extra info. -steve Quote Link to comment Share on other sites More sharing options...
ozux Posted April 8, 2008 Author Share Posted April 8, 2008 It's appear I found my solution. I'm giong to test it Quote Link to comment Share on other sites More sharing options...
ozux Posted April 8, 2008 Author Share Posted April 8, 2008 And one thing more: I can see every file with include(/file); for example : include("/var/www/.htpasswd"); what is the solution for this? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.