Hot to check if my webhost is using HardenedPHP ?

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • jvarred
    Junior Member
    • Mar 2021
    • 6

    #1

    Hot to check if my webhost is using HardenedPHP ?

    Im with a webhost that uses CloudLinux and a cPanel php tool that is identical to Php selector:

    what can I do to verify if they are using HardenedPHP ?

    Phpinfo functions only shows php version 5.4.45 and a build date of May 10 2016 14:45:55
  • ighertesco
    Senior Member
    • Nov 2016
    • 184

    #2
    Hello,

    If you have alt-php group installed, it means that your PHP is hardened: http://docs.cloudlinux.com/installation.html

    cPanel php tool does not provide hardened PHP.

    Comment

    • ighertesco
      Senior Member
      • Nov 2016
      • 184

      #3
      a bit more information about how to find out, do you use hardened PHP or not:

      phpinfo contains the "Configure Command" and the "extension_dir". The contents of the mentioned fields can answer the question whether its our build or not.

      For example:

      phpinfo()
      PHP Version => 5.2.17

      System => Linux localhost.localdomain 3.10.0-427.10.1.lve1.4.7.el7.x86_64 #1 SMP Sat Apr 2 12:09:46 EDT 2016 x86_64
      Build Date => May 31 2016 02:20:24
      Configure Command => ./configure --build=x86_64-redhat-linux-gnu --host=x86_64-redhat-linux-gnu --target=x86_64-redhat-linux-gnu --program-prefix= --prefix=/opt/alt/php52

      if you see /opt/alt under Configure Command - this means that you are using hardened PHP

      Comment

      • ddr2pw
        Junior Member
        • Sep 2017
        • 3

        #4
        Hello and thank you for your answer.

        Checking if alt-php group is installed probably require yum, that I can use because Im on a shared hosting with no root access.

        There is not /opt/alt path under phpinfo() Configure Command. Prefix is /usr/local

        Inside /opt/alt/ directory there is a folder called alt-php-config and this list of directories:

        php52 php53 php54 php55 php56

        Comment

        • bogdan.sh
          Administrator
          • Nov 2016
          • 1221

          #5
          Hello Marco,

          The "/opt/alt" in phpinfo page will be shown only if you select some hardened PHP with a selector (or admin will choose hardened php as default one). If you see /usr/local there it means you do not use hardened now. As you see /opt/alt/ directory with phpXX subdirectories inside then most probably hardened PHP is installed but not activated yet.

          Comment

          • ddr2pw
            Junior Member
            • Sep 2017
            • 3

            #6
            Hello Bogdan, based on your suggestion, I may have an answer.
            Php selector on cPanel shows two different php versions: "native (5.4)" and "5.4".
            They may appear the same version, but this is not really true.
            My tests above were done with "native (5.4)" that was the host default choice.
            If I switch to version "5.4" , phpinfo.php shows a completely different set of information:
            under "Configure Command" the path is always /opt/alt/
            Also the build date is different: Mar 9 2016 02:29:25 that correspond to the HardenedPHP version that was announced the very same date on CloudLinux blog post below

            Its not the latest version, but maybe the host choice is to update HardenedPhp when they think there is a bug with a severity rating considered high.

            Comment

            • ddr2pw
              Junior Member
              • Sep 2017
              • 3

              #7
              Hello Bogdan, based on your suggestion, I may have an answer.
              Php selector on cPanel shows two different php versions: "native (5.4)" and "5.4".
              They may appear the same version, but this is not really true.
              My tests above were done with "native (5.4)" that was the host default choice.
              If I switch to version "5.4" , phpinfo.php shows a completely different set of information:
              under "Configure Command" the path is always /opt/alt/
              Also the build date is different: Mar 9 2016 02:29:25 that correspond to the HardenedPHP version that was announced the very same date on CloudLinux blog post below

              Its not the latest version, but maybe the host choice is to update HardenedPhp when they think there is a bug with a severity rating considered high.

              Comment

              • bogdan.sh
                Administrator
                • Nov 2016
                • 1221

                #8
                Yes, that is correct. Native version is not hardened while any other is. I would not pay much attention to comparing build date and release day, but overall it should be close (we build it then test on our environment before release to beta).

                Comment

                Working...