Announcement

Collapse
No announcement yet.

custom php.ini

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • custom php.ini

    Hi,

    Is it possible to create a custom php.ini and place in a cPanel account so as they may use functions that are turned off in the serves php.
    such as allow_url_include etc?

    thanks

  • #2
    cracker/hacker can change php.ini to incative global function and execute bash shell to send thousand spam email

    disable_functions =

    please protect this function, nobody can change except some user was allow

    Comment


    • #3
      cracker / hacker can also add a cgi handler to .htaccess file, and run full blown CGI -- even if you blocked it on cPanel level. Hence all those disable_functions are meaningless (we have just recently witnessed attack like that -- even though user had all the disabled_functions you can ask for.

      Relying on user not being able to run arbitrary shell / scirpt commands is just opening yourself for set of troubles. Correct way to go is to have CageFS & some form of anti-spam.

      Eitherway -- we do plan to try to limit php.ini config options that user can modify.

      Comment

      Working...
      X