shared hosting php.ini

He created my hosting provider PHP safe?

This is an issue that should be in the back each individual account that has a website. Unfortunately most hosts PHP installation is just a vanilla installation. This means that your PHP installation could well be uncertainty, making the site open to attack.

PHP is web-based programming with great popularity and compatibility. However, with its default configuration can also be a headache for the same reasons. Besides the possibility of application running in the same environment that is workable, as in shared accommodation - may then have a bad situation, no hole in your own code.

First hand experience that I saw someone with a version running software social networking settled in danger and then spread across a server - deface hundreds of websites.

Many hosts impose no security restrictions because I do not know how, sell someones Server and have no access to these changes, leaving the customer time and solutions virtual, or will simply not impose restrictions.

Some things you can do to see if the PHP configuration is secure:

1) Check if you can run a phpinfo.php script. Simply create a file phpinfo.php and add the following lines ();?> phpinfo and see what happens when you go to that folder. If there is a lot of information from your host is configured to allow server information sensitive to be disclosed to anyone who has access to the server.

2) Check whether the exec function disabled. Create a file named test.php with the following inside:

echo exec ( "/ bin / ls-l / home ");?> Then upload to your host then go to your site / test.php

If it returns a value other than an error in your host allows use of exec. This means that any what executables on the server can be run from a web-based file.

3) Most servers running the component Web server as a user with root privileges. The user can call anyone or Apache or httpd - really depends on the configuration server. For this reason, every website on the server is running by the same user, which allows interaction between sites. With the right combination code (again, a malicious attacker) who can operate a single account by a certain vulnerability and execute a script to copy or modify files in the file system. However, there are ways to configure PHP to avoid this type of behavior. Basically, a module can be installed in the forces run PHP as CGI and, in turn, allows better control at the individual level - essentially giving each user their own instance of PHP. This prevents the interaction between sites and enhances the security of servers.

4) Another major problem is the application and that includes Web sites external script using fopen and their sub-functions. In most cases, the armies should disable this feature and allow only one basis, as needed.

5) A PHP versions prior to 4.2.0 registered variables used in script as global variables. Affectionately called register_globals This feature has been widely used by developers who have taken the fast lane and easy to write your code. This, unfortunately, has become a journey of many exploits PHP. So much so that PHP developers have changed this behavior. However, many developers have not yet wised up and applications still require register_globals is enabled. This is definitely a feature seek to see if you turn off the host. If not disabled by default check to see if you can disable yourself with your own custom php.ini file.

There are many other ways to secure a server for PHP and use according their needs. However, if you're on a shared server and these things are implemented, is much less likely to experience a problem Security of PHP. And, of course, remember to always keep your scripts so far, the most common reason to have a site has been cleared.

Jason A. Taylor is CTO of CWI Hosting. During his web server administration days, it was found that many server problems were caused by PHP exploits. Drawing a careful line between flexibility and security was a strong need. He has helped many secure their PHP both on Dedicated Servers and shared hosting. Find secure PHP hosting help here.

Help options configuration of PHP!?

Hi guys, I currently use Linux on an Apache server with PHP in CGI mode. This is a shared hosting and am having great difficulty in converting Register Globals Off and output buffers. Can anyone help me to change this situation? The e-commerce shopping cart system CMS and want to install views with Register Globals as a security threat. I know I suppose to create a php.ini file on a shared computer, but I do not know where to put it and how to create, but I do not seem to work. Please help! Thank you in advance for any help! - Jason

A lot of useful notes on the Web server Apache and php.ini. Try the website below. I hope this is helpful.