0
0
Rasi
answered Nov 30 '-1 00:00
you need to change some php.ini setting which are really needed to be at its default value
1. expose_php directive is used to whether tell client about php version or not
expose_php =1 means all header sent back to client have php version
expose_php =0 means avoid php version expose to client side
so set expose_php =0 in php.ini
expose_php = 0 // say no to expose php version at client by header
2.display_errors directive is used to decide that whether show error at client side or not
display_errors =1 means send PHP error to client side . it must be enable when developing or debugging.
display_errors =0 means dont send PHP error to client side . it must be disable on production site.
display_errors =0 // say no to display error
3.disable_functions have list of function which should be disabled to run in PHP
So i have some list which should be disabled to run in PHP because that cause possible harm . or attacker can use that function to harm Website or webserver
disable_functions = exec,passthru,shell_exec,system,
proc_open,proc_close,proc_terminate,popen,curl_exec,curl_multi_exec,
show_source,posix_kill,posix_getpwuid,posix_mkfifo,posix_setpgid,
posix_setsid,posix_setuid,posix_setuid,posix_uname,php_uname,syslog
let me explain why this function in disabled function list .
exec - it help to execute any PHP code which is quite tricky part for hacker to run their code in our System.
suppose
echo exec('whoami');// outputs the username that owns the running php/httpd process
by this function hacker can get username , password of server / Database Server or run directly some code without any restriction .
so make sure exec is not be accessible to any user
passthru - is same exec function , it Execute an external program and display raw output
so on all function is not good to make available to all people so disable it
4. allow_url_fopen and allow_url_include is set 1 than it allow to remote access of server file , which is not good . if you dont need it to make it open than please disable it allow_url_fopen and allow_url_include
allow_url_fopen = 0
allow_url_include = 0
5. open_basedir is limit access of the file or directory .
open_basedir = "www/tmp/"
when Script try to files from tmp by include or fopen , PHP will refuse to access it.
you can set your file path or directory path which you want to secure from script.
0
Phpworker
answered Nov 30 '-1 00:00
best approach to secure website is change directory access.
Change Access Of file / folder by Script
chmod used to change the acess of the file or folder by PHP
0755 Is acess mode , here 0755 means change access to read and write access of website owner(server admin) and read and execute for other user.
chmod("/root", 0755);
or you can use cpanel or ftp to change access permission of file / folder
try to change access of all folder and files which need to be secured.
suggest more if more we can do access security over file and folders , if any one have ideas.