Friday 22 May 2015

Shared Server Security Risk open_basedir disable_functions disable_classes

How to secure website on shared server

There are a variety of security issues that arise when using shared hosting solutions. There are three php.ini directives that remain important in a shared hosting

open_basedir : The open_basedir directive provides the ability to limit the files that PHP can open
to a specified directory tree. When PHP tries to open a file with, for example, fopen()
or include, it checks the the location of the file. If it exists within the directory tree
specified by open_basedir, then it will succeed; otherwise, it will fail to open the file.

disable_functions :  You can disable function like exec, passthru, shell_exec, system etc for security purpose.

disable_classes : You can disable class like DirectoryIterator, Directory for security purpose.

You may set the open_basedir directive in php.ini OR on a per-virtual-host basis in httpd.conf. In the following httpd.conf virtual host example, PHP scripts may only open files located in the /home/user/www and /usr/local/lib/php directories.

<VirtualHost *:80>
    DocumentRoot 'C:/wamp/www/zf1_11/public_html'
    ServerName zf11.localhost
    <Directory 'C:/wamp/www/zf1_11/public_html'>
        AllowOverride All
        Order allow,deny
        Allow from all