Linux PHP Disable chmod() and chown() functions for better Apache server security

Monday, 15th July 2013

php_tighten_security_by_enabling_safe_mode-php-ini-function-prevent-crackers-break-in-your-server
I have to administer few inherited Linux servers with Ubuntu and Debian Linux. The servers hosts mainly websites with regularly un-updated Joomlas and some custom developed websites which were developed pretty unsecure. To mitigate hacked websites I already disabled some of most insecure functions like system(); eval etc. – I followed literally my previous tutorial PHP Webhosting security disable exec();, system();, open(); and eval();
Still in logs I see shits like:
 

[error] [client 66.249.72.100] PHP Warning:  mkdir(): No such file or directory in /var/www/site/plugins/system/jfdatabase/intercept.jdatabasemysql.php on line 161

Hence to prevent PHP mkdir(); and chown(); functiosn being active, I had to turn on in /etc/php5/apache2/php.ini – safe_mode . For some reason whoever configured Apache leave it off.

safe_mode = on

Hopefully by disabling this functions will keep cracker bot scripts to not create some weird directory structures on HDD or use it as mean to DoS overflow servers filesystem.

Hope this help others stabilize their servers too. Enjoy ! 🙂

Share this on:

Download PDFDownload PDF

Tags: , , , , , , , , , , , , , ,

One Response to “Linux PHP Disable chmod() and chown() functions for better Apache server security”

  1. hip0 says:
    Google Chrome 27.0.1453.110 Google Chrome 27.0.1453.110 GNU/Linux x64 GNU/Linux x64
    Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.110 Safari/537.36

    Note that if you enable safe_mode = On. Some websites on server might stop working. One piece of software that requires safe_mode to be Off is Moodle – Open Source Online learning system

    View CommentView Comment

Leave a Reply

CommentLuv badge