| |
Quick Tip On Preventing PHP Exploits
By: Scott Horne
Expert Author
2007-08-16
Exploits happen but with some planning you can prevent the worst of them.
Planning for an exploit includes considering how to mitigate the damage, how to recover from it, and prevention.
Mitigating damage means trying to limit access to the system via exploited systems. In my case I run php as a cgi and have it run as the owner. This makes it more difficult to damage things that don't belong to the owner of the script.
Planning for recovery means having a backup, knowing how to restore from that backup, and knowing what other actions you'll need to take to recover.
If your running PHP some of the worst exploits involve executing shell commands on your server. Luckily though it is also one of the most avoidable. A simple way to prevent this is to add all the functions that allow execution of shell commands to the "disable_functions" line in the php.ini file.
Here's what how mine is configured:
disable_functions = system, exec, passthru, proc_open, shell_exec, popen
# I'm not a security professional but I've been around the block. Here are some places I go to for advice: * Linux Security Cookbook - A good book by O'Rielly that presents simple "recipes" to configuring a secure server. The book is that it explains why you take the actions it lays out providing you with a good starting point when thinking abuot security.
* The forums over at Serverbeach are full of great howto's and tutorials.
* Securityfocus has a great database that tracks vulnerabilities Comments
About the Author:
Scott Horne is a software developer and President of Takeshi Media a firm that specializes in creating profitable and easy to use solutions for search marketers. You can use his free tools, code, and read his thoughts on search marketing on his blog, Web Professor.
|
|
