Re: advice request for shared hosting and security issue
>> On 23.06.13 14:48, Oğuz Yarımtepe wrote:
>>> My current problem is about the PhpSpy program. It is a PHP file that runs
>>> dir, chdir, readdir commands and let the user traverse the file system and
>>> read files. I couldn't figured it out a solution for it.
As for minimum you should set open_basedir restriction, that should
prevent internal php functions to read other files. But of course it
won't help if they will use system utilities viac exec()/system() php
calls. You can disable these functions in php using the suhosin
extension (maybe also the backtick function/operator can be disabled).
And enable exec only for vhosts (or individual scripts) which need
them. It's not bulletproof, but better than nothing.