Recently we’ve been attacked by hackers due to some of the vulnerable WordPress site that hosted in our server. Hackers manage to inject backdoor shell scripts that are able to crack our cPanel password, change other opensource site’s admin password, and access to all our hosting account’s web files. According to the hacker codes that we manage to grab from the hacked folders, they are rely on PHP shell functions in their backdoor codes. We did research online, and below is what we found out.
In order to harden your PHP server security you should disable the following functions in your PHP.ini.
exec, passthru, shell_exec, system, proc_open, popen, apache_child_terminate, apache_setenv, define_syslog_variables, pcntl_exec, openlog, posix_getpwuid, posix_kill, posix_setpgid, posix_setsid, posix_setuid, posix_setuid, posix_uname, proc_close, proc_get_status, proc_open, proc_terminate, syslog
How to do it?
If you are hosted under shared hosting, please contact your webmaster to disable them.
If you own a shared hosting server, please go to our server control panel and look for PHP.ini, search for the keyword disable_functions=””. Insert the above functions that mentioned within the double quote. Save it and restart your server.