Secure Your Shared Hosting

Recently we’ve been attacked by hackers due to some of the vulnerable WordPress site that hosted in our server. Hackers manage to inject backdoor shell scripts that are able to crack our cPanel password, change other opensource site’s admin password, and access to all our hosting account’s web files. According to the hacker codes that we manage to grab from the hacked folders, they are rely on PHP shell functions in their backdoor codes. We did research online, and below is what we found out.

In order to harden your PHP server security you should disable the following functions in your PHP.ini.

exec, passthru, shell_exec, system, proc_open, popen, apache_child_terminate, apache_setenv, define_syslog_variables, pcntl_exec, openlog, posix_getpwuid, posix_kill, posix_setpgid, posix_setsid, posix_setuid, posix_setuid, posix_uname, proc_close, proc_get_status, proc_open, proc_terminate, syslog

How to do it?

If you are hosted under shared hosting, please contact your webmaster to disable them.

If you own a shared hosting server, please go to our server control panel and look for PHP.ini, search for the keyword disable_functions=””. Insert the above functions that mentioned within the double quote. Save it and restart your server.

Search

Recent Posts

The Serverless Era

From Natural Language to Programming Codes

How does the Customer Engagement Platform power up your e-commerce?

How does a software house charge?

Leave a Reply Cancel reply

About Us

Our Softwares

Find Us

Member Of

Partners & Cerificates