Dangerous PHP Functions Enabled

Discussion in 'IPS' started by Yasir Rehman, Sep 13, 2018.

  1. Yes! No Problem

    2 vote(s)
    100.0%
  2. Hell No

    0 vote(s)
    0.0%
  1. Yasir Rehman

    Yasir Rehman Neophyte

    3
    1
    +0
    I Want To Create A Forum So That's Why Have Installed IPS On A Shared Hosting Now The IPS Is Showing This Warning.

    Dangerous PHP Functions Enabled
    We recommend disabling the following functions on your server, or at least in the directory that your community is installed in. If you do not manage your server yourself, your hosting provider will be able to assist with this.
    exec, system, popen, proc_open, shell_exec


    And The Hosting Provider Says Disabling These Functions Can Be Done.
    Now I Want To Know What Will Happen If I Leave Them Just Like That.(Explain With Details)
    or can i force it to be disabled just in my hosting by using .htaccess

    Note: I'm Poor AF So Can't Afford Any Other Hosting/VPS.
     
  2. Maddox

    Maddox Moderator

    1,197
    407
    +904
    There is a thread over at IPS discussing this - https://invisioncommunity.com/forum...us-php-function/?tab=comments#comment-2736224

    If you are on shared hosting and your host will not disable them for you, you can add a php.ini file to disable them - however, and this is the nasty bit, you need to upload the php.ini file to every folder for it to be fully effective (that's if your host does not allow recursive files). Adding the file to the admin folder only will stop the warning showing, but that doesn't mean those extensions are fully disabled.

    Hope that helps.

    ;)
     
  3. KnownHost

    KnownHost Sponsor

    78
    23
    +62

    Generally speaking leaving these functions enabled can make it easier if someone happens to find an exploit for your website.

    So for instance exec allows a PHP script to execute a shell based commands (think modify, delete, move files). If none of your code uses these functions then it's nothing really to worry about, however, if someone can upload code that includes these functions then it makes it much easier for them to do nefarious things.

    I'd play it safe and disable them with either htaccessor a php.ini file.
     
  4. Yasir Rehman

    Yasir Rehman Neophyte

    3
    1
    +0

    So That Means I'll Have To Upload/Place A php.ini File To Every Folder Of My IPS Main Dir And That Will Do The Job??
     
  5. KnownHost

    KnownHost Sponsor

    78
    23
    +62
    You can use just the top-level directory.

    So say you have public_html/ips/stuff

    If you place the file in public_html/ips/ then anything under that folder is already covered. The higher up you go the more folders are covered/impacted by those settings.
     
    • Informative! Informative! x 1
    • List
  6. Maddox

    Maddox Moderator

    1,197
    407
    +904
    That doesn't work on some shared hosting if they do not allow recursive files that affect all folders. My own host does not allow this so a php.ini file needs to go into every folder for total effectiveness; this is a pain as there are hundreds of folders. Placing the php.ini file in the top directory has no effect unless recursive.

    :)
     
    • Informative! Informative! x 1
    • List
Verification:
Draft saved Draft deleted
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.