Before you go ahead with this I strongly recommend reading this article.

Now, having a secure installation of Apache and PHP you can start customizing the php configuration file, that’s php.ini.
From cPanel WHM navigate to: Main >> Service Configuration >> PHP Configuration Editor
And click on “Switch to Advanced Mode”.
Now configure it as bellow:

expose_php off
# You should change the memory limit value with what suits your needs
memory_limit 64M
register_globals off
# You should change the uload max filesize value with what suits your needs
upload_max_filesize 64M
upload_tmp_dir /tmp
display_errors off
# This option may cause problems for badly written scripts
allow_url_fopen off
session.save_path /tmp
disable_functions show_source, system, shell_exec, passthru, exec,  popen, proc_open, allow_url_fopen, ini_set
magic_quotes_gpc off

Now that you are done with php.ini let’s move on.
Navigate to: Main >> Security Center >> PHP open_basedir Tweak
Make sure “Enable php open_basedir Protection.” is enabled and click “Save”.

Before I end this article I’ll explain a few of the changes made to php.ini:
1. expose_php – if enabled will report in every request that PHP is being used to process the request, giving away what version of PHP is installed.
2. register_globals – if enabled php will automatically create variables in the global scope for all values passed in GET, POST, COOKIE (as a side note, register_globals won’t be available in PHP 6)
3. allow_url_fopen – if enabled it may allow an attacker to upload files to the server compromising it

In the next article I’ll explain how to secure a cPanel server, tweaking it’s configuration, securing /tmp for php, and a few more tricks.
Stay tuned.

Twitter this blog posting

Claudiu Popescu

VIsit Claudiu Popescu's website