Welcome to Geeklog, Anonymous Monday, December 23 2024 @ 06:02 pm EST
Geeklog Forums
Help/Hostingcompany will upgrade php-security
Status: offline
Nordinho
Forum User
Newbie
Registered: 03/11/04
Posts: 11
Hello,
I recieved an email from my hostingcompany, that they are going to upgrade their php-security in a couple of days...and some phpfunctions are going to change...
The things that they're going to change are:
disable_functions = ()
becomes:
disable_functions = dl, exec, shell_exec, system, passthru, popen, pclose, proc_open, proc_nice, proc_terminate, proc_get_status, proc_close, pfsockopen, leak, apache_child_terminate, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, escapeshellcmd, escapeshellarg
expose_php = On
becomes:
expose_php = Off
register_globals = On
becomes:
register_globals = Off
register_argc_argv = On
becomes:
register_argc_argv = Off
enable_dl = On
becomes
enable_dl = Off
session.save_path = "/tmp"
becomes:
session.save_path = "/var/phpsessions"
upload_tmp_dir = "/tmp "
becomes
upload_tmp_dir = "/tmp/phpupload"
Does anyone have an idea how these changes will affect my geeklog site, and if my site still will function or that I need to find a new hostingcompany asap???
Greets Nordinho
www.nordinho.com
I recieved an email from my hostingcompany, that they are going to upgrade their php-security in a couple of days...and some phpfunctions are going to change...
The things that they're going to change are:
disable_functions = ()
becomes:
disable_functions = dl, exec, shell_exec, system, passthru, popen, pclose, proc_open, proc_nice, proc_terminate, proc_get_status, proc_close, pfsockopen, leak, apache_child_terminate, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, escapeshellcmd, escapeshellarg
expose_php = On
becomes:
expose_php = Off
register_globals = On
becomes:
register_globals = Off
register_argc_argv = On
becomes:
register_argc_argv = Off
enable_dl = On
becomes
enable_dl = Off
session.save_path = "/tmp"
becomes:
session.save_path = "/var/phpsessions"
upload_tmp_dir = "/tmp "
becomes
upload_tmp_dir = "/tmp/phpupload"
Does anyone have an idea how these changes will affect my geeklog site, and if my site still will function or that I need to find a new hostingcompany asap???
Greets Nordinho
www.nordinho.com
17
10
Quote
Status: offline
Blaine
Forum User
Moderator
Registered: 07/16/02
Posts: 1232
Location:Canada
Well right off -- register_globals - that needs to be on for geeklog to work.
Are they not willing to enable the setting on a site by site basis?
Geeklog components by PortalParts -- www.portalparts.com
Are they not willing to enable the setting on a site by site basis?
Geeklog components by PortalParts -- www.portalparts.com
11
11
Quote
Status: offline
Limynali
Forum User
Chatty
Registered: 01/07/03
Posts: 39
If you can't get them to allow you to have register_globals = on then you can use this little hack to keep your site working.
Basically all you have to do is paste the following lines at the top of your lib-custom.php file (in the system folder).
extract($_POST);
extract($_GET);
Don't ask me how secure this is, probably as secure as having register_globals on in the first place.
Got root?
Basically all you have to do is paste the following lines at the top of your lib-custom.php file (in the system folder).
extract($_POST);
extract($_GET);
Don't ask me how secure this is, probably as secure as having register_globals on in the first place.
Got root?
13
18
Quote
Status: offline
Nordinho
Forum User
Newbie
Registered: 03/11/04
Posts: 11
Hmmm...they're doing another security test night. The site is still working. However, making a backup fails:
Warning: exec() has been disabled for security reasons in /home/httpd/vhosts/nordinho.com/httpdocs/admin/database.php on line 83
And The Who's online block only displays 1 guest. While according to my stats at least 80/100 people should be online.
Anyone any ideas how to solve this??
Greets Nordinho,
Warning: exec() has been disabled for security reasons in /home/httpd/vhosts/nordinho.com/httpdocs/admin/database.php on line 83
And The Who's online block only displays 1 guest. While according to my stats at least 80/100 people should be online.
Anyone any ideas how to solve this??
Greets Nordinho,
15
15
Quote
Status: offline
Turias
Forum User
Full Member
Registered: 10/20/03
Posts: 807
Again, talk to your hosting company about how to get around this. For example, my hosting company requires I add the following line to my .htaccess file:
You might need something similar or completely different. Best e-mail your provider.
Text Formatted Code
AddType php-cgi phpYou might need something similar or completely different. Best e-mail your provider.
15
18
Quote
and hopefully I can work it out...All times are EST. The time is now 06:02 pm.
- Normal Topic
- Sticky Topic
- Locked Topic
- New Post
- Sticky Topic W/ New Post
- Locked Topic W/ New Post
- View Anonymous Posts
- Able to post
- Filtered HTML Allowed
- Censored Content