Oh, php security hole! [RESOLVED]

[Ruku]

hey guys,

I host web pages for a lot of people and I found that there is a little security hole, so now everyone's webpages are disabled temporarily.

I just need to know how to config apache to deny it from executing programs...

thanks!

[Kasracer]

What? Apache doesn't execute programs... unless you mean cgi or php scripts.

You need to give us a lot more information. Honestly, it sounds like you may not be the person to setup a server for clients and you may want to pay a professional because you may have more security holes open than you think.

[penagate]

I have no idea what you talking about. Can you elaborate?

[k1ll3rdr4g0n]

Prehaps hes talking about this:
http://us3.php.net/manual/en/function.exec.php

And no its not a security hole, if you know your php.ini file you can disable it.

[Ruku]

It's all good, I've figured how to disable php executions WHILE enabling file modifications through NTFS... so no worries now...



(btw I didn't mean that php had a security hole, I just meant my website had one through php executions... and I think a few responses were quite rude... but thanks anyways

the actual problem was that users uploaded files within their folder limitations and executed them in mass, resulting in a flood... but it's all good now)

[visualAd]

Its very difficult for others to help you if you do not give us any information. Your first post was very ambiguous and could mean many things.

Additionally, if you are going to allow users to upload and execute programs on the server, you need make sure that under no circumstances will they have access to other users data. If you are hosting on Linux you can run PHP as a different user and chroot it, if you are running windows I suggest you don't alow it at all.

[Ruku]

it's all good visualad, you even helped me out on that on another post... remember that oneandone problem? nyways, it's all good... , ntfs locked the users to their folder and they are chrooted to their folder, no worries.