Welcome to Geeklog, Anonymous Thursday, March 28 2024 @ 03:56 pm EDT

Geeklog Forums

Help/Hostingcompany will upgrade php-security


Status: offline

Nordinho

Forum User
Newbie
Registered: 03/11/04
Posts: 11
Hello,

I recieved an email from my hostingcompany, that they are going to upgrade their php-security in a couple of days...and some phpfunctions are going to change...

The things that they're going to change are:

disable_functions = ()
becomes:
disable_functions = dl, exec, shell_exec, system, passthru, popen, pclose, proc_open, proc_nice, proc_terminate, proc_get_status, proc_close, pfsockopen, leak, apache_child_terminate, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, escapeshellcmd, escapeshellarg

expose_php = On
becomes:
expose_php = Off

register_globals = On
becomes:
register_globals = Off

register_argc_argv = On
becomes:
register_argc_argv = Off

enable_dl = On
becomes
enable_dl = Off

session.save_path = "/tmp"
becomes:
session.save_path = "/var/phpsessions"

upload_tmp_dir = "/tmp "
becomes
upload_tmp_dir = "/tmp/phpupload"

Does anyone have an idea how these changes will affect my geeklog site, and if my site still will function or that I need to find a new hostingcompany asap???

Greets Nordinho
www.nordinho.com
 Quote

Status: offline

Blaine

Forum User
Moderator
Registered: 07/16/02
Posts: 1232
Location:Canada
Well right off -- register_globals - that needs to be on for geeklog to work.

Are they not willing to enable the setting on a site by site basis?
Geeklog components by PortalParts -- www.portalparts.com
 Quote

Status: offline

Limynali

Forum User
Chatty
Registered: 01/07/03
Posts: 39
If you can't get them to allow you to have register_globals = on then you can use this little hack to keep your site working.

Basically all you have to do is paste the following lines at the top of your lib-custom.php file (in the system folder).

extract($_POST);
extract($_GET);

Don't ask me how secure this is, probably as secure as having register_globals on in the first place.
Got root?
 Quote

Status: offline

Nordinho

Forum User
Newbie
Registered: 03/11/04
Posts: 11
Oke thanx for your comments...I'll give the hostingcompany another call tomorrow...otherwise I will use the workaround...

Do you know if the other changes will affect my site??

Greets Nordinho
 Quote

Status: offline

Nordinho

Forum User
Newbie
Registered: 03/11/04
Posts: 11
Hmmm...they're doing another security test night. The site is still working. However, making a backup fails:

Warning: exec() has been disabled for security reasons in /home/httpd/vhosts/nordinho.com/httpdocs/admin/database.php on line 83

And The Who's online block only displays 1 guest. While according to my stats at least 80/100 people should be online.

Anyone any ideas how to solve this??

Greets Nordinho,
 Quote

Status: offline

Turias

Forum User
Full Member
Registered: 10/20/03
Posts: 807
Again, talk to your hosting company about how to get around this. For example, my hosting company requires I add the following line to my .htaccess file:

Text Formatted Code
AddType php-cgi php
 


You might need something similar or completely different. Best e-mail your provider.
 Quote

Status: offline

Nordinho

Forum User
Newbie
Registered: 03/11/04
Posts: 11
Oke Turias...thanks for your reply...I'll contact the hostingcompany again... and hopefully I can work it out...

Greets Nordinho,
 Quote

All times are EDT. The time is now 03:56 pm.

  • Normal Topic
  • Sticky Topic
  • Locked Topic
  • New Post
  • Sticky Topic W/ New Post
  • Locked Topic W/ New Post
  •  View Anonymous Posts
  •  Able to post
  •  Filtered HTML Allowed
  •  Censored Content