How to prevent filesystem browsing with php shell scripts?

Created:

2016-11-16 13:01:46 UTC

Modified:

2017-08-16 16:53:35 UTC

0

Was this article helpful?


Have more questions?

Submit a request

How to prevent filesystem browsing with php shell scripts?

Applicable to:

  • Plesk 12.5 for Linux
  • Plesk 10.x for Linux
  • Plesk 11.x for Linux
  • Plesk 12.0 for Linux

Question

PHP shell script was uploaded under the home directory of subscription.

How to prevent filesystem browsing with php shell scripts?

Resolution

It's possible to disable shell_exec and other functions in PHP by using the disable_functions directive:

  1. Login to Plesk and check PHP settings: Plesk > Domains > Example.com > Website Scripting and Security > PHP settings

  2. Add the following line under Additional configuration directives

    disable_functions =exec,shell_exec,proc_open,popen,curl_exec,show_source
  3. Also correct disable_functions in server php.ini file /etc/php.ini .

    Check the PHP documentation if you need more disabled functions.

Have more questions? Submit a request
Please sign in to leave a comment.