Vesta Control Panel - Forum

imperio wrote: ↑

Sun Oct 21, 2018 8:24 pm

You can disable some php functions, read the message from chrisf

I am geting this
[root@thequeen ~]# disable_functions = "exec, system"
-bash: disable_functions: command not found
[root@thequeen ~]#

Ummm. That's because it's a PHP ini directive?

Google it.

chrisf wrote: ↑

Mon Oct 22, 2018 12:41 pm

Ummm. That's because it's a PHP ini directive?

Google it.

Thx, should I place it in etc/php.ini file on the server ? I googled it actually..or in every single account I should set php.ini file

That depends on your setup.

If its straight out the box, I believe Vesta uses a single php.ini (I have switched to php-fpm).

Easiest way to find out. Go to your domains root folder and add this script:

phpInfo.php Then visit it in your browser:

http://yoursite.com/phpInfo.php

In the first section it will have what config (ini) file is being used.

Add it there. You may need to restart the webserver if using standard apache2.
:-)

chrisf wrote: ↑

Mon Oct 22, 2018 1:21 pm

That depends on your setup.

If its straight out the box, I believe Vesta uses a single php.ini (I have switched to php-fpm).

Easiest way to find out. Go to your domains root folder and add this script:

phpInfo.php

Code: Select all

<?php phpinfo(); ?>

Then visit it in your browser:

http://yoursite.com/phpInfo.php

In the first section it will have what config (ini) file is being used.

Add it there. You may need to restart the webserver if using standard apache2.

Code: Select all

service apache2 restart

:-)

chrisf, thx, can you please point me how I can check up the result of what have I done..how can I know that these functions are disabled ?

Thx again

Run that same test script, scroll down to where it says disabled functions. If it is your list, it's working.

Anytime you change anything in php that phpInfo.php will let you know if it is working for that domain. :-)

It lists every function of php and it's setting.

Thank you chrisf if you have aome other security tip for shared hostings, please share it here, it is a great topic and great contribution from you!

I respect the marketing team, because they tried so hard to build trust for the product that doesn't really fit in security.

One reason that I feel unsafe to use Vesta back in 2018 is when the big boss told everyone that, they are not gonna rewrite codes for basic security practice (changing admin username or lock it). The response was "No!" we won't fix that coz of thousand line of codes.

People think that this is a one-man-show project because of lack response. If you need the product become big, find investors, find manpowers, rewrite codes, most important is listen to users and their critique. If you think a critique is an insult then, stop. It's over.

I'm currently on premium license for directadmin and cpanel. I came here only to visit any news on security since long time ago I haven't touched it. You see, I have the feeling this product is going to be the best but only you can change my perspective.