Page 2 of 2
Re: Security
Posted: Mon Oct 22, 2018 12:38 pm
by joni
imperio wrote: ↑Sun Oct 21, 2018 8:24 pm
You can disable some php functions, read the message from chrisf
I am geting this
[root@thequeen ~]# disable_functions = "exec, system"
-bash: disable_functions: command not found
[root@thequeen ~]#
Re: Security
Posted: Mon Oct 22, 2018 12:41 pm
by chrisf
Ummm. That's because it's a PHP ini directive?
Google it.
Re: Security
Posted: Mon Oct 22, 2018 12:51 pm
by joni
chrisf wrote: ↑Mon Oct 22, 2018 12:41 pm
Ummm. That's because it's a PHP ini directive?
Google it.
Thx, should I place it in etc/php.ini file on the server ? I googled it actually..or in every single account I should set php.ini file
Re: Security
Posted: Mon Oct 22, 2018 1:21 pm
by chrisf
That depends on your setup.
If its straight out the box, I believe Vesta uses a single php.ini (I have switched to php-fpm).
Easiest way to find out. Go to your domains root folder and add this script:
phpInfo.php
Then visit it in your browser:
http://yoursite.com/phpInfo.php
In the first section it will have what config (ini) file is being used.
Add it there. You may need to restart the webserver if using standard apache2.
:-)
Re: Security
Posted: Mon Oct 22, 2018 3:15 pm
by joni
chrisf wrote: ↑Mon Oct 22, 2018 1:21 pm
That depends on your setup.
If its straight out the box, I believe Vesta uses a single php.ini (I have switched to php-fpm).
Easiest way to find out. Go to your domains root folder and add this script:
phpInfo.php
Then visit it in your browser:
http://yoursite.com/phpInfo.php
In the first section it will have what config (ini) file is being used.
Add it there. You may need to restart the webserver if using standard apache2.
:-)
chrisf, thx, can you please point me how I can check up the result of what have I done..how can I know that these functions are disabled ?
Thx again
Re: Security
Posted: Mon Oct 22, 2018 5:39 pm
by chrisf
Run that same test script, scroll down to where it says disabled functions. If it is your list, it's working.
Anytime you change anything in php that phpInfo.php will let you know if it is working for that domain. :-)
It lists every function of php and it's setting.
Re: Security
Posted: Fri Oct 26, 2018 5:56 pm
by joni
Thank you chrisf if you have aome other security tip for shared hostings, please share it here, it is a great topic and great contribution from you!
Re: Security
Posted: Thu Jul 11, 2019 1:46 am
by arafatx
I respect the marketing team, because they tried so hard to build trust for the product that doesn't really fit in security.
One reason that I feel unsafe to use Vesta back in 2018 is when the big boss told everyone that, they are not gonna rewrite codes for basic security practice (changing admin username or lock it). The response was "No!" we won't fix that coz of thousand line of codes.
People think that this is a one-man-show project because of lack response. If you need the product become big, find investors, find manpowers, rewrite codes, most important is listen to users and their critique. If you think a critique is an insult then, stop. It's over.
I'm currently on premium license for directadmin and cpanel. I came here only to visit any news on security since long time ago I haven't touched it. You see, I have the feeling this product is going to be the best but only you can change my perspective.