Secure Your Shared Hosting

Recently we’ve been attacked by hackers due to some of the vulnerable WordPress site that hosted in our server. Hackers manage to inject backdoor shell scripts that are able to crack our cPanel password, change other opensource site’s admin password, and access to all our hosting account’s web files. According to the hacker codes that we manage to grab from the hacked folders, they are rely on PHP shell functions in their backdoor codes. We did research online, and below is what we found out.

In order to harden your PHP server security you should disable the following functions in your PHP.ini.

exec, passthru, shell_exec, system, proc_open, popen, apache_child_terminate, apache_setenv, define_syslog_variables, pcntl_exec, openlog, posix_getpwuid, posix_kill, posix_setpgid, posix_setsid, posix_setuid, posix_setuid, posix_uname, proc_close, proc_get_status, proc_open, proc_terminate, syslog

How to do it?

If you are hosted under shared hosting, please contact your webmaster to disable them.

If you own a shared hosting server, please go to our server control panel and look for PHP.ini, search for the keyword disable_functions=””. Insert the above functions that mentioned within the double quote. Save it and restart your server.

Search

Recent Posts

Best Flexibile Pricing Plan SMTP Service Provider – AlibabaCloud Direct Mail

Understanding WordPress Hacking: Tactics Used by Attackers and How to Protect Your Site

Guide to setup DKIM, SPF and DMARC Record in cPanel

Create a WhatsApp Chatbot Without Coding: A Step-by-Step Guide

Leave a Reply Cancel reply

About Us

Our Softwares

Find Us

Member Of

Partners & Certificates