BuycPanel Blog

BuycPanel Blog

Latest news and updates

Key PHP Security Concepts

Posted by Allura on 27 11 2019.

Introduction
If the applications in your system use PHP, then you are susceptible to a great deal of risks and vulnerabilities.These are typically exploited by attackers through varied ways such as file inclusion attacks, unregistered viable files, and messages regarding system error.You can stop any sensitive reports in your server from being leaked with the help of the following ways. 
Prevent Information Disclosure
Error messages would possibly at a time reveal crucial reports concerning your system.These can be used by attackers to hack into your server.This information would possibly comprise of clues like names of the database, usernames and directory structure.You can prevent others from accessing your information by limiting the PHP errors that are displayed on the applications’ user interface.You can limit error messages from being displayed by shutting the display_errors choice.It is available within WHM’s PHP Security Concepts interface under the Advanced Mode section which can be located at WHM >…

Introduction

If the applications in your system use PHP, then you are susceptible to a great deal of risks and vulnerabilities.

These are typically exploited by attackers through varied ways such as file inclusion attacks, unregistered viable files, and messages regarding system error.

You can stop any sensitive reports in your server from being leaked with the help of the following ways.

 

Prevent Information Disclosure

Error messages would possibly at a time reveal crucial reports concerning your system.

These can be used by attackers to hack into your server.

This information would possibly comprise of clues like names of the database, usernames and directory structure.

You can prevent others from accessing your information by limiting the PHP errors that are displayed on the applications’ user interface.

You can limit error messages from being displayed by shutting the display_errors choice.

It is available within WHM’s PHP Security Concepts interface under the Advanced Mode section which can be located at WHM > Home > Service Configuration > PHP Configuration Editor.

Restrict File Uploads

Vulnerable servers are typically broken into by attackers through malicious file uploads.

You can forbid external users from exploiting your PHP settings by limiting all transfer permissions to ensure that they are unable to inject their PHP scripts.

 

It is advised that you deactivate the file_uploads directive within the Advanced Mode section to confine the file transfer permissions.

You can view it among the PHP Security ideas interface placed at WHM > Home > Service Configuration > PHP Configuration Editor.

 

Protect Sessions

Sometimes an attacker might try to hijack a user’s session.

This is doable once a user’s net application session is taken by the hacker and he then executes the commands on behalf of the user.

PHP uses randomly-generated session identifiers as URLs in order to keep it a bit complex to be guessed.

Their value is, however, saved by the filesystem.

JavaScript may be injected into pages by attackers to extract cookies within which session IDs are kept.

 

You can secure your session IDs by making use of the session.cookie_httponly directive found underneath the Advanced Mode section of WHM’s PHP Security ideas interface.

It is available through WHM > Home > Service Configuration > PHP Configuration Editor.

 

Disable Register Globals

A PHP script will obtain and handle variables despite the fact that it would not have any particular source to supply the global variables.

Attackers use this chance to rewrite configuration variables in order to get into elements of your system that are otherwise restricted.

You can turn off the register_globals directive in WHM’s Advanced Mode section to prevent this from happening.

Conclusion

Protect your PHP files from all exploits and vulnerabilities by limiting file uploads, covering your server reports and deactivating global registers.