HELP with the Dangerous PHP Functions Enabled

[Philip Gaines]

Does anyone know how to do the disable the PHP Functions ?

I'm using Godaddy and we are on a VPS the WHM/CPanel

I've looked on the internet and i cant find anything that shows you how its done.

Everything was ok on our old business package with Godaddy but we didnt have full control of the Mod security, so we was told the the only way was to use a VPS and then import C/panel and the forum in one hit.

Since this has been done now we are getting the message below.

Dangerous PHP Functions Enabled

We recommend disabling the following functions on your server, or at least in the directory that your community is installed in. If you do not manage your server yourself, your hosting provider will be able to assist with this.
exec, system, pcntl_exec, popen, proc_open, shell_exec

   

Thanks for any help.

[Adlago]

Open cPanel - MultiPHP INI Editor - Editor Mode

Add the last line in this image and Save

[AndyF]

Would suggest even though its a small edit to take a backup copy of php.ini before editing if you can.

Its possible the host might do the edit for you but it is quite simple to do, I did something similar on my localhost simply as the message annoyed! :D

[manuel lazanakis]

Hi my host doesn’t allow me to make these changes. What are the risks to no disabling them?

 

Dangerous PHP Functions Enabled

We recommend disabling the following functions on your server, or at least in the directory that your community is installed in. If you do not manage your server yourself, your hosting provider will be able to assist with this.
exec, system, pcntl_exec, popen, proc_open, shell_exec

[rngrdanny22]

On 12/3/2018 at 12:10 PM, manuel lazanakis said:

Hi my host doesn’t allow me to make these changes. What are the risks to no disabling them?

 

Dangerous PHP Functions Enabled

We recommend disabling the following functions on your server, or at least in the directory that your community is installed in. If you do not manage your server yourself, your hosting provider will be able to assist with this.
exec, system, pcntl_exec, popen, proc_open, shell_exec

 

I have also run into this issue and would like to know as well.

[Makoto]

The functions are dangerous and not needed by IPS. It's just a best practice to disable them to ensure there's no risk of malicious code abusing them.

However, it's not absolutely essential. If you can't disable them, you can't. If you can, you should.

The main thing is to always keep your IPS installation up-to-date; especially when there are security updates available.

[manuel lazanakis]

Thank you my hosting provider disabled them for me. 

[TronRP]

How do I handle this edit for HostGator?  Is it the same process as stated previously by Adlago?

On 9/1/2018 at 3:50 AM, Adlago said:

Open cPanel - MultiPHP INI Editor - Editor Mode

Add the last line in this image and Save

 

[Rhett]

15 minutes ago, TronRP said:

How do I handle this edit for HostGator?  Is it the same process as stated previously by Adlago?

 

If you are on shared hosting you likely cannot, you can contact your host to assist you if needed though, they can guide you if it's an option. The process can vary depending on your hosting setup. 

[TronRP]

1 minute ago, Rhett said:

If you are on shared hosting you likely cannot, you can contact your host to assist you if needed though, they can guide you if it's an option. The process can vary depending on your hosting setup. 

Thank you

[stonewolf777]

If you have access to your PHP version settings (you should, if I'm correct you're on a VPS), just add into "additional directives":

disable_functions = "exec, system, popen, proc_open, shell_exec, pcntl_exec"

And you MUST clear cache and cookies from used browser/browsers!

[Jose88]

ty