Pages

Showing posts with label PHP. Show all posts
Showing posts with label PHP. Show all posts

Thursday, May 9, 2024

Enhancing PHP Security: Best Practices and Configuration Tips


PHP, as a server-side scripting language, is widely used to create dynamic web pages. However, ensuring the security of PHP applications is crucial to protect against hacking attempts and malware injections. This article discusses essential PHP security practices and configuration tips to enhance the security of your PHP applications.

Viewing PHP Settings: Before diving into security configurations, it's essential to understand how to view PHP settings. One simple way is to create a PHP file with the phpinfo() function and then browse that fie to access the PHP information page
<?php phpinfo(); ?>
Preventing Hacking Attempts:

Disable Functions: PHP provides the disable_functions directive to disable certain functions for security reasons. Common functions like exec, passthru, shell_exec, and others can pose security risks. Ensure to disable them in the php.ini file
disable_functions = exec, passthru, shell_exec, system, proc_open, popen, curl_exec, curl_multi_exec, parse_ini_file, show_source

Safe Mode: Safe mode is a security feature designed to prevent PHP scripts from executing commands at the operating system level. To disable safe mode, modify the php.ini file
safe_mode = Off
open_basedir Restriction: Use the open_basedir directive to define the locations from which PHP is allowed to access files. Configure it in WHM (Web Host Manager) to restrict access to specific directories.

Register Globals: Register Globals is an internal PHP setting that can pose security risks by automatically creating variables from input data. It's recommended to disable register globals in the php.ini file
register_globals = off
allow_url_fopen: The allow_url_fopen setting prevents URLs from being used in PHP include() statements, reducing the risk of including malicious code. Disable it in the php.ini 
allow_url_fopen = Off
Magic Quotes: Magic Quotes automatically escape special characters in PHP variables to prevent SQL injection attacks. However, it's deprecated and can lead to security vulnerabilities. Disable it in the php.ini file:
magic_quotes_gpc = Off

Conclusion: Implementing these PHP security best practices and configuration tips can significantly enhance the security of your PHP applications. Regularly review and update your PHP configurations to stay protected against evolving security threats. By prioritizing security measures, you can ensure the integrity and reliability of your PHP-based web applications.

Friday, February 16, 2024

Suphp Installation

Installing suPHP on a server using cPanel and EasyApache is a straightforward process but requires careful attention to detail. suPHP is a tool for executing PHP scripts with the permissions of their owners, enhancing the security of the server. Here's a detailed guide on how to install and configure suPHP:

Step 1: Launch a Screen Session

Before you start, it's recommended to run EasyApache within a screen session. This ensures that the process continues running even if your SSH session is interrupted.
screen -S ea
This command starts a new screen session named "ea."
Step 2: Run EasyApache

Now, initiate the EasyApache script. This script provides a text-based interface for configuring Apache and PHP.
/scripts/easyapache
Step 3: Select Mod SuPHP

Within the EasyApache interface, navigate to the "Exhaustive Options List" and find "Mod SuPHP." Select it by pressing the spacebar. Make any other adjustments as needed for your server environment, then proceed to compile and build Apache and PHP with your new settings.

Step 4: Build the Configuration

After selecting Mod SuPHP and any other required options, follow the on-screen instructions to complete the build process. This might take some time depending on your server's specifications and the options selected.
Step 5: Configure suPHP

Once EasyApache has finished building, you can enable suPHP on your server with the following command:
/usr/local/cpanel/bin/rebuild_phpconf 5 none suphp 1

This command sets PHP5 to use suPHP as the PHP Handler and enables suEXEC, which is necessary for suPHP to function correctly.
Step 6: Verify the Configuration

To ensure that suPHP has been correctly configured, use the following command to display the current PHP handler setup:
/usr/local/cpanel/bin/rebuild_phpconf --current

You should see output indicating that PHP5 is using suPHP and that suEXEC is enabled.
Step 7: Restart Apache

For the changes to take effect, restart the Apache service:
/scripts/restartsrv_httpd
Step 8: Check suPHP Log and Adjust Permissions

Finally, you can check the suPHP log file for any errors or messages:
/usr/local/apache/logs/suphp_log
If you encounter errors related to file permissions, suPHP requires directories to have 755 permissions and files to have 644 permissions. Use the following commands to set permissions correctly for PHP files and directories within your web content:
find . -type d -exec chmod 755 {} \; find . -type f -exec chmod 644 {} \;
Run these commands within the root directory of your website(s).

Conclusion

Following these steps will install and configure suPHP on your cPanel server, enhancing the security by executing PHP scripts with the permissions of their owners. Be sure to monitor the suPHP log file for any errors and adjust file permissions as necessary to avoid common issues related to improper file permissions.

Thursday, December 28, 2023

Install Imagick on Cpanel Server

Imagick is a PHP extension that utilizes the ImageMagick software suite for image processing. It's widely used for creating, editing, composing, and converting images. This guide will take you through the steps of installing ImageMagick and the Imagick PHP extension on a cPanel server.

Step 1: Installing ImageMagick

1. Access Your Server:
Log in to your server as the root user via SSH:

ssh root@server

2. Navigate to the Source Directory:

cd /usr/local/src/

3. Download ImageMagick:

wget ftp://ftp.imagemagick.org/pub/ImageMagick/ImageMagick.tar.gz

4. Extract the Archive:

tar zxvf ImageMagick.tar.gz

5. Configure and Install:

Navigate to the ImageMagick directory (the name might vary based on the version):

cd ImageMagick-*

Now, compile and install ImageMagick:

./configure make make install

6. Install Perl Module:

If you need PerlMagick, the Perl interface for ImageMagick, continue with these steps:

cd PerlMagick perl Makefile.PL make make install

7. Confirm ImageMagick Installation:

Verify that ImageMagick is installed:

which convert

Expected output: /usr/local/bin/convert

Step 2: Installing Imagick PHP Extension

1. Download Imagick for PHP:

wget http://pecl.php.net/get/imagick-2.3.0.tgz

2. Extract the Archive:

tar -zxvf imagick-2.3.0.tgz

3. Navigate to the Imagick Directory:

cd imagick-2.3.0

4. Prepare Imagick for PHP:

phpize ./configure make make install

5. Update PHP Configuration:

Edit the php.ini file used by your PHP installation. The location of this file can vary, but typically it's found in /usr/local/lib/php.ini:

vi /usr/local/lib/php.ini

6. Add Imagick Extension:

In the php.ini file, add the following line to enable the Imagick extension:

extension="imagick.so"

Save and close the file.

Step 3: Restart the Web Server

After updating the PHP configuration, restart Apache to apply changes:

/scripts/restartsrv_httpd

Conclusion

You've successfully installed ImageMagick and the Imagick PHP extension on your cPanel server. This setup allows you to leverage powerful image processing capabilities directly from PHP scripts. Test the installation by running a PHP script that utilizes Imagick functions to ensure everything is working correctly. Remember to regularly update both ImageMagick and the Imagick extension to maintain security and functionality.

Friday, October 31, 2014

Installing Swish Module for php

Swish package does not comes with current repo's of centos or redhat so we need to compile and install it before installing the swish package through the pecl. Else we may end up in error while installing Swish package with pecl

Downloading and installing the swish packages.
wget http://swish-e.org/distribution/swish-e-2.4.7.tar.gz
tar zxvf swish-e-2.4.7.tar.gz
cd swish-e-2.4.7
./configure
make
make check
make install

cd ~

Installing swish php module using pecl
pecl install swish-beta
chmod 755 /usr/lib64/php/modules/swish.so
echo "extension=swish.so" >> /etc/php.ini

Thursday, October 30, 2014

Installing PHP modules using pecl command.

Once you have installed the php you need to install needed modules to support the development process. we can use the pecl function to install the modules.

To install pecl function.

yum install php-pear

Now to install needed modules just use pecl

pecl install <Module Name>

To install a beta version
pecl install <Module Name>-beta

To list all modules in pecl database

pecl list-all

To check whether the module is installed or not

php -m

Wednesday, October 29, 2014

Installing PHP 5.6 in Centos6/7

Compiling php can be difficult some time. But We can just install the latest version of php from proper remi repo.

Install Remi repository

CentOS and Red Hat (RHEL)
Remi and EPEL (Dependency) on CentOS 7 and Red Hat (RHEL) 7

64 bit : yum install -y http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-2.noarch.rpm
yum install -y http://rpms.famillecollet.com/enterprise/remi-release-7.rpm


Remi and Epel repo ( Dependency ) on CentOS 6 and Red Hat (RHEL) 6
64 bit  : yum install -y http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
32 bit  : yum install -yhttp://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm

yum install -y http://rpms.famillecollet.com/enterprise/remi-release-6.rpm


Installing PHP5.6 from the remi and httpd from local repo
CentOS 7/6.5/5.10 and Red Hat (RHEL) 7/6.5/5.10
yum --enablerepo=remi,remi-php56 install httpd php php-common

Install PHP 5.6.0 modules

yum --enablerepo=remi,remi-php56 install php-pecl-apcu php-cli php-pear php-pdo php-mysqlnd php-pgsql php-pecl-mongo php-sqlite php-pecl-memcache php-pecl-memcached php-gd php-mbstring php-mcrypt php-xml

Start Apache HTTP server (httpd) and autostart Apache HTTP server (httpd) on boot
## CentOS/RHEL 7 ##
systemctl start httpd.service ## use restart after update


## CentOS / RHEL 6.5/5.10 ##
/etc/init.d/httpd start ## use restart after update
## OR ##
service httpd start ## use restart after update


##CentOS/RHEL 7 ##
systemctl enable httpd.service

## CentOS / RHEL 6.5/5.10 ##
chkconfig --levels 235 httpd on


Create test PHP page to check that Apache, PHP and PHP modules are working
Add following content to /var/www/html/test.php file.

<?php

    phpinfo();
?>

Now Check the PHp page at http://<<SERVER_IP>>/test.php

Make sure that the EPEL and Remi repo's are disabled to avoid Further issue in future.

Module Available in Latest PHP

bcmath
bz2
calendar
com_dotnet
ctype
curl
date
dba
dom
enchant
ereg
exif
fileinfo
filter
ftp
gd
gettext
gmp
hash
iconv
imap
interbase
intl
json
ldap
libxml
mbstring
mcrypt
mssql
mysql
mysqli
mysqlnd
oci8
odbc
opcache
openssl
pcntl
pcre
pdo
pdo_dblib
pdo_firebird
pdo_mysql
pdo_oci
pdo_odbc
pdo_pgsql
pdo_sqlite
pgsql
phar
posix
pspell
readline
recode
reflection
session
shmop
simplexml
skeleton
snmp
soap
sockets
spl
sqlite3
standard
sybase_ct
sysvmsg
sysvsem
sysvshm
tidy
tokenizer
wddx
xml
xmlreader
xmlrpc
xmlwriter
xsl
zip
zlib