Nội dung
In this article, AZDIGI will guide you on how to disable dangerous PHP functions on DirectAdmin.
I. Introduction
There are many useful and powerful PHP functions, but in the list of PHP functions, there are also many dangerous PHP functions. And these functions are often abused for many different dangerous purposes, such as:
- Infiltrate your server.
- Escalation takes over enforcement.
- Allow editing, uploading of illegal files.
- Executing spam mail scripts, cryptocurrency mining…
However, by default, DirectAdmin will not disable these dangerous PHP functions. So after you’ve just installed the DirectAdmin server, you should disable the dangerous PHP functions on DirectAdmin.
II. Disable dangerous PHP functions on DirectAdmin
To disable dangerous PHP functions on DirectAdmin, we follow these 2 steps.
Step 1: SSH into your DirectAdmin system
To optimize MySQL speed on DirectAdmin, we first need to SSH or access your VPS/server with root privileges. If you don’t know how to SSH into your VPS/Server, you can refer to the following tutorial:
After successfully SSH, we continue with step 2 to disable the dangerous PHP function DirectAdmin with CustomBuild.
Step 2: Disable dangerous PHP function DirectAdmin with CustomBuild
To disable the dangerous PHP function on DirectAdmin with CustomBuild is very simple, you just need to execute the following commands:
cd /usr/local/directadmin/custombuild/
./build update
./build secure_php
Explanation of the two commands above:
- Command 1: Move to custombuild folder.
- Command 2: Update custombuild script.
- Command 3: Disable the dangerous PHP function on DirectAdmin.
These commands will:
Change the secure_php option from ‘No‘ to ‘Yes‘ in CustomBuild‘s configuration settings (/usr/local/directadmin/custombuild/options.conf).
CustomBuild will then modify the php.ini files to correspond to your installed PHP versions.
If you are using CloudLinux, then you need to run the following command:
cagefsctl --setup-cl-selector
Below is the image after I finished running the above 3 commands:
To check if this disabling has changed the ‘php.ini‘ files of PHP versions, we use the following command:
grep -Ri 'secure_phpini:' custombuild.log
If display change information corresponding to the current data is correct.
php.ini files are changed immediately after executing command 3.III. Cancellation disabled dangerous functions of DirectAdmin
If you want to enable the dangerous function on DirectAdmin, we just need to execute the following two commands and everything will be back to the way it was:
echo "" > custom/php_disable_functions
./build secure_php
IV. Summary
You can disable the dangerous PHP function on DirectAdmin with two simple steps, making your server and websites much safer.
Hope this article will be of help to you. Wishing you success!
See more useful articles about DirectAdmin at the following link:
If you need assistance, you can contact support in the ways below:
- Hotline 247: 028 888 24768 (Ext 0)
- Ticket/Email: You use the email to register for the service and send it directly to: support@azdigi.com .
- Website AZDIGI: https://azdigi.com/
