• Introducing WebPros Cloud - a fully managed infrastructure platform purpose-built to simplify the deployment of WebPros products !  WebPros Cloud enables you to easily deliver WebPros solutions — without the complexity of managing the infrastructure.
    Join the pilot program today!
  • Support for BIND DNS has been removed from Plesk for Windows due to security and maintenance risks.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS.

Input do you still need to use disabled_functions with cloudlinux alt-php and cagefs

Jurgen

New Pleskian
Hi,

In the past plesk used to disable php functions like exec passthru shell_exec system etc. I noticed that this isn't the case anymore and by default only opcache_get_status is disabled.

I wonder if this is the best and secure configuration. We currently use Cloudlinux (7 and 8) with lsphp (alt-php) and cagefs so most of the securityrisk are beeing taken care of by cagefs. However, if a site gets compromised a hacker can still deploy and run some scripts/binary's within this cage i guess. Also, is it really needed to disable opcache_get_status if you use lsphp as there is a php process for each user within his own cage.

I started this thread with the idea of finding out how other hosting companies configure php and think about these features.
 
We're blocking all commands that can lead to root access, including exec, shell_exec, etc.
 
Back
Top