Portal Home > Knowledgebase > Articles Database > do you disable eval, base64_decode, gzinflate ?


do you disable eval, base64_decode, gzinflate ?




Posted by ttgt, 07-31-2012, 11:11 PM
Hi, because i disable gzinflate and some script can not upgrade/download/install template or module from script's admin area, i do search,some threads suggest disable eval, base64_decode, gzinflate, do you disable them ? or it is not necessary ? my server is centos/cpanel for shared hosting. thanx

Posted by quantumphysics, 07-31-2012, 11:14 PM
course not, never disable them. false sense of security.

Posted by ttgt, 07-31-2012, 11:16 PM
this is one of the articles i check http://serverfault.com/questions/169...om-occurring-a thanx

Posted by TravisT-[SSS], 07-31-2012, 11:39 PM
While disabling functions is one level of security there are many other points of access including perl. PHP shells are the most common methods of attack but if someone knows what they are doing you will need to better lock the OS down.

Posted by ttgt, 07-31-2012, 11:42 PM
do you have more suggestion or hint about how to lock the OS down better ? thanx

Posted by quantumphysics, 07-31-2012, 11:49 PM
worthless. they can just run it without that, same bs -- false security, not security

Posted by TravisT-[SSS], 07-31-2012, 11:53 PM
Best bet. Hire someone. Otherwise, read books, and jump on search engines. It really is a proactive and learning process. No simple tutorial will ever be able to teach/show you how to do it step-by-step. Some nice online books: http://www.nsa.gov/applications/sear...x.cfm?q=redhat

Posted by racknap1, 08-01-2012, 11:51 AM
Hi, I would rather recommend, to get professional on this matter, practice it safe.

Posted by SA-ChrisM, 08-03-2012, 03:39 AM
Perl is not a "point of access", it's a language and an interpreter, nothing more. You might as well say "Bash/ksh/zsh/php/ruby/gcc is an access point..." When I was working at one of the big control panel vendors, we'd regularly see customers come to us with broken servers who acted on statements such as yours by disabling perl trying to "secure" their machines.

Posted by quantumphysics, 08-03-2012, 03:59 AM
No you have to disable perl, python, php, ruby, those are hacker tools that will destroy your server !!!



Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
Advertisment question (Views: 239)


Language:

Customer Testimonials

John Doe
It's a great service with fantastic support. It's definately good value for your money. Overall rating, 10 out of 10.
Mike Smith
Much better than my previous hosting company - I also got help with migration at no extra cost. Friendly support too.
Copyright © 2015 DC International LLC in partnership with Bragin IT Solutions Inc. - All Rights Reserved.