Question about security

Hi guys,

Got a small question, is there a way to prevent users from running shell commands through PHP scripts? I have found all kind of crippy things in my /tmp dir (exploits, perl spaming scripts, scanners, and more).

I can't even track what users or through what PHP are this files coming from, because the owner of this files is apache.

Any idea?

I guess you have to start hiring sysadmin to secure the box so you, your box is exploited due to weakness of your system.

Preventing users from running 'shell commands' through PHP is relatively easy, and you don't even need to hire a sysadmin to do it for you!

Using the "disable_functions" option in your php.ini it's easy enough to disable certain functions.


I bet there's more malicious functions then the ones I listed above, so please adjust to your needs.