How to block php function on shared hosting server?

Question

Recently I found that my website had been hacked. Somehow hacker manage to put a file on my web server which was executing eval() function.

Ive tighten FTP securities but further that I don't want some PHP functions should not be used within any file such as eval().

Any idea how can I block php function on shared host ?

[disable_functions](http://php.net/manual/en/ini.core.php#ini.disable-functions)? — Class, Mar 12 '13 at 05:00
And note that disabling `eval()` will break some applications. — , Mar 12 '13 at 05:15
[disable_functions eval bug](https://bugs.php.net/bug.php?id=62397) — Class, Mar 12 '13 at 05:28

score 0 · Answer 1 · answered Mar 12 '13 at 05:01

0

If you are on a shared host and do not have access to php.ini, you can include this line in your .htaccess file:

php_admin_value disable_functions "exec, system"

Put the function name inside the quotations (" "), if you want more, simply separate them using a comma like in my example.

answered Mar 12 '13 at 05:01

Jay Huang

I thought php_admin_value is not valid inside .htaccess Its not working anyway still eval function is being execute. php_admin_value disable_functions "eval" Please check this http://php.net/configuration.changes it says " Any directive type set with php_admin_value can not be overridden by .htaccess" – Mahendra Mar 12 '13 at 05:16

1 Answers1