PHP and CGI security

What is the best way to secure against malicious PHP and CGI scripts?

I have disable_functions = passthru,system in my php.ini file.

I did have exec() and popen() blocked also, however people who use gallery complained when it broke it (myself included PHP and CGI security).

I am running cPanel.... I dunno how that screws things up. I read that the best way to protect against CGI scripts is to chroot apache... I'm unsure how that would affect cPanel though....

Any thoughts? How do you have it set up?

 

 

 

 

Top