I can see that PHP_CHECKS is OFF by default. Is it recommended to be on?
If so, I used to use CSF firewall which gave me a nice clear list of recommended security actions to apply in order to make the server a little "safer".
In ASL configuration there is a section for PHP configuration and everything is just set to no or yes and not really giving a reason as to why its set like that.
Is there a wiki list or page somewhere giving us the recommended settings for a shared hosting environment?
PHP_CHECKS
Re: PHP_CHECKS
It is recommended to enable the hardened PHP security. It greatly helps reduce the risk of PHP script exploits. However, do make sure that you are not disabling functions that you are actually using. (Or find a more secure alternative for using these functions)
Lemonbit Internet Dedicated Server Management
- mikeshinn
- Atomicorp Staff - Site Admin
- Posts: 4149
- Joined: Thu Feb 07, 2008 7:49 pm
- Location: Chantilly, VA
Re: PHP_CHECKS
Thank you for the question. ASL will report the significance of each issue in the Vulnerabilities window. Each vulnerability has a "read more" link that will direct you to documentation explaining the vulnerability, its risks, our recommendations, and actions you can take to close the vulnerability.
Each configuration option is also documented in the documentation page in the wiki, which for the ASL settings screen is documented at the URL below:
https://www.atomicorp.com/wiki/index.ph ... figuration
Each configuration option is also documented in the documentation page in the wiki, which for the ASL settings screen is documented at the URL below:
https://www.atomicorp.com/wiki/index.ph ... figuration
Michael Shinn
Atomicorp - Security For Everyone
Atomicorp - Security For Everyone