shell_exec() has been disabled for security reasons in /usr/local/cpanel/whostmgr/.../logger.php

postcd

• September 20, 2015 06:20

Hello, in root folder on WHM server i have "error_log" file which contains many log lines from today and many days before: PHP Warning: shell_exec() has been disabled for security reasons in /usr/local/cpanel/whostmgr/docroot/themes/x/xtra/functions/load/logger.php on line 76 Is it problem that WHM cant use this PHP function? How should i solve this while keeping this function disabled for hosted websites? thank you

• 

  madmanmachines

  • September 20, 2015 14:33

  This looks like you are using a 3rd-party addon for WHM that has special requirements that cPanel/WHM does not normally allow. I'd say that 'shell_exec()' is disabled for good reason. You must absolutely trust this addon if you enable 'shell_exec()'. Search for the directive using the following
  find /usr/local/ -type f -name php.ini -exec grep -il "shell_exec" {} \;
  How should i solve this while keeping this function disabled for hosted websites?
  I doubt the same PHP configuration is used for this 3rd-party addon and the actual websites.

  0
• 

  postcd

  • September 20, 2015 14:56

  Thx, yes, your command found file: /usr/local/lib/php.ini And the above mentioned log entry points to this file: /usr/local/cpanel/whostmgr/docroot/themes/x/xtra/functions/load/logger.php which contains: $beancounters = @shell_exec("/bin/beanc 2> /dev/null"); if (!$beancounters) { if (file_exists('/proc/user_beancounters')) { $beancounters = `cat /proc/user_beancounters 2> /dev/null`; } else { $ded=TRUE; } } if ($beancounters) { if (file_exists($logdir.'_nobeans')) { unlink($logdir.'_nobeans'); } $pattern = "/^.*\b(oomguarpages)\b.*$/mi"; preg_match($pattern, $beancounters, $hits); $bean = trim($hits[0]); $bean = preg_replace("/ {1,99}/", " ", $bean); $parts = explode(" ",$bean); $mem1 = $parts[1]; $oomgmax = $parts[3]; $pattern = "/^.*\b(privvmpages)\b.*$/mi"; preg_match($pattern, $beancounters, $hits); $bean = trim($hits[0]); $bean = preg_replace("/ {1,99}/", " ", $bean); $parts = explode(" ",$bean); $mem2 = $parts[1]; $privmax = $parts[3]; }
  To disable this script/WHMXtra plugin, go to Plugins >> Load/Bandwidth Monitor and select the option to disable the cron

  0
• 

  postcd

  • September 20, 2015 18:34

  Can i somehow edit that logger.php file and disallow it to log errors? or into that directory .htaccess to add something like?: ErrorLog /dev/null

  0
• 

  cPanelMichael

  • September 21, 2015 04:54

  Hello :) I suggest reporting this issue to the developer of the plugin you are using. It's possible an update is available for it, or the developers need to address the issue to avoid a modification to the cPanel PHP configuration. Thank you.

  0
• 

  postcd

  • September 24, 2015 22:49

  Thanks, the developer is aware and will probably use different function in future. To disable this script/WHMXtra plugin, go to Plugins >> Load/Bandwidth Monitor and select the option to disable the cron solved 4me, thx Michael

  0
• 

  cPanelMichael

  • September 29, 2015 20:25

  I m happy to see you were able to address the issue by disabling the plugin and contacting the developer. Thank you for updating us with the outcome.

  0

Please sign in to leave a comment.