disable execution of base64 encoded scripts?
Hi,
If i disable these function in php.ini file in cpanel, is it possible it will also disable execution of "base64" encoded script.
i saw many spamming codes or scripts are in "base64" encoded. so if i can stop those script from execution by php.ini, that will help to stop server from doing spamming.
"disable_functions = phpinfo, allow_url_fopen, exec, popen, pclose, ini_set, php_eval, safe_dir, g lob, root, ftok, posix_access, egy_perl, symlink, set_time_limit, ini_restore, shell_exec, passthru, ini_alter, dl, openlog, syslog, readlink, link, leak, escapeshellcmd, proc_close, proc_get_status, proc_nice, proc_open, proc_terminate, pcntl_exec, wscript, curl_exec, apache_child_terminate, apache_setenv, define_syslog_variables, escapeshellarg, escapeshellcmd, exec, fp, fput, ftp_connect, ftp_exec, ftp_get, ftp_login, ftp_nb_fput, ftp_put, ftp_raw, ftp_rawlist, highlight_file, ini_get_all, inject_code, mysql_pconnect, php_uname, phpAds_remoteInfo, phpAds_XmlRpc, phpAds_xmlrpcDecode, phpAds_xmlrpcEncode, posix_getpwuid, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, posix_setuid, posix_uname, proc_close, proc_get_status, proc_terminate, system, xmlrpc_entity_decode"
i saw many spamming codes or scripts are in "base64" encoded. so if i can stop those script from execution by php.ini, that will help to stop server from doing spamming.
-
You can add: base64_decode to disable_functions yes Sadly there are ways around it though but it is better than nothing. Also realize although it is used in a lot of malicious code, there is legitimate code that relies on it as well. 0 -
You could try it, but like Jcats says, a lot of legitimate code relies on this function. Even the wordpress core and many popular plugins like wp-super-cache rely on base64_decode. 0
Please sign in to leave a comment.
Comments
3 comments