Clamav Signatures

Clamav Signatures from malware expert help improve the detection rate on malware from PHP files. You can add malware expert clamav signatures to freshclam.conf file:

DatabaseCustomURL http://cdn.malware.expert/malware.expert.ndb
DatabaseCustomURL http://cdn.malware.expert/malware.expert.hdb
DatabaseCustomURL http://cdn.malware.expert/malware.expert.ldb

Read the rest of this entry »

Securing php.ini

Disabling Functionality

There are certain functions in PHP that we don’t want users to use because of the danger they are. Even if you know your users aren’t utilizing certain functions it is wise to completely disable them so an attacker can’t use them. This security precaution is especially effective at stopping an attacker who has somehow managed to upload a PHP script, write one to the filesystem, or even include a remote PHP file. By disabling functionality you ensure that you can limit the effectiveness of these types of attacks. Of course, there are always users who’s to complain these, but We say sorry! Use Virtual Private Server and run itself what you want.

disable_functions = exec, system, passthru, shell_exec, escapeshellarg, escapeshellcmd, proc_close, proc_open, dl, popen, show_source, posix_kill, posix_mkfifo, posix_getpwuid, posix_setpgid, posix_setsid, posix_setuid, posix_setgid, posix_seteuid, posix_setegid, posix_uname

Disable Remote File Includes

Attackers will often attempt to identify file inclusion vulnerabilities in applications then use them to include malicious PHP scripts that they write. Even if an attacker doesn’t have write access to the web application directories if remote file inclusion is enabled the attacker can host malicious PHP scripts on other servers and the web application will fetch them and execute them locally!

We don’t block url_fopen our hosting environment, because cause lot of problems to websites!

allow_url_fopen = On
allow_url_include = Off

setting outgoing smtp menggunakan eksternal smtp

Misal kita akan menggunakan smtp eksternal dengan alamat host smtp.domain.com port 587, cara setting outgoing smtp menggunakan eksternal smtp pada exim adalah sbb:

1. Login ke WHM, klik menu Home >> Service Configuration >> Exim Configuration Manager
2. Klik Advanced Editor.
3. a. Cari bagian section: AUTH, tambahkan:

externalsmtp_login:
driver = plaintext
public_name = LOGIN
client_send = : username : password

3.b Selanjutnya ke bagian Section: TRANSPORTSTART, tambahkan:

externalsmtp_smtp:
driver = smtp
port = 587
hosts = ${lookup{$domain}lsearch{/etc/staticMX}}

3.c Dan akhirnya ke bagian Section: ROUTERSTART, tambahkan:

send_via_externalsmtp:
driver = manualroute
domains = !+local_domains
transport = externalsmtp_smtp
route_list = “* smtp.domain.com::587 byname”
host_find_failed = defer

4. selanjutnya klik Save
5. monitor log /var/log/exim_mainlog apakah proses pengiriman email berjalan lancar