I have some htaccess code which will "include" my ads onto everypage of the directory that the .htaccess is in. I have heard that the solution lies within http.conf I need to write a php.ini disabling major php functions (that will allow spamming etc) I need to disallow php.ini s to be effective. So people cannot upload a php.ini file to adjust anything. I need to apply a .htaccess code to all customers (using cpanel / WHM) I need for .htaccess code to be disallowed ... i.e. - people cannot remove the ads If you haven't guessed already, I'm trying to setup a free host site. - Mutasim
mutasim, Rather than trying to force them not to modify their .htaccess just utilize mod_layout (for apache) to implement the advertising. It's fairly aeasy to do. As far as php functions to disable, ensure these ones are stopped for optimal security: system, exec, shell, mb_send_mail, shell_exec, popen, passthru, echo, proc_open
Last I checked, echo wasn't too much of a security thread.. it also poses a problem to 99.99% of PHP scripts (yea made up the figure, has to be almost correct though). Aside from that I agree fully
CodyRo, It's not that it's a problem And I've never had a problem with it being disabled on servers with over a thousand users on them. The thing is echo is used in a number of malicious scripts, oddly enough Disabling it just reduces the potential problems as a result of them.