MrAlicard Posted August 3, 2017 Share Posted August 3, 2017 (edited) HelloI use ipb and when I click to Security in admincp then there is two warnings. First Disable Dangerous PHP FunctionsWe recommend disabling the following functions on your server. If you do not manage your server yourself, your hosting provider will be able to assist with this.pcntl_exec __________________________________________________________________________________________________________________________________ Second Disable Public Display of PHP ErrorsYour server is currently set up to display errors on the page. This is not advised in production and only logging to file should be enabled. Your hosting provider will be able to assist with this. _____________________________________________ I tried disable display errors in .htaccess with this php_flag display_errors off but I got error. (error code 500). Edited August 3, 2017 by MrAlicard Link to comment Share on other sites More sharing options...
wolstech Posted August 3, 2017 Share Posted August 3, 2017 First off, do you have/can you prove you have a license for IPB? (We don't allow nulled software.) As for your concerns...Pcntl_exec is a security risk based on what I've read since it's basically just exec() that reuses process space. This one does need to go since exec is already disabled.We intentionally enabled the display_errors because we get too many complaints about 500 errors with them off. I and many others prefer them on, and 90% of other hosts also have them on by default. People expect the errors to appear if their script is broken. A regular 500 error doesn't tell you anything useful. Escalating to disable pcntl_exec()... Link to comment Share on other sites More sharing options...
MrAlicard Posted August 3, 2017 Author Share Posted August 3, 2017 I contacted the ipb support that if I don't disable display error then something will happen and they wrote that display_errors only medium security level and only shows errors on website. It's not big problem if I have only a forum with some people BUT this pcntl thing must disable otherwise there is high security risk as you mentioned. Thank you for answer. Link to comment Share on other sites More sharing options...
Krydos Posted August 3, 2017 Share Posted August 3, 2017 Please post the following information:Your cPanel usernameYour main domainThe server that you are onVersion of PHP you're using Link to comment Share on other sites More sharing options...
Krydos Posted November 2, 2017 Share Posted November 2, 2017 Disabled pcntl_exec on Tommy https://krydos.heliohost.org/54/disabled.php https://krydos.heliohost.org/55/disabled.php https://krydos.heliohost.org/56/disabled.php https://krydos.heliohost.org/70/disabled.php https://krydos.heliohost.org/71/disabled.php https://krydos.heliohost.org/72/disabled.php and Ricky https://krydos1.heliohost.org/54/disabled.php https://krydos1.heliohost.org/55/disabled.php https://krydos1.heliohost.org/56/disabled.php https://krydos1.heliohost.org/70/disabled.php https://krydos1.heliohost.org/71/disabled.php https://krydos1.heliohost.org/72/disabled.php and Johnny https://krydos2.heliohost.org/disabled.php Thanks for noticing this security vulnerability and letting us know about it. Link to comment Share on other sites More sharing options...
Recommended Posts