Casbay Knowledge Base

Search our articles or browse by category below

SECURITY UPDATE: Secure and Update your PHP

Last modified: October 1, 2022
Estimated reading time: 1 min

SECURITY UPDATE: Secure and Update your PHP

It is extremely important to secure your PHP and to keep your PHP version up to date in order to minimize security vulnerability. Therefore, here are the security enhancements we recommend you to apply:

1) Install and configure ModSecurity

ModSecurity is an open source for web applications intrusion detection / prevention engine. In other words, as an Apache Web server module, the purpose of ModSecurity is to increase web application security and protect web applications from known and unknown attacks.

Step of installation for ModSecurity:
1) Firstly, Download yum repo and install the ModSecurity using yum.
#wget -q -O –| sh
#yum install mod_security

2) Then, Download apply the ModSecurity rules.
#cd/etc/httpd/modsecurity.d && wget
#tar –xvvzf modsec-2.5-free-latest.tar.gz

3) Next, Remove unwanted rules.
#cd/etc/httpd/modsecurity.d && rm -Rf 00_asl_rbl.conf 00_asl_whitelist.conf

4) Lastly, Restart apache service.
#/etc/init.d/httpd restart

2) Install PHP HardenedPHP patch

The hardenedPHP patch is a patch that adds security hardening features to PHP to protect your servers from a number of well-known issues in PHP applications. It also safeguards the servers from potential unknown vulnerabilities within those applications or the PHP core itself.

3) Keep your Plesk version and application version up to date

** NOTE: mod_security and Suhosin were not fully tested with Plesk Sitebuilder. Therefore, if you are using Plesk Sitebuilder, it is recommended to disable mod_security and Suhosin on the publishing server.

Installation steps for Suhosin:
1) Firstly, Download suhosin and install it.
#cd/usr/local/</code?
#wget
#tar-zxvf suhosin-0.9.18.tgz
#cd suhosin-0.9.18
#phpize
#./configure
#make && make install

2) Secondly, Add a load directive to php.ini.
#extension=suhosin.so

3) Then, Restart apache service.
#/etc/init.d/httpd restart

<< PLESK Users >>

Mod_security and Suhosin were not fully tested with Plesk Sitebuilder. In addition, if you are using Plesk Sitebuilder, it is recommended to disable mod_security and Suhosin on the publishing server.

<< CPANEL/WHM Users >>

For server pre-installed with cPanel, you will only need to enable the ModSecurity module and Suhosin module from the EasyApache and recompile the Apache.

Interested in learning more regarding this topic? Well, you can browse through our Knowledge Base to find some other similar articles.

Was this article helpful?
Dislike 0
Previous: Secure web page that contains insecure elements
Next: Disabled PHP Functions