STEP 1 – APACHE
You need to rebuild apache, and in one of the apache steps you need to chose the “File Security” this addon will chmod the directories as we will see in the configuration of the other steps.
Then after doing this go to Apache Config in cpanel and uncheck this to
pico /usr/local/apache/conf/httpd.conf
- ExecCGI
- FollowSymLinks
STEP 2 – CHMOD’ING
Now Enter into your VPS thru Filezilla, or whatever software you feel comfortable to chmod some files.
CHMOD THIS FILES AS EXPLAINED BELOW.
chmod 0700 /bin/ln chmod 0700 /bin/cat chmod 0700 /bin/pwd chmod 0700 /bin/kill chmod 0644 /bin/umount chmod 0700 /bin/doexec chmod 0700 /bin/link chmod 0700 /bin/chmod chmod 0700 /bin/netstat chmod 0500 /bin/ps chmod 0700 /bin/df chmod 0700 /usr/bin/lynx chmod 0700 /usr/bin/gcc chmod 0700 /usr/bin/nc chmod 0700 /usr/bin/wget chmod 0700 /usr/bin/scp chmod 0700 /usr/bin/cvs chmod 0700 /usr/bin/telnet chmod 0700 /usr/bin/symlinks chmod 0700 /usr/bin/tail chmod 0700 /usr/bin/tailf chmod 0700 /usr/bin/du
STEP 3 – PHP.INI
Now its time to add some security to the PHP.INI
go to the folder where the php.ini is located open it with a notepad++
And do the following:
pico /usr/local/lib/php.ini
Serch about this safe_mode_gid by Ctrl + W
Change it to :
safe_mode_gid = On safe_mode_exec_dir = “/nonexec”
Add this
open_basedir = "/home/:/home3/:/usr/lib/php:/usr/local/lib/:/tmp:/usr/local/Zend/etc/"
(Now depends on where your home directory is change it as you need it)
4.
Also this with php.ini
Serch about disable_functions
Add this functions
disable_functions = "disk_total_space, diskfreespace, apache_note, apache_setenv, closelog, debugger_off, debugger_on, define_syslog_variables, escapeshellarg, escapeshellcmd, ini_restore, openlog, passthru, pclose, pcntl_exec, popen, proc_close, proc_get_status, proc_nice, proc_open, proc_terminate, shell_exec, syslog, system, url_exec, base64_encodem, phpinfo, readlink, eval, root, symlink"
STEP 4 – httpd.conf
Now we need to go to httpd.conf (the file is located on apache folder)
And edit it, and find “AllowOverride” and Replace it with “AllowOverride AuthConfig FileInfo Indexes Limit Options=Includes,Indexes,MultiViews”
And if you wana increase your security more, just chmod the home directory to 751 or 711.