I'm having the new panel programmed for free webhosting and now focusing on security issues.

Would you have any tips on a list of security things that I should get added --
to be imposed on member accounts... which would prevent hackerish/exploitable
behaviour from being successfuly implemented by them?

Please lay if all out.

Thanks a bunch.
-A

Or get a normal one and keep it up to date else sorry i'm not sure.

open_basedir="."
Then disable chdir()
That stops most hacking.

As for phishing that is a little trickier. I disabled both fopen and mail (which is how they send account info) however now users now use my site to display the phishing page, and then link elsewhere to send the data.

Are you programming the panel, or do you mean someone else is programming it?

Here's my disabled functions list in PHP, if it helps any

ftp_fput,error_log,openssl_csr_export_to_file,open ssl_csr_export,openssl_csr_new,openssl_csr_sign,op enssl_error_string,openssl_free_key,openssl_get_pr ivatekey,openssl_get_publickey,openssl_open,openss l_pkcs7_decrypt,openssl_pkcs7_encrypt,openssl_pkcs 7_sign,openssl_pkcs7_verify,openssl_pkey_export_to _file,openssl_pkey_export,openssl_pkey_free,openss l_pkey_get_private,openssl_pkey_get_public,openssl _pkey_new,openssl_private_decrypt,openssl_private_ encrypt,openssl_public_decrypt,openssl_public_encr ypt,openssl_seal,openssl_sign,openssl_verify,opens sl_x509_check_private_key,openssl_x509_checkpurpos e,openssl_x509_export_to_file,openssl_x509_export, openssl_x509_free,openssl_x509_parse,openssl_x509_ read,yp_all,yp_cat,yp_err_string,yp_errno,yp_first ,yp_get_default_domain,yp_master,yp_match,yp_next, yp_order,dio_close,dio_fcntl,dio_open,dio_read,dio _seek,dio_stat,dio_tcsetattr,dio_truncate,dio_writ e,shmop_write,shmop_size,shmop_read,shmop_delete,s hmop_open,shmop_close,copy,ftp_exec,tempnam,symlin k,link,mb_send_mail,ini_set,ini_restore,pfsockopen ,exec,system,tempnam,proc_open,proc_nice,proc_term inate,proc_close,proc_get_status,shell_exec,passth ru,popen,diskfreespace,disk_free_space,disk_total_ space,ini_alter,ini_restore,getrusage,get_current_ user,set_time_limit,getmyuid,getmypid,dl,leak,posi x_access,posix_ctermid,posix_get_last_error,posix_ getcwd,posix_getegid,posix_geteuid,posix_getgid,po six_getgrgid,posix_getgrnam,posix_getgroups,posix_ getlogin,posix_getpgid,posix_getpgrp,posix_getpid, posix_getppid,posix_getpwnam,posix_getpwuid,posix_ getrlimit,posix_getsid,posix_getuid,posix_isatty,p osix_kill,posix_mkfifo,posix_mknod,posix_setegid,p osix_seteuid,posix_setgid,posix_setpgid,posix_sets id,posix_setuid,posix_strerror,posix_times,posix_t tyname,posix_uname,curl_close,curl_copy_handle,cur l_errno,curl_error,curl_exec,curl_getinfo,curl_ini t,curl_multi_add_handle,curl_multi_close,curl_mult i_exec,curl_multi_getcontent,curl_multi_info_read, curl_multi_init,curl_multi_remove_handle,curl_mult i_select,curl_setopt_array,curl_setopt,curl_versio n,fsockopen

Isn't disabling all those functions going to have lots of member scripts not work?

Even disabling just mail() and fopen() (which are the important ones to stop phishing and hacking) will prevent a LOT of scripts from working.

Also I have a question. If fopen() is disabled do I need the open_basedir restriction, or is disabling fopen() alone going to be enough?

If you wanna restrict one of them, then restrict the other also.

Disabling mail() is fine. Most support SMTP anyway and just tell your members to use a free SMTP service like Yahoo.com.au (.AU version gives free SMTP/POP).

Only popular CMS I know that doesn't support SMTP is phpnuke. So you'll get a few unhappy members who use that.

Open_Basedir is needed, because all even though fopen is disabled the rest of the functions are still available.

You can still do... require("../file.php"); and travel up directories if there isn't any kind of OS restriction in place. Or safe_mode.

I find safe mode in PHP a pain personally, so I just stick to open basedir instead.

Some of my disabled functions are over-doing it, but for the most part a lot of scripts work on my server. Most people have no need to be using exec, or shell_Exec. Fsockopen is down because I got tired of people using this function to run a proxy. ini_*... I don't want them rewriting my config. Curl being disabled is up to the admin; myself I decided to kill it. Not THAT many scripts use it, and even though the latest of PHP is safe, I decided to kill it because it's had so many open_basedir bypasses. error_log i can probably enable now... ftp_put(); and copy(); both had and have had serious open basedir restriction problems... so I left it off. Most upload scripts use move_uploaded_file anyway. Tempnam has had issues as well.

My disabled functions is a lot... yes... call it... the paranoid list I suppose. But it does keep things safe.

Also one thing about open base dir, I found out you can do open_basedir="." and that works, but that can break certain scripts... a lot of the time more than disabling any function. I figured out that the better thing to do is not to set open_basedir="." for ALL folders, but to write individual entries in apache for each user like...

<Directory /var/www/user/user01>
php_admin_value open_basedir /var/www/user/user01/
</Directory>

That way the person can roam free in their OWN directory, up and down folders all they want with PHP... but not outside their own.

Great advice.

Yes the way it's being done is Admin can create a config file for each user and hence remove limits that he wishes to the member. All members start without the file and hence the system assumes the most strict settings.