2

I'm a bit confused about what to do : Should I put PHP safe mode on even though it does break some websites code?

I have had several joomla websites hacked, but I'm not sure why, maybe it is safemode. I'm still investigation that...

Is safe mode only for debugging, and so it doesn't really matter that much for security right?

This feature has been DEPRECATED as of PHP 5.3.0. Relying on this feature is highly discouraged.

Cf: http://www.php.net/manual/en/ini.sect.safe-mode.php

I have PHP v 5.2.14, apache, CentOS and cpanel.

Thanks a bunch :)

Zenet
  • 878
  • 4
  • 10
  • 14

2 Answers2

2

It shouldn't break any of your sites persay, unless you are attempting to do something that is forbidden in "safe mode". Which I can't see joomla breaking. Safe mode is just a way to prevent a multi-user system running PHP from each of the user's doing evil stuff to each other using PHP scripts (ie file writes, file reads). I don't know why they are removing it, perhaps someone else can fill in that blank?

However, a question to you is:
Are you keeping up with the latest patches for your joomla installs?

Natalie Adams
  • 745
  • 1
  • 6
  • 15
  • Thanks Nathan, I've had a couple sites hacked and I updated every website to the latest version 1.5.21 I thought it was over and that I was safe, but no! Yesterday my joomla website was hacked and so I started to think that maybe it is something else... I'm looking through the logs right now, trying to figure out how the hacker did it, but no clue yet :( – Zenet Nov 06 '10 at 17:24
  • 1
    Are you sure your configuration is correct for Joomla? I believe there are a number of ways that it can be compromised if you don't take great care with the security. Are you certain users can only write to the correct locations on the disk? Do you know that your webserver will not execute code at those locations? Joomla will prevent some of this, but definitely not all of it. – Paul McMillan Nov 06 '10 at 17:52
  • @samantha Perhaps you could post links to your log files and we look at them? There might be something that jumps out to us that doesn't to you. – Natalie Adams Nov 07 '10 at 21:16
2

Joomla's take on Safe mode: Why shouldn't you use PHP safe mode? (in short, it will usually work OK, apart from the initial install, but safe mode isn't the best idea in the first place)

It doesn't quite solve the problem, and it's also fairly easy to get around. There are better ways to slve the problems, so it's being depreciated.

Alister Bulman
  • 1,624
  • 13
  • 13