How can I forbid PHP to access other folders?
I am using GoDaddy shared Linux hosting and I hosted multiple domains with the same machine. Last week, one of my WordPress sites was infected with malware. Then this worm code spread to my all domains instantly.
How can I forbi开发者_开发问答d to access other domains (folders) from a domain (folder)? Perhaps I can put something in my php.ini
?
I think your only chance to do that on shared hosting is the open_basedir
setting.
In each web root, create a .htaccess
file containing the following:
php_admin_value open_basedir /path/to/current/web/site
if this works, every fopen()
, include()
etc. access outside /path/to/current/web/site
should fail with an error message.
It can be that your provider has disabled this possibility - if they have, it'll be silently ignored. It could also be that an open_basedir
has already been set centrally for all your sites. That setting could be inherited, rendering any further settings moot. You'll have to try out.
I'd contact the godaddy support and inquire about using htaccess to restrict access.
- http://www.yorku.ca/computng/students/webpages/central_web/htaccess.html
精彩评论