Securing Hostbill

[razhaq]

Dears,
I would like to make my hostbill box secure and I have applied the setting given in Wiki. I would like to disabled all php functions which are not related to Hostbill.

Also when I changed the directory path for downloads and attachments, I am getting the Error for cron which shows
"Critical! Your downloads/index.php file is missing. Your HostBill is not secure
Critical! Your templates_c/index.php file is missing. Your HostBill is not secure
Critical! Your attachments/index.php file is missing. Your HostBill is not secure"

Can anybody help me out here pls.

Thanks & Regards,
Razhaq

[rharrison]

Razhaq,

For php functions either edit the master php.ini or copy it to the directory with hostbill.

Look for and modify the following to your needs:

; This directive allows you to disable certain functions for security reasons.
; It receives a comma-delimited list of function names. This directive is
; *NOT* affected by whether Safe Mode is turned On or Off.
; disable_functions = "system, show_source, symlink, dl, shell_exec, passthru, escapeshellarg, escapeshellcmd"

Can't really help with the directory path issue, maybe try checking folder permissions are 755, and files 644 - if not chmod?

[razhaq]

As mention in the hostbill wiki http://wiki.hostbillapp.com/index.php?title=Additional_security_steps for extra security. Can we do this?

[Ketan]

Why on earth would you disable escapeshellcmd? All it does is escape input, not execute it. It would be like disabling mysql_real_escape_string - there's no point