How to Install PHP SuHosin on a cPanel/WHM Server
PHP Hardening – How to Install/Enable PHPSuHosin on a cPanel Server
PHP is a widely used server side scripting language. Hackers can easily hack your website if there is a small vulnerability in your PHP installation. It is very difficult to recover a hacked website and the hacker might have already accessed your private information stored in the server. In webhosting field security is very important. PHPSuHosin is an open source patch and PHP extension that is used to secure PHP installations from these hackers. It is actually a protection system for PHP websites hosted on the servers, it protects all websites that have insecure coding. Suhosin comes in two independent parts, the first Part is a patch for the PHP core and the second part is PHP extension that will secure PHP. You can either use both or you can use it separately.
On a cPanel Server you can install PHP suhosin using cPanel script /scripts/phpextensionmgr OR you can run easyapache to enable PHPSuHosin Protection.
How to check whether PHP Suhosin is already enabled on your cPanel/WHM Server.
Run the below command to check whether PHP suhosin is already installed on your Linux Server
root@server [~]# php -m | grep suhosin —–> PHP suhosin is installed on this cPanel Server.
PHP suhosin is not installed on the above cPanel Server. If PHP suhosin is already installed then there is no need to do the below steps.
You can also check PHP Suhosin by creating a phpinfo file under your website.
Steps to Install PHP suhosin Protection on cPanel/WHM Server
Log into your cPanel Server via SSH as root and do the below steps to install PHPSuHosin.
By default PHP suhosin will not be enabled on cPanel servers.
METHOD 1 :
Install PHP Suhosin using cPanel script “phpextensionmgr”.
This method is very easy and it will take only few seconds to Install.
Command : /scripts/phpextensionmgr install PHPSuHosin
root@server [~]# /scripts/phpextensionmgr install PHPSuHosin
Determining PHP version
PHP Api Version: 20121113
Zend Module Api No: 20121212
Zend Extension Api No: 220121212
Installing shared extensions: /usr/local/lib/php/extensions/no-debug-non-zts-20121212/
find . -name \*.gcno -o -name \*.gcda | xargs rm -f
find . -name \*.lo -o -name \*.o | xargs rm -f
find . -name \*.la -o -name \*.a | xargs rm -f
find . -name \*.so | xargs rm -f
find . -name .libs -a -type d|xargs rm -rf
rm -f libphp.la modules/* libs/*
SuHosin extension, version suhosin-0.9.38, activated for php version 5.5
Below command shows PHP Suhosin is enabled.
root@server [~]# php -m | grep suhosin
METHOD 2 :
Run easyapache on the server to enable PHP suhosin, this method will take more time compared to above.
Command to run easy apache on Linux Server : /scripts/easyapache
Under “Exhaustive Options” You can see suhosin PHP option.
You might see the warning “Are you fully aware of the implications of this option and able to administer it?. Select “ok” to continue with suhosin Installation.
You can also run Easyapache from WHM frontend.
After easyapache create a phpinfo.php file under your domain to check whether suhosin is enabled on the server.
The above PHP info file shows suhosin is enabled.