This topic contains 6 replies, has 2 voices. Last updated by Yolanda O’Bannon 3 years, 9 months ago.
Topic Author | Topic |
---|---|
Posted: Sunday Mar 24th, 2013 at 5:48 pm #45601 | |
Hello, I’m a shared hosting LAMP administrator working on an s2member implementation. We are running suhoson with restrictions on the eval() construct and related functions restricted in php.ini. Up to now in the wordpress site build we have had no problem getting along without these very dangerous functions. However we have experienced some problems with s2member requiring to use this coding style: Is there any way to turn off the features that depend on eval()? Is there a patch to apply to the module to remove the dependency on eval()? I have seen the problem affecting the login sequence, the General Options page, and the Download Options page of the s2member admin screens. Having experienced first-hand what RATs (PHP rootkits) can do to your site and the ensuing fallout, I do not wish do remove the suhosin layer in order to run s2member. We have other layers of security, ownership and source control, but suhosin layer remains very important in shared hosting environment (the whole point of running suhosin was to remove the attraction of the site to botnets and spammers). Thanks and Best Regards, |