🔒 Server Security Audit

PHP Security Configuration & Vulnerability Assessment

PHP Version Information

PHP Version: 8.4.21

OK: PHP version is current

Open Base Dir Protection

PROTECTED: open_basedir is configured

/home/t91/:/tmp/:/var/tmp/:/opt/alt/php84/usr/share/pear/:/dev/urandom:/usr/local/php84/lib/:/usr/local/php84/lib/:/usr/local/lib/php/:/var/www/omnicoder

PHP file access is restricted to the directories listed above.

Dangerous Functions Analysis

High Risk

FunctionStatus
exec()DISABLED
shell_exec()DISABLED
system()DISABLED
passthru()DISABLED
popen()DISABLED
proc_open()DISABLED
pcntl_exec()DISABLED

Medium Risk

FunctionStatus
eval()DISABLED
assert()ENABLED
create_function()DISABLED
include()DISABLED
require()DISABLED

File Operations

FunctionStatus
file_get_contents()ENABLED
file_put_contents()ENABLED
fopen()ENABLED
readfile()ENABLED
unlink()ENABLED

Information Disclosure

FunctionStatus
phpinfo()ENABLED
posix_getpwuid()DISABLED
getenv()ENABLED
get_current_user()ENABLED

Disabled Functions List

exec,system,passthru,shell_exec,proc_close,proc_open,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname
PHP Security Settings
SettingCurrent ValueRecommendedStatus
display_errors10INSECURE
expose_phpEmptyOffINSECURE
allow_url_fopen1OffINSECURE
allow_url_includeEmptyOffINSECURE
register_globalsNot SetOffINSECURE
magic_quotes_gpcNot SetOffINSECURE
session.cookie_httponlyEmpty1INSECURE
session.cookie_secure01INSECURE
session.use_strict_mode01INSECURE
File System Access Tests

Common System File Access Tests

Testing if PHP can read sensitive system files outside the user directory:


Warning: file_exists(): open_basedir restriction in effect. File(/etc/passwd) is not within the allowed path(s): (/home/t91/:/tmp/:/var/tmp/:/opt/alt/php84/usr/share/pear/:/dev/urandom:/usr/local/php84/lib/:/usr/local/php84/lib/:/usr/local/lib/php/:/var/www/omnicoder) in /home/t91/domains/surround-flash-9d7a403c-91.app.omni-coder.com/public_html/index.php on line 247
✗ /etc/passwd - File does not exist or access denied

Warning: file_exists(): open_basedir restriction in effect. File(/etc/shadow) is not within the allowed path(s): (/home/t91/:/tmp/:/var/tmp/:/opt/alt/php84/usr/share/pear/:/dev/urandom:/usr/local/php84/lib/:/usr/local/php84/lib/:/usr/local/lib/php/:/var/www/omnicoder) in /home/t91/domains/surround-flash-9d7a403c-91.app.omni-coder.com/public_html/index.php on line 247
✗ /etc/shadow - File does not exist or access denied

Warning: file_exists(): open_basedir restriction in effect. File(/etc/hosts) is not within the allowed path(s): (/home/t91/:/tmp/:/var/tmp/:/opt/alt/php84/usr/share/pear/:/dev/urandom:/usr/local/php84/lib/:/usr/local/php84/lib/:/usr/local/lib/php/:/var/www/omnicoder) in /home/t91/domains/surround-flash-9d7a403c-91.app.omni-coder.com/public_html/index.php on line 247
✗ /etc/hosts - File does not exist or access denied

Warning: file_exists(): open_basedir restriction in effect. File(/etc/apache2/apache2.conf) is not within the allowed path(s): (/home/t91/:/tmp/:/var/tmp/:/opt/alt/php84/usr/share/pear/:/dev/urandom:/usr/local/php84/lib/:/usr/local/php84/lib/:/usr/local/lib/php/:/var/www/omnicoder) in /home/t91/domains/surround-flash-9d7a403c-91.app.omni-coder.com/public_html/index.php on line 247
✗ /etc/apache2/apache2.conf - File does not exist or access denied

Warning: file_exists(): open_basedir restriction in effect. File(/etc/nginx/nginx.conf) is not within the allowed path(s): (/home/t91/:/tmp/:/var/tmp/:/opt/alt/php84/usr/share/pear/:/dev/urandom:/usr/local/php84/lib/:/usr/local/php84/lib/:/usr/local/lib/php/:/var/www/omnicoder) in /home/t91/domains/surround-flash-9d7a403c-91.app.omni-coder.com/public_html/index.php on line 247
✗ /etc/nginx/nginx.conf - File does not exist or access denied

Warning: file_exists(): open_basedir restriction in effect. File(/etc/my.cnf) is not within the allowed path(s): (/home/t91/:/tmp/:/var/tmp/:/opt/alt/php84/usr/share/pear/:/dev/urandom:/usr/local/php84/lib/:/usr/local/php84/lib/:/usr/local/lib/php/:/var/www/omnicoder) in /home/t91/domains/surround-flash-9d7a403c-91.app.omni-coder.com/public_html/index.php on line 247
✗ /etc/my.cnf - File does not exist or access denied

Warning: file_exists(): open_basedir restriction in effect. File(/etc/mysql/my.cnf) is not within the allowed path(s): (/home/t91/:/tmp/:/var/tmp/:/opt/alt/php84/usr/share/pear/:/dev/urandom:/usr/local/php84/lib/:/usr/local/php84/lib/:/usr/local/lib/php/:/var/www/omnicoder) in /home/t91/domains/surround-flash-9d7a403c-91.app.omni-coder.com/public_html/index.php on line 247
✗ /etc/mysql/my.cnf - File does not exist or access denied

Warning: file_exists(): open_basedir restriction in effect. File(/var/log/apache2/error.log) is not within the allowed path(s): (/home/t91/:/tmp/:/var/tmp/:/opt/alt/php84/usr/share/pear/:/dev/urandom:/usr/local/php84/lib/:/usr/local/php84/lib/:/usr/local/lib/php/:/var/www/omnicoder) in /home/t91/domains/surround-flash-9d7a403c-91.app.omni-coder.com/public_html/index.php on line 247
✗ /var/log/apache2/error.log - File does not exist or access denied

Warning: file_exists(): open_basedir restriction in effect. File(/var/log/nginx/error.log) is not within the allowed path(s): (/home/t91/:/tmp/:/var/tmp/:/opt/alt/php84/usr/share/pear/:/dev/urandom:/usr/local/php84/lib/:/usr/local/php84/lib/:/usr/local/lib/php/:/var/www/omnicoder) in /home/t91/domains/surround-flash-9d7a403c-91.app.omni-coder.com/public_html/index.php on line 247
✗ /var/log/nginx/error.log - File does not exist or access denied

Warning: file_exists(): open_basedir restriction in effect. File(/proc/version) is not within the allowed path(s): (/home/t91/:/tmp/:/var/tmp/:/opt/alt/php84/usr/share/pear/:/dev/urandom:/usr/local/php84/lib/:/usr/local/php84/lib/:/usr/local/lib/php/:/var/www/omnicoder) in /home/t91/domains/surround-flash-9d7a403c-91.app.omni-coder.com/public_html/index.php on line 247
✗ /proc/version - File does not exist or access denied

Warning: file_exists(): open_basedir restriction in effect. File(/root/.bash_history) is not within the allowed path(s): (/home/t91/:/tmp/:/var/tmp/:/opt/alt/php84/usr/share/pear/:/dev/urandom:/usr/local/php84/lib/:/usr/local/php84/lib/:/usr/local/lib/php/:/var/www/omnicoder) in /home/t91/domains/surround-flash-9d7a403c-91.app.omni-coder.com/public_html/index.php on line 247
✗ /root/.bash_history - File does not exist or access denied

Warning: file_exists(): open_basedir restriction in effect. File(/home) is not within the allowed path(s): (/home/t91/:/tmp/:/var/tmp/:/opt/alt/php84/usr/share/pear/:/dev/urandom:/usr/local/php84/lib/:/usr/local/php84/lib/:/usr/local/lib/php/:/var/www/omnicoder) in /home/t91/domains/surround-flash-9d7a403c-91.app.omni-coder.com/public_html/index.php on line 247
✗ /home - File does not exist or access denied

Write Access Tests

Testing if PHP can write to directories outside the user directory:

✓ /tmp - Directory is writable
✓ /var/tmp - Directory is writable

Warning: is_writable(): open_basedir restriction in effect. File(/var/www) is not within the allowed path(s): (/home/t91/:/tmp/:/var/tmp/:/opt/alt/php84/usr/share/pear/:/dev/urandom:/usr/local/php84/lib/:/usr/local/php84/lib/:/usr/local/lib/php/:/var/www/omnicoder) in /home/t91/domains/surround-flash-9d7a403c-91.app.omni-coder.com/public_html/index.php on line 258
✗ /var/www - Directory is not writable

Warning: is_writable(): open_basedir restriction in effect. File(/etc) is not within the allowed path(s): (/home/t91/:/tmp/:/var/tmp/:/opt/alt/php84/usr/share/pear/:/dev/urandom:/usr/local/php84/lib/:/usr/local/php84/lib/:/usr/local/lib/php/:/var/www/omnicoder) in /home/t91/domains/surround-flash-9d7a403c-91.app.omni-coder.com/public_html/index.php on line 258
✗ /etc - Directory is not writable

Warning: is_writable(): open_basedir restriction in effect. File(/root) is not within the allowed path(s): (/home/t91/:/tmp/:/var/tmp/:/opt/alt/php84/usr/share/pear/:/dev/urandom:/usr/local/php84/lib/:/usr/local/php84/lib/:/usr/local/lib/php/:/var/www/omnicoder) in /home/t91/domains/surround-flash-9d7a403c-91.app.omni-coder.com/public_html/index.php on line 258
✗ /root - Directory is not writable

Directory Listing Tests - /tmp and /var/tmp

Attempting to list files in temporary directories:

/tmp

✓ Directory is accessible and readable

Files found: 347
[FILE] (10 bytes) [R-] .webcron.lock [FILE] (58 bytes) [--] adminer.invalid [FILE] (84 bytes) [--] adminer.invalid-04d67275633821a3a1a13f1a978ca2c2 [FILE] (84 bytes) [--] adminer.invalid-1e1d1bce4a463f4dd1969cba7f47d608 [FILE] (58 bytes) [--] adminer.invalid-23520778e78dd695503af721bf76fb4b [FILE] (82 bytes) [--] adminer.invalid-65c0025d56676afc7727abee247b1c10 [FILE] (59 bytes) [--] adminer.invalid-768b8abc4c65b6e7bd76451b2b24da3c [FILE] (82 bytes) [--] adminer.invalid-b0d256780503e394cce5b5381d031b71 [FILE] (84 bytes) [--] adminer.invalid-bd2eeb32226c643b71c209052b236443 [FILE] (59 bytes) [--] adminer.invalid-cc4812810f32e6f039a44fd067ffa4e2 [FILE] (58 bytes) [--] adminer.invalid-cce289be06b1d1fd88231581bfd84b93 [FILE] (59 bytes) [--] adminer.invalid-db0c2b82dcce5bd5ccd95c3f8e91cd89 [DIR] [R-] ap_sessions [FILE] (7 bytes) [R-] bx_lock_polling [FILE] (675 bytes) [R-] cg_7f10e03a80197c8ccfda197fb93a48d6.json [FILE] (6,950 bytes) [R-] cg_a04ca4198fc8f0c6c83efbcf414d6f36.json [FILE] (13,578 bytes) [R-] cg_d95c10b879361383d182ecdc15e07841.json [FILE] (122 bytes) [R-] enc_wallet_cache.json [DIR] [R-] iropnetplus_full_1780902717 [FILE] (30 bytes) [R-] leadgen_rate_8e16d84d103cc187591ee483a87f9ccb [FILE] (0 bytes) [--] qr2p0qdrg9nba26GQHxM9 [FILE] (0 bytes) [--] qr5vopcda9qpr4f3AqzcO [FILE] (0 bytes) [--] qr8j3pee103r2842QC560 [FILE] (0 bytes) [--] qrd6rvj6seh8av0JlxqAS [FILE] (0 bytes) [--] qrdio3eqfiqmb15wRWXPD [FILE] (0 bytes) [--] qrf49o6ukeeheec0sDexm [FILE] (0 bytes) [--] qrhr6e6okqt2et6DqcVNS [FILE] (0 bytes) [--] qrninu39dsgc45d4YoOVV [FILE] (0 bytes) [--] qrqlmichbmq1v37g8VuKH [FILE] (0 bytes) [--] qrqlsbqd234tn4bxzVeZQ [FILE] (0 bytes) [--] qru32nik6dsdos4dfYe2N [FILE] (0 bytes) [--] qrv7to2dodj7lbfOqgDAo [FILE] (0 bytes) [--] qrvp3f4cvurlj12VHT9Qs [FILE] (27 bytes) [R-] rate_12cec904a8f51cfb4de0a5662d3051ba [FILE] (27 bytes) [R-] rate_559638f9376b11e16d452870956363e2 [FILE] (27 bytes) [R-] rate_9fa356117fda21bc3b1edd6abfcd4cef [FILE] (159 bytes) [R-] router_debug.log [DIR] [R-] school_sessions_d676bd4f2c8fb4be2cc7079dcc4395cc [FILE] (0 bytes) [--] sess_00c46e994c9944ac715723b3fb98c77e [FILE] (0 bytes) [--] sess_01fe2bd66a84759eee42b031ae7b0eb6 [FILE] (0 bytes) [--] sess_02fa95f093e9227fac8f79a46ff99722 [FILE] (0 bytes) [--] sess_053dd82daad975db82d58b32d51ed368 [FILE] (0 bytes) [--] sess_061614010bb1ce9078d5f160b6b4d439 [FILE] (0 bytes) [--] sess_07a4f691a137d2c4078becc28533399c [FILE] (0 bytes) [--] sess_07ff2b71853d3ef21340493b55b2cdac [FILE] (0 bytes) [--] sess_08574a8c143d81b8f80832dcda7db2d1 [FILE] (0 bytes) [--] sess_08fb2810339b9b087fbc41eac15041b8 [FILE] (0 bytes) [--] sess_0904e217513b0309454231665ce574c9 [FILE] (0 bytes) [--] sess_091a642c71ac86b57503dffcf66fe427 [FILE] (0 bytes) [--] sess_09849ae1c9feab562763e84b36d0b330 ... and 295 more files (limited to first 50)
Attempting to Read Files in /tmp
✓ Successfully read: .webcron.lock (10 bytes read)
Preview: 1781981959
✗ Cannot read: adminer.invalid (Permission denied)
✗ Cannot read: adminer.invalid-04d67275633821a3a1a13f1a978ca2c2 (Permission denied)
✗ Cannot read: adminer.invalid-1e1d1bce4a463f4dd1969cba7f47d608 (Permission denied)
✗ Cannot read: adminer.invalid-23520778e78dd695503af721bf76fb4b (Permission denied)
✗ Cannot read: adminer.invalid-65c0025d56676afc7727abee247b1c10 (Permission denied)
✗ Cannot read: adminer.invalid-768b8abc4c65b6e7bd76451b2b24da3c (Permission denied)
✗ Cannot read: adminer.invalid-b0d256780503e394cce5b5381d031b71 (Permission denied)
✗ Cannot read: adminer.invalid-bd2eeb32226c643b71c209052b236443 (Permission denied)
✗ Cannot read: adminer.invalid-cc4812810f32e6f039a44fd067ffa4e2 (Permission denied)

Summary: Successfully read 1 out of 10 tested files


/var/tmp

✓ Directory is accessible and readable

Files found: 2
Attempting to Read Files in /var/tmp

Current Directory Information

Current Working Directory: /home/t91/domains/surround-flash-9d7a403c-91.app.omni-coder.com/public_html Document Root: /home/t91/domains/surround-flash-9d7a403c-91.app.omni-coder.com/public_html Script Filename: /home/t91/domains/surround-flash-9d7a403c-91.app.omni-coder.com/public_html/index.php Current User: root User ID: 0 Group ID: 0
Server Information
ParameterValue
Server SoftwareApache/2
Server Namesurround-flash-9d7a403c-91.app.omni-coder.com
Server ProtocolHTTP/1.1
PHP SAPIfpm-fcgi
Operating SystemLinux
Server Adminwebmaster@surround-flash-9d7a403c-91.app.omni-coder.com
Document Root/home/t91/domains/surround-flash-9d7a403c-91.app.omni-coder.com/public_html
Loaded PHP Extensions
• Core
• FFI
• PDO
• Phar
• Reflection
• SPL
• SimpleXML
• bcmath
• calendar
• cgi-fcgi
• ctype
• curl
• date
• dom
• exif
• fileinfo
• filter
• ftp
• gd
• gettext
• hash
• iconv
• intl
• json
• libxml
• mbstring
• mysqli
• mysqlnd
• openssl
• pcre
• pdo_mysql
• pdo_sqlite
• posix
• random
• session
• shmop
• soap
• sockets
• sodium
• sqlite3
• standard
• sysvmsg
• sysvsem
• sysvshm
• tokenizer
• xml
• xmlreader
• xmlwriter
• xsl
• zip
• zlib
Security Summary

Security issues detected

Error Display Enabled

Errors are displayed to users, which may leak sensitive information.