How to Install Suhosin on cPanel

Joomla, WordPress, Drupal and other popular web apps are the most common target of web attacks these days, and not everybody is updating this apps as they should to keep their websites safe from vulnerabilities. Suhosin doesn’t update your app code (that’s your responsibility) but it will add another great layer of protection against common attacks for the PHP code your apps run.

How can I install Suhosin on cPanel in order to protect my websites?

On cPanel servers the installation is pretty easy, just run this command and it will do it all for you:

/scripts/phpextensionmgr install PHPSuHosin

Verify Suhosin installation by typig the following command:

php -v

If you see:

"with Suhosin v0.9.xx, Copyright (c) 2007-2014, by SektionEins GmbH"

Then it’s ready.

Full output example:

[[email protected]:~]php -v
PHP 5.5.29 (cli) (built: Sep 24 2015 13:47:53) 
Copyright (c) 1997-2015 The PHP Group
Zend Engine v2.5.0, Copyright (c) 1998-2015 Zend Technologies
    with the ionCube PHP Loader v4.7.5, Copyright (c) 2002-2014, by ionCube Ltd.
    with Suhosin v0.9.36, Copyright (c) 2007-2014, by SektionEins GmbH

You can find more information by running php -i:

php -i | grep suhosin -i

Full output example:

[[email protected]:~]php -i | grep suhosin -i
    with Suhosin v0.9.36, Copyright (c) 2007-2014, by SektionEins GmbH
suhosin
This server is protected with the Suhosin Extension 0.9.36
suhosin.apc_bug_workaround => Off => Off
suhosin.cookie.checkraddr => 0 => 0
suhosin.cookie.cryptdocroot => On => On
suhosin.cookie.cryptkey => [ protected ] => [ protected ]
suhosin.cookie.cryptlist => no value => no value
suhosin.cookie.cryptraddr => 0 => 0
suhosin.cookie.cryptua => On => On
suhosin.cookie.disallow_nul => 1 => 1
suhosin.cookie.disallow_ws => 1 => 1
suhosin.cookie.encrypt => Off => Off
suhosin.cookie.max_array_depth => 50 => 50
suhosin.cookie.max_array_index_length => 64 => 64
suhosin.cookie.max_name_length => 64 => 64
suhosin.cookie.max_totalname_length => 256 => 256
suhosin.cookie.max_value_length => 10000 => 10000
suhosin.cookie.max_vars => 100 => 100
suhosin.cookie.plainlist => no value => no value
suhosin.coredump => Off => Off
suhosin.disable.display_errors => Off => Off
suhosin.executor.allow_symlink => Off => Off
suhosin.executor.disable_emodifier => Off => Off
suhosin.executor.disable_eval => Off => Off
suhosin.executor.eval.blacklist => no value => no value
suhosin.executor.eval.whitelist => no value => no value
suhosin.executor.func.blacklist => no value => no value
suhosin.executor.func.whitelist => no value => no value
suhosin.executor.include.allow_writable_files => On => On
suhosin.executor.include.blacklist => no value => no value
suhosin.executor.include.max_traversal => 0 => 0
suhosin.executor.include.whitelist => no value => no value
suhosin.executor.max_depth => 0 => 0
suhosin.filter.action => no value => no value
suhosin.get.disallow_nul => 1 => 1
suhosin.get.disallow_ws => 0 => 0
suhosin.get.max_array_depth => 50 => 50
suhosin.get.max_array_index_length => 64 => 64
suhosin.get.max_name_length => 64 => 64
suhosin.get.max_totalname_length => 256 => 256
suhosin.get.max_value_length => 512 => 512
suhosin.get.max_vars => 100 => 100
suhosin.log.file => 0 => 0
suhosin.log.file.name => no value => no value
suhosin.log.phpscript => 0 => 0
suhosin.log.phpscript.is_safe => Off => Off
suhosin.log.phpscript.name => no value => no value
suhosin.log.sapi => 0 => 0
suhosin.log.script => 0 => 0
suhosin.log.script.name => no value => no value
suhosin.log.stdout => 0 => 0
suhosin.log.syslog => no value => no value
suhosin.log.syslog.facility => no value => no value
suhosin.log.syslog.priority => no value => no value
suhosin.log.use-x-forwarded-for => Off => Off
suhosin.mail.protect => 0 => 0
suhosin.memory_limit => 0 => 0
suhosin.mt_srand.ignore => On => On
suhosin.multiheader => Off => Off
suhosin.perdir => 0 => 0
suhosin.post.disallow_nul => 1 => 1
suhosin.post.disallow_ws => 0 => 0
suhosin.post.max_array_depth => 50 => 50
suhosin.post.max_array_index_length => 64 => 64
suhosin.post.max_name_length => 64 => 64
suhosin.post.max_totalname_length => 256 => 256
suhosin.post.max_value_length => 1000000 => 1000000
suhosin.post.max_vars => 1000 => 1000
suhosin.protectkey => On => On
suhosin.rand.reseed_every_request => Off => Off
suhosin.rand.seedingkey => [ protected ] => [ protected ]
suhosin.request.disallow_nul => 1 => 1
suhosin.request.disallow_ws => 0 => 0
suhosin.request.max_array_depth => 50 => 50
suhosin.request.max_array_index_length => 64 => 64
suhosin.request.max_totalname_length => 256 => 256
suhosin.request.max_value_length => 1000000 => 1000000
suhosin.request.max_varname_length => 64 => 64
suhosin.request.max_vars => 1000 => 1000
suhosin.server.encode => On => On
suhosin.server.strip => On => On
suhosin.session.checkraddr => 0 => 0
suhosin.session.cryptdocroot => On => On
suhosin.session.cryptkey => [ protected ] => [ protected ]
suhosin.session.cryptraddr => 0 => 0
suhosin.session.cryptua => Off => Off
suhosin.session.encrypt => On => On
suhosin.session.max_id_length => 128 => 128
suhosin.simulation => Off => Off
suhosin.sql.bailout_on_error => Off => Off
suhosin.sql.comment => 0 => 0
suhosin.sql.multiselect => 0 => 0
suhosin.sql.opencomment => 0 => 0
suhosin.sql.union => 0 => 0
suhosin.sql.user_postfix => no value => no value
suhosin.sql.user_prefix => no value => no value
suhosin.srand.ignore => On => On
suhosin.stealth => On => On
suhosin.upload.disallow_binary => 0 => 0
suhosin.upload.disallow_elf => 1 => 1
suhosin.upload.max_uploads => 25 => 25
suhosin.upload.remove_binary => 0 => 0
suhosin.upload.verification_script => no value => no value

After following this steps, you should be able to install Suhosin on cPanel without any problems. Please let us know if you have any errors or questions. Read more about Suhosin from the official Suhosin project page.

About the Author: Esteban Borges

Experienced Sr. Linux SysAdmin and Web Technologist, passionate about building tools, automating processes, fixing server issues, troubleshooting, securing and optimizing high traffic websites.

Leave a Reply

Your email address will not be published. Required fields are marked *