Hacking SecurityLinuxMac OsTools HackingWindows

Suhosin Security PHP

install Suhosin

Suhosin Security PHP


Suhosin (pronounced “su-ho-shin”) is an advanced protection system for PHP installations. It is designed to protect servers and users from known and unknown errors in PHP applications and the PHP kernel.

Suhosin is available in two independent parts, which can be used individually or in combination. The first part is a small patch against the PHP kernel that implements low level protection against buffer overflows or format string vulnerabilities, and the second part is a powerful PHP extension that implements many other protections.

Installing Suhosin :


nstall the packages required to build the Suhosin extension.

sudo apt-get -y install gcc make autoconf libc-dev pkg-config

Next, run the following commands on your server:

git clone https://github.com/sektioneins/suhosin7
cd suhosin7
PATH=/opt/sp/php7.X/bin:$PATH ./configure
sudo make install
sudo bash -c "echo extension=suhosin.so > /etc/php7.X-sp/conf.d/suhosin.ini"
sudo service php7.X-fpm-sp restart


Verifying the Installation

phpX.Y-sp -i | grep suhosin

You should see the following output:

suhosin.apc_bug_workaround => Off => Off
suhosin.cookie.checkraddr => 0 => 0
suhosin.cookie.cryptdocroot => On => On
suhosin.cookie.cryptkey => [ protected ] => [ protected ]
suhosin.cookie.cryptlist => no value => no value
suhosin.cookie.cryptraddr => 0 => 0
suhosin.cookie.cryptua => On => On
suhosin.cookie.disallow_nul => 1 => 1
suhosin.cookie.disallow_ws => 1 => 1
suhosin.cookie.encrypt => Off => Off


To find out more information about suhosin patch create the following file under your web server root directory. For example, (/var/www/html/).

# vi phpinfo.php

Add the following lines to it.


     phpinfo ();


Source Suhosin


GoScan Interactive Network Scanner

Anti-DDOS – Anti DDOS Bash Script


Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button