Article ID: 116855, created on Aug 21, 2013, last review on Aug 25, 2016

  • Applies to:
  • Plesk 12.5 for Linux
  • Plesk 12.0 for Linux
  • Plesk 11.0 for Linux
  • Plesk 11.5 for Linux
  • Plesk 10.4 for Linux/Unix


PHP shell script was uploaded under home directory of subscription.

How to prevent filesystem browsing with php shell scripts?


You can disable shell_exec and other functions in PHP by using the disable_functions directive:

  1. Login to Plesk and check PHP settings:

    Plesk > Domains > > Website Scripting and Security > PHP settings 
  2. Add the following line under Additional configuration directives

    disable_functions =exec,shell_exec,proc_open,popen,curl_exec,show_source
  3. Also correct disable_functions in server php.ini file /etc/php.ini.

    Check PHP documentation if you need more disabled functions.

Search Words




php shell

perl cgi

run webshell on plesk

cgi scripts

e0aff7830fa22f92062ee4db78133079 56797cefb1efc9130f7c48a7d1db0f0c a914db3fdc7a53ddcfd1b2db8f5a1b9c aea4cd7bfd353ad7a1341a257ad4724a 29d1e90fd304f01e6420fbe60f66f838 0a53c5a9ca65a74d37ef5c5eaeb55d7f 01bc4c8cf5b7f01f815a7ada004154a2 caea8340e2d186a540518d08602aa065 742559b1631652fadd74764ae8be475e e335d9adf7edffca6a8af8039031a4c7 2a5151f57629129e26ff206d171fbb5f e8756e9388aeca36710ac39e739b2b37 dd0611b6086474193d9bf78e2b293040

Email subscription for changes to this article
Save as PDF