Server configurations of shared web hosting services
The following information has been collated by heise Security in August 2007, with the exception of Plus Net which was tested in December 2007.
Package | 1&1 Homepage Perfect | all-inkl Privat | Plus Net hosting | Server4u Racer | Strato Powerweb A | secured root server1 |
Apache version | 1.3.33 | 2.x2 | unknown2 | 2.0.48 | 1.3.31 | 2.2.3 |
PHP version | 4.4.7 | 4.4.6 | 4.3.10 | 4.4.6 | 4.4.7 | 5.2.0 |
Server interface | CGI / suexec | mod_php | CGI / suexec | mod_php | CGI / suexec | CGI / suphp |
Suhosin extension | no | yes | no | no | no | yes |
PHP privileges | user | server | user | server | user | user |
Individual file GID | no | yes | no | no | no | yes |
AuthConfig via .htaccess | yes | yes | yes | yes | yes | yes |
HTTP-Auth via PHP | no | yes | no | yes | no | yes |
PHP-Config via .htaccess | no | yes | no | yes | no | no |
own php.ini | yes | no | yes | no | yes | yes |
required file access privileges | user | all | user | all | user | user |
PHP defaults | ||||||
allow_url_fopen | on | on | on | on | on | off |
disable_functions | no | exec system passthru shell_exec popen escapeshellcmd proc_open proc_nice ini_restore | no | passthru proc_close proc_get_status proc_nice proc_open proc_terminate shell_exec system apache_note apache_setenv closelog debugger_off debugger_on define_syslog_variables openlog syslog popen pclose ini_restore | no | exec system passthru shell_exec popen escapeshellcmd proc_open proc_nice ini_restore |
display_errors | on | on | on | off | on | off |
open_basedir | no | web home, /tmp, binary directories | no | web home | no | web home |
register_globals | on | on | on | on | on | off |
safe_mode | off | on | off | off | off | on |
1 only intended as an example for a particularly stringent configuration, Debian-Etch base system2 exact version could not be determined |