Getting hacked is one of the most frustrating things that can happen to a webmaster. The idiotic kids that perform most of these hacks have no guilt for the harm and suffering that they cause the people they attack. Unfortunately, there is no sure-fire way to prevent all attacks, but there are some things you can do to make it tougher for the script kiddies to get a hold of your system. A good place to start is keeping your MySQL and PHP installations up to date. After that there are several settings in your /etc/php.ini file that you will want to consider.
Register Globals:
Setting this to "On" is not insecure in and of itself. Poorly written code, however, can make this a serious security threat. This setting makes variables global which can open the door to injection attacks. As of PHP 4.2.0 this directive is set to Off by default.
register_globals = Off
Safe Mode:
You must consider this setting carefully. Although it can prevent some attacks when set to On, many scripts simply won't run including popular applications like PHPBB.
safe_mode = Off
Disable Functions:
Disabling functions can prevent a hacker from gaining access to your server and/or limit the amount of damage they can do if they do get access. Keep in mind, as with all of these settings that there is a possibility that you may have software that no longer works after configuring these. In those cases, you will either need a programmer to modify the software to work without the functions you have disabled, or avoid disabling a function that causes the software not to work. Below is a sample list of good functions to disable.
File Uploads:
If you have no reason for your visitors to upload files to your server via HTTP such with a photo gallery, then this directive should be turned off.
file_uploads = Off
After making any changes to your php.ini file, make sure you restart Apache for them to take effect.
