I have mod_security installed and referenced in httpd.conf.
I also have Enable Request Filtering set to Yes In LSWS.
I have CSF installed and configured with a score of 111 out of 117.
IrPr, you stated php in parallel of webserver/mod_security. If the above is true, would I be meeting that goal?
Also... you stated the malicious functions. Can you explain to me which ones I should apply, and if they go in php.ini disable_functions=blah, blah, blah?
I do have open_basedir turned off in WHM.
Safe_mode gives some errors with the bulletin boards that I run, as does suhosin.
Any other suggestions?