Hello Domenic,

Thank you for very fine tutorial, and you are absolutely right. disabling useless php functions which your script not used is a great idea to safe from unwanted shells. no matter who upload that on server.

For those who argue about php disabling function can read This and This

EDIT: i found 3 time session.save_path

1) ; As of PHP 4.0.1, you can define the path as:
;
; session.save_path = "N;/path"

2); The file storage module creates files using mode 600 by default.
; You can change that by using
;
; session.save_path = "N;MODE;/path"


3) ; where MODE is the octal representation of the mode. Note that this
; does not overwrite the process's umask.
session.save_path = "/var/lib/php/session"


can i need to change the last one ? and remove the "/var/lib/php/session" to "/var/lib/php" as you said ?

thanks advanced


EDIT2:

When i replaced disable_functions with your mentioned above. after restarting apache my board will load without the forum skin. i use IP.Board 3.1.4 .