184.108.40.206. Cloudflare have an article on how to do this.
You can disable ionCube24 on the ionCube Loader by setting the entry
ic24.enable = 0
This will disable ionCube24, while leaving the ionCube Loader intact. Should you wish to uninstall the ionCube Loader, you
can remove the relevant
zend_extension entry pointing to your ionCube Loader files from your
as well as remove any ionCube Loader files from your system.
If your domain is reachable under any name other than the ones you have configured, you should enable Domain Wildcard Protection on one of the domains for your server. This will ensure that all domains on the server are protected, including those not configured in the interface. This will also protect if a domain is accessed by a fake name. As this setting will protect all domains on your server, it is best to ensure that all domains have been configured accordingly.
If your plan does not include Domain Wildcard Protection, it is recommended to ensure that your domain is reachable only by the names you have configured in ionCube24. Furthermore, your domain should not be the default domain on your server, (i.e., your webpage should not be reachable through the IP address of the server), as this may allow your site to be reached using an unprotected domain name.
If you have problems setting up your system, please contact us so we can assist.
There are several mechanisms for this.
ic24.sec.approve_included_filesentry in your
php.inifile is set to 1, files that are used by other files (i.e. included) will be automatically trusted. Dynamically created files such as cache files are likely to be used by other PHP files rather than accessed directly, and this setting can be useful to permission these. Though this setting is very permissive, files created by exploiting a vulnerability are most likely to be accessed directly by an attacker rather than by another file, and so will still be blocked. Any uploaded files processed using the PHP function
move_uploaded_file()are also automatically blocked if the entry
ic24.sec.block_uploaded_filesis set to 1 in your
php.inifile (this is the default behaviour if unset).
php.inito automatically trust entire directories. For example, if you wanted to trust the directory
'/var/cache'then simply set this setting to
'/var/cache'. If you wanted to trust multiple directories, you can use ':' as a seperator (i.e.
'/var/cache:/var/other'). Finally, you can prefix directories with a '+' or a '-' which either includes the directory or excludes it which might be useful for automatically trusting an entire directory except a certain sub directory. This can be doing via the following:
Changes are likely to be blocked because they will be unexpected, and your site is protected precisely because ionCube24 does block unexpected changes.
Before updating files, our recommended approach is first to set the Trustpoint a little way into the future, and then update the files on your website; this works because files seen as changed before the Trustpoint time should be permitted to run. Once updated, you can set the Trustpoint to the current time so there is no window of opportunity for an attacker.
If you have set
ic24.sec.approve_included_files to 1 and if the changed files are only used by other files,
updated and new files should not be blocked.
Another option is to have certain directories of the site automatically trusted with the
setting, who's usage is detailed in the section 'How do I allow trusted Website Files'.
The exclusion key can also be used to indicate that a file should be trusted. Last, you can add sets of files to be trusted via the web interface.
PHP has several error levels. These include non-critical Notices that may be due to poor coding, Warnings of operations that failed but that did not stop the request, and Errors that caused a request to fail and usually giving a blank page. PHP can also warn when a program uses Deprecated features that are going to be removed from PHP in the future, and cases where code did not follow Strict usage guidelines.
A well coded website should produce no errors at all, however many websites will produce errors, with Notices being the most common. As they are not fatal errors, they will not prevent the site from working, however in some cases Notices can be an indication of bugs. If these occur in your own code, you should aim to resolve them.
Yes. Use the Site Error Reporting > Global Settings feature to select types of errors to ignore. Note that this will take effect for all domains across all servers.
You can also ignore errors with a setting in the
php.ini file. Suppose you want to ignore
Notice level notifications. Add the following setting to
Error types can also be combined as in the following examples: