I need to know how to stop bypassing the php security when some attacker upload a script (php) using some bypass functions such as posix_getpwuid and symlink, i try to use this scriptshell, upload it to my server and run it, it's bypass the security and the attacker can read files, the shell work when you run ( read your file using symlink or read etc using posix* etc function, the shell creat a .htaccess in your public_html or in your location in the server, so the .htaccess content

<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
SecFilterCheckURLEncoding Off
SecFilterCheckUnicodeEncoding Off
if you try this rules in your server, i think you could read and make anyfile you need, after that the script make this htaccess, he used the functions as i said before and read the file you want2, so i try to disable these functions in my server by adding them in my php.ini, restarting the apache, same thing!

i beleave we need to disable these function in somewere else php.ini / or with !

if anyone could help me/us in this advice..

Thanks alot