Knowledgebase

Knowledgebase

Portal Home > Knowledgebase > Articles Database > Securing shared Apache2 + PHP server


Securing shared Apache2 + PHP server




Posted by jacobp85, 01-24-2012, 05:58 PM
We want to setup a shared webserver running Apache2 and PHP5. Our need is to host some PHP apps like Wordpress, Zend framework applications... Some of the sites may be controlled by external developers, so we need the security to be high. We will like to run with php safemode = Off, because of the problems running ie. wordpress in safe mode. How do we secure the access/permissions from the php-application to rest of the server? (How to secure that PHP-cade, can't access webserver config-files, logs etc.) How do we secure the access/permissions between two sites? (How to secure that one site can't access files/data from another site) We have considered taking advantage of the mpm-itk combined with open_basedir, but is it enough? Is there a suggestion for the access rights on the servers filesystem? What about disabling some functions like system(), exec() etc.? How to limit the access to only the vhost's own files? I hope some one would make a recipe for the best/most secure solution. Thanks in advance /Jacob
Posted by prashant1979, 01-25-2012, 02:33 AM
Is it going to be a Cpanel server? The best way is to install CSF in the server and check the server security from CSF and implement the suggestions given by CSF.
Posted by DewlanceHosting, 01-25-2012, 05:09 AM
Install cPanel, CSF, Use Easy Apache Update in WHM and install recommended softwares.. - Search in google httpd.conf secure - Disable some functions in httpd.conf eg: disable_functions: shell_exec, fopen, system, proc_open, etc.. - Add max, min memory usage in httpd.conf file - Add Max memory, upload size,etc in php.ini file - Disable root login, change ssh port,etc Restart httpd and ssh..
Posted by nehir, 01-25-2012, 05:12 AM
I think you meant... in php.ini
Posted by Simplex-Ed, 01-25-2012, 05:20 AM
Greetings, Technically they can be disabled in httpd.conf but this is not practical. In fact, disabling PHP functions is poor practice altogether. That's what those who know little about security do to not only annoy customers, but it has no effect. Do you allow CGI? Cron? Ruby? All of the "harmful" PHP functions have an alternative. Few pointers: - Get your permissions right, use SuPHP with Suexec. - Ensure your kernel is up to date. Use KSplice if you don't want the reboots. - Disable unused services. - Enable pubkey auth and disable pw auth for SSH etc. - USE A STRONG PASSWORD! Good luck.


Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
Reseller hosting needed... (Views: 565)
What is your take on melitaweb.net ? Please Help! (Views: 525)
ReliableSite.net the company where the protection and support do not work (Views: 629)
For Resellers (Views: 523)
cPanel Vulnerability Found - Upgrade Recommended [MERGED] (Views: 580)


Language:

Contact us

Copyright © 2018 DC International LLC. - All Rights Reserved.