Results 1 to 7 of 7
  1. #1

    The big question, how to secure PHP when on a single domain?

    Hello,

    My next project involves a friends rather busy forum which has outgrown the shared hosting services.

    He wants to move it to a vps. Question is, which way to secure and run php?

    Suphp doesn't seem worth it as there is only a single domain, the same can then be said for fastcgi I guess, so can he just use mod_php?

    Obviously I would also suggest mod_secure/evasive and susionphp (forgive my spelling) but what else, in regards to php/apache server hardening would be required? Also then what to Chmod his files as and what about apaches files?

    For info he plans to run webmin and has 2.5 gig of ram

    This goes beyond my cpanel comfort zone so any advice?

  2. #2
    Join Date
    Nov 2006
    Posts
    939
    Sounds like you've got a good idea of what to do, disable some dodgy functions you'll never use as well. The fact you're running a VPS means there's a lot more to it than just hardening PHP, there's lots of other things that need looking at first.

  3. #3
    Disable system, exec, and remote includes, use fast_cgi over mod_php and update your LAMP every month

  4. #4
    Hi,

    Open your php.ini file and find disable_functions & set new list as follows to harden your PHP well:

    disable_functions=exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,parse_ini_file,show_source

  5. #5
    I would reccomned having a 3rd party to secure your server. This last thing you need is your website getting compromised and mysql databases / coding leaked.
    Ashton Allen | FuseWeb Limited
    Premium UK Webhosting
    | Shared Hosting | VPS | Reseller Hosting | VOIP |
    FuseWeb.co.uk Or follow us on Twitter

  6. #6
    Join Date
    Nov 2004
    Location
    Australia
    Posts
    1,737
    Ensure PHP can't write over it's files, and that any folders it can write on won't allow .php files to run.

    Install mod_security and CSF and seriously consider getting the server security hardened.

  7. #7
    Join Date
    Feb 2005
    Location
    Australia
    Posts
    5,849
    Quote Originally Posted by brianoz View Post
    Ensure PHP can't write over it's files, and that any folders it can write on won't allow .php files to run.
    This. Make sure you disable cgi too, at least in the writeable directories.
    Chris

    "Some problems are so complex that you have to be highly intelligent and well informed just to be undecided about them." - Laurence J. Peter

Similar Threads

  1. The best secure php setup if your only hosting a single website?
    By Jbugman in forum Hosting Security and Technology
    Replies: 1
    Last Post: 02-10-2011, 03:43 PM
  2. [Question] About Secure php.ini directories
    By assassin85 in forum Hosting Security and Technology
    Replies: 5
    Last Post: 12-28-2007, 10:51 PM
  3. Change .php5 to .php for a single domain
    By ScottJ in forum Hosting Security and Technology
    Replies: 4
    Last Post: 10-21-2005, 07:03 PM
  4. single use secure payment question
    By peterb in forum Ecommerce Hosting & Discussion
    Replies: 4
    Last Post: 12-21-2003, 11:02 PM
  5. PHP question Re sending many variables in single shot
    By Pere in forum Programming Discussion
    Replies: 8
    Last Post: 05-06-2003, 08:23 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •