Results 1 to 7 of 7
-
09-05-2011, 06:41 PM #1New Member
- Join Date
- Feb 2011
- Posts
- 4
The big question, how to secure PHP when on a single domain?
Hello,
My next project involves a friends rather busy forum which has outgrown the shared hosting services.
He wants to move it to a vps. Question is, which way to secure and run php?
Suphp doesn't seem worth it as there is only a single domain, the same can then be said for fastcgi I guess, so can he just use mod_php?
Obviously I would also suggest mod_secure/evasive and susionphp (forgive my spelling) but what else, in regards to php/apache server hardening would be required? Also then what to Chmod his files as and what about apaches files?
For info he plans to run webmin and has 2.5 gig of ram
This goes beyond my cpanel comfort zone so any advice?
-
09-05-2011, 08:17 PM #2Web Hosting Master
- Join Date
- Nov 2006
- Posts
- 939
Sounds like you've got a good idea of what to do, disable some dodgy functions you'll never use as well. The fact you're running a VPS means there's a lot more to it than just hardening PHP, there's lots of other things that need looking at first.
-
09-07-2011, 08:20 AM #3Newbie
- Join Date
- Jul 2010
- Location
- Italy
- Posts
- 10
Disable system, exec, and remote includes, use fast_cgi over mod_php and update your LAMP every month
-
09-09-2011, 01:48 AM #4New Member
- Join Date
- Dec 2010
- Posts
- 1
Hi,
Open your php.ini file and find disable_functions & set new list as follows to harden your PHP well:
disable_functions=exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,parse_ini_file,show_source
-
09-26-2011, 03:02 PM #5Web Hosting Master
- Join Date
- May 2010
- Posts
- 658
I would reccomned having a 3rd party to secure your server. This last thing you need is your website getting compromised and mysql databases / coding leaked.
█ Ashton Allen | FuseWeb Limited
█ Premium UK Webhosting
█ | Shared Hosting | VPS | Reseller Hosting | VOIP |
█ FuseWeb.co.uk Or follow us on Twitter
-
09-26-2011, 06:56 PM #6Web Hosting Master
- Join Date
- Nov 2004
- Location
- Australia
- Posts
- 1,737
Ensure PHP can't write over it's files, and that any folders it can write on won't allow .php files to run.
Install mod_security and CSF and seriously consider getting the server security hardened.
-
09-26-2011, 09:21 PM #7Retired Moderator
- Join Date
- Feb 2005
- Location
- Australia
- Posts
- 5,849
Similar Threads
-
The best secure php setup if your only hosting a single website?
By Jbugman in forum Hosting Security and TechnologyReplies: 1Last Post: 02-10-2011, 03:43 PM -
[Question] About Secure php.ini directories
By assassin85 in forum Hosting Security and TechnologyReplies: 5Last Post: 12-28-2007, 10:51 PM -
Change .php5 to .php for a single domain
By ScottJ in forum Hosting Security and TechnologyReplies: 4Last Post: 10-21-2005, 07:03 PM -
single use secure payment question
By peterb in forum Ecommerce Hosting & DiscussionReplies: 4Last Post: 12-21-2003, 11:02 PM -
PHP question Re sending many variables in single shot
By Pere in forum Programming DiscussionReplies: 8Last Post: 05-06-2003, 08:23 AM