hosted by liquidweb


Go Back   Web Hosting Talk : Web Hosting Main Forums : Hosting Security and Technology : securing Apache
Reply

Forum Jump

securing Apache

Reply Post New Thread In Hosting Security and Technology Subscription
 
Send news tip View All Posts Thread Tools Search this Thread Display Modes
  #1  
Old 10-02-2007, 03:51 PM
oc-colo oc-colo is offline
Newbie
 
Join Date: Apr 2007
Posts: 28

securing Apache


Hello,

I am debating how to additionally secure my Apache server. Chrooting is one thing that I have already done. It will limit the intruder to the jail I created. However I have around 30 different websites hosted on this machine. I am concern that once the hacker is inside the jail he will be able to gain access over all websites. How can I isolate the different websites from each other ? For example if oscommerce gets compromised I would like intruder not to be able to see the other websites.

On a completely different note I am curious about something. Why does big websites like google and facebook do not block icmp packets and allow udp connections for traceroute ?



Sponsored Links
  #2  
Old 10-02-2007, 04:34 PM
Patrick Patrick is offline
Security Ninja
 
Join Date: Mar 2003
Location: Canada
Posts: 8,607
I'm going to assume you're not using a control panel, in which case a chroot jail on Apache could be beneficial in terms of security. A properly setup jail should prevent a compromised website from affecting other websites on the same server.

Some people might suggest open base directory protection, but I have found that to be useless for the most part. Another option would be to use suPHP or Suhosin alongside a properly setup mod_security for even additional security.

__________________
Patrick William | Rack911 Research Labs | Software Security Auditing
250+ Vulnerabilities Found - Get a quote on a professional audit @ Rack911.com

www.HostingSecList.com - Security notices for the hosting community.

Reply

Related posts from TheWhir.com
Title Type Date Posted
Apache Market Share Falls in Netcraft October Web Server Survey Web Hosting News 2013-10-04 14:34:11
Apache Market Share Dips Slightly in June Netcraft Web Server Survey Web Hosting News 2013-06-06 13:40:21
Apache Continues to Dominate Web Server Market in Netcraft May Survey Web Hosting News 2013-05-06 14:29:02
Researchers Urge System Admins to Check for New Apache Web Server Backdoor Malware Web Hosting News 2013-05-01 11:35:53
CloudStack 4.0 Open Source Cloud Software Released as Apache Incubator Project Web Hosting News 2012-11-08 13:54:10


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Postbit Selector

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump
Login:
Log in with your username and password
Username:
Password:



Forgot Password?
Advertisement:
Web Hosting News:



 

X

Welcome to WebHostingTalk.com

Create your username to jump into the discussion!

WebHostingTalk.com is the largest, most influentual web hosting community on the Internet. Join us by filling in the form below.


(4 digit year)

Already a member?