Web Hosting Talk : Web Hosting Main Forums : Hosting Security and Technology : securing Apache

[oc-colo]

Hello,

I am debating how to additionally secure my Apache server. Chrooting is one thing that I have already done. It will limit the intruder to the jail I created. However I have around 30 different websites hosted on this machine. I am concern that once the hacker is inside the jail he will be able to gain access over all websites. How can I isolate the different websites from each other ? For example if oscommerce gets compromised I would like intruder not to be able to see the other websites.

On a completely different note I am curious about something. Why does big websites like google and facebook do not block icmp packets and allow udp connections for traceroute ?

[Patrick]

I'm going to assume you're not using a control panel, in which case a chroot jail on Apache could be beneficial in terms of security. A properly setup jail should prevent a compromised website from affecting other websites on the same server.

Some people might suggest open base directory protection, but I have found that to be useless for the most part. Another option would be to use suPHP or Suhosin alongside a properly setup mod_security for even additional security.