Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Add php to my hosting?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Add php to my hosting?

RaymiiRaymii Member
edited March 2012 in General

Howdy,

I have a server set up to host some basic html websites for friends/family, using some scripts I wrote:
http://raymii.org/cms/p_Simple_hosting_with_lighttpd_and_pureftpd

Now a friend asked me the other day if I could enable php for him. (Not mysql, just php). Now I can add php very easily, but how do I do it secure? I don't want to get blacklisted on a spamlist, or see my box rooted full with shellz of some kind. Not that anyone I host there would do that, but you never know which bugs are in your scripts...

Does php have a way of completely seperating everything? Some kind of chroot/jail? I know about safe mode and hardned php/suhoshin patch or something? Any tips?

Comments

  • Install PHP and uninstall sendmail? I'm not sure... Block mail ports?

  • tuxtux Member

    uninstall sendmail and install postfix.

    All versions of Postfix should be secure by default.
    
    Only hosts and networks listed in the 'mynetworks' parameter will be allowed to relay. 

    Source: http://www.sorbs.net/mtafix/postfix.shtml

  • NickMNickM Member

    You've got two options for separation of privileges with PHP: suexec or php-fpm. With php-fpm, each user can have a separate PHP pool running, as their user. Setting it up, I'll leave for you to figure out. php-fpm is my preferred method since it doesn't require a setuid binary like suexec does. Also, php-fpm lets you chroot each user's PHP processes.

    Thanked by 1Raymii
  • ZeroZero Member

    I forgot what I was searching on Google but I ended up read this http://www.cyberciti.biz/tips/php-security-best-practices-tutorial.html it may help you.

  • @Raymii safe mode is deprecated-Listen to NickM and read php.net ... Think bigger.

  • @NickM Thank you. I'm looking into php-fpm now, and I think it will be implemented very soon.

Sign In or Register to comment.