All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Add php to my hosting?
Howdy,
I have a server set up to host some basic html websites for friends/family, using some scripts I wrote:
http://raymii.org/cms/p_Simple_hosting_with_lighttpd_and_pureftpd
Now a friend asked me the other day if I could enable php for him. (Not mysql, just php). Now I can add php very easily, but how do I do it secure? I don't want to get blacklisted on a spamlist, or see my box rooted full with shellz of some kind. Not that anyone I host there would do that, but you never know which bugs are in your scripts...
Does php have a way of completely seperating everything? Some kind of chroot/jail? I know about safe mode and hardned php/suhoshin patch or something? Any tips?
Comments
Install PHP and uninstall sendmail? I'm not sure... Block mail ports?
uninstall sendmail and install postfix.
Source: http://www.sorbs.net/mtafix/postfix.shtml
You've got two options for separation of privileges with PHP: suexec or php-fpm. With php-fpm, each user can have a separate PHP pool running, as their user. Setting it up, I'll leave for you to figure out. php-fpm is my preferred method since it doesn't require a setuid binary like suexec does. Also, php-fpm lets you chroot each user's PHP processes.
I forgot what I was searching on Google but I ended up read this http://www.cyberciti.biz/tips/php-security-best-practices-tutorial.html it may help you.
@Raymii safe mode is deprecated-Listen to NickM and read php.net ... Think bigger.
@NickM Thank you. I'm looking into php-fpm now, and I think it will be implemented very soon.